According to the Associated Press (AP), hackers are targeting power plants in order to seize control. Presumably, on my part, “control” here means to disable them and create power outages to large areas; I doubt they’re looking to deliver benevolence through efficiencies and reduced bills, for example.
In fact, malicious code and worms are targeting all manner of industrial plants and systems. The Department of Homeland Securtiy (DHS) is urging companies to improve security practices. When reviewing weaknesses as identified by the DHS, it’s rather amazing to see that one of the highlighted security breaches, and spread of a botnet to almost 100 computers, was accomplished through an infected file as delivered to a laptop via a flash drive. The user then connected his laptop to his company’s network and the botnet spread.
It would seem that in this day and age there would be a regularized update of patches for vulnerabilities, but also: In the example cited, the user was returning from an outside conference where the laptop had been in use. I suggest a thorough review by IT for any items that have been offsite, prior to granting access to the overall enterprise.
Perhaps it’s time for monthly security refreshers for all staff; the time involved is a burden, for sure, but it’s time well spent. Perhaps a 10 minute security brief by the IT leader at the end of the monthly all-staff meetings is prudent. For any particular high-profile malware that needs immediate addressal, ad-hoc meetings or e-mail blasts could warn users to be especially cautious, particularly within scopes and activities the malware seems to target.
Being that a good portion, perhaps most, of security breaches are due to human actions (and error), there’s something I’ve noticed: When you call your bank, credit card company, etc., they ask you a security question (it might be mother’s maiden name, name of your first school, etc.). Several questions usually follow on: What is your date of birth? What are the last four (or six) digits of your card? What are the three numbers on the back? What is the expiration date? However, how do you vet the party on the other end of the line that’s soliciting (and collecting) all of this personal, and authenticating, information?
My next post will raise a rather interesting security question, along with a prediction…
August 5th: On this day in 1861, the U.S. levies its first income tax (3% of incomes over $800).
The power at the desktop is increasing by leaps and bounds. How do you get your user class to “leap and bound” in maximizing your return in this arena? Ensuring that your user class knows about the full range of supports available, and making maximum use through best knowledge, is a sort of Index of User Awareness. How to increase this index, and its use?
First, let’s realize that there’s been a definite shifting of burden within the realm of the daily business grind. This shift has been happening over the course of decades. Twenty or thirty years ago, users would fill out a reports form, or a programming request sheet, for submittal to an information services department in order to receive output: a report, or a change to “the system” for example.
Now, users can design and deliver their own reports. In many organizations, authorized users can create such things as their own rapid entry screens specifically tailored to their own job’s needs. They can invoke new business rules through simple selects. They can update constants such as pricing, shipping, discounts – and much more – when possessing appropriate business authority.
In other words, users are their own information service agents – and in many cases their own system configuration agents. Given the evolution and effectiveness of customizations, online help, training, tutorials, and knowledge-shares – the sheer power at the desktop – there is increasing expectation and necessity that users take full advantage of this power.
Some organizations leverage this power very effectively. Others cannot seem to harness it. IT must help Business make full use of the lever that this power at the desktop represents. Business must access, use, and benefit from this full desktop potential in achieving the best return on investment for these technologies.
In cycling back to business’ modern responsibilities in The Business-Technology Weave, we can see that it’s not only necessary for the business C-level execs to bring a readiness to the table, but also for junior, middle, and upper management to qualify themselves for the swim in the accelerating stream of business-technology planning and use.
August 3rd: On this day in 1790, the US Coast Guard is founded (as the Revenue Cutter Service)
In matters of ignorance, consider that your organization is at tremendous risk for inefficient operation. Any entity in the modern Business-Technology Weave that is not keeping up with new knowledge and emerging concepts in the mutually reinforcing business and technical realms will contribute to an imbalance. All of this helps us to understand two basic things required of Business (and thus for the enterprise) in the modern Weave:
1) With the increase in sophistication of business information systems, and their comprehensive reach and weave into every corner of your operations, IT needs Business’ help more than ever in sizing and fitting support to business. The organization needs an engaged business element that makes a strong, good faith effort to self-motivate in maintaining a base of knowledge. This knowledge includes common information, technical and otherwise, that is necessary for Business to help plan its own support in the Weave through a Business-driven IT Strategy. We’re not trying to create a duplication of effort and knowledge between IT and Business, but Business needs a solid qualification upon which to draw so they can pilot the Business-driven IT strategy. As we come to define this posture, we will begin to speak of the IT Enlightened Organization.
2) More and more power, knowledge, and tools are being delivered to the desktop. The assumption by your surrounding industries – that is, training vendors, software developers, value added remarketers, and competitors – is that your user body is going to seize the initiative and make effective use of this “front side of the screen” power. Product developers draw assumptions upon which to scale their products and, increasingly, they assume your users remain informed, educated, and self-motivated. IT needs Business users to actively engage within the zone of desktop power – the zone that has been scaled and marketed specifically for the user class. This frees IT to assume greater and expanded capacities for support to the increasingly sophisticated and time-consuming backoffice support requirements, while simultaneously casting about for better supports to business and subsequent discussion and planning. Also, Business users must realize a full return on investment from this power – that is, the organization must capture the potential and make full use of these tools in making your business run at full efficiency and effectiveness. Users must also understand data, and be able to responsibly use, vet, and manage data. Let’s call all of this the Index of User Awareness.
In the coming days, let’s explore the Index of User Awareness, and ensconce everything within the IT Enlightened Organization.
August 1st : On this day in 1903 the 1st coast-to-coast automobile trip was completed – from San Francisco to New York.
It’s said that what you don’t know can’t hurt you. But today, increasingly, what business doesn’t know most certainly can hurt business.
In many IT folks’ view, one of the most puzzling phenomena in the Business-Technology Weave is the sustained posture of ignorance to technology by some in business. Conversely, many business staff regard their IT folks as aloof, uncaring, or simply too overburdened to provide an appropriate level of support. In some cases they may even be perceived as under-qualified – true or not. Let’s examine things from the Business side first.
Business needs to demystify the technology they own. Therefore, we need to make a sale to our top-most management, and it is this: Business leaders and staff must now have enough real knowledge to contribute in crafting the Business-Technology Weave – through a Business-driven IT strategy. We must explain to top management the necessities so that you’ll have this top management sponsoring and sanctioning this obligation for Business – they must endorse and enforce a savvy business-technology culture.
Business leaders at all levels of the organization often don’t know what their obligation is in this modern business-technology arena. Some who do understand it none-the-less deliberately avoid engaging themselves for various reasons. For example, only 2 in 5 business responders believe that their data management strategies have board approval. Only just over half believe that senior management of their company places sufficient importance on data management. Insufficient importance placed on data management. Data is our business intelligence. This posture of avoidance will get people in deep trouble as time goes by, and indeed is creating trouble for many organizations today. It may sound obvious, but ignorance is a posture business can no longer afford – and increasingly even small measures of ignorance are becoming unaffordable.
I’d be curious to hear your thoughts – both business and IT people – regarding your organization’s posture. In the next day or two, I’ll continue this thread…
July 31st: On this day in 1809, the 1st practical railroad track went into operation (wooden, for horse-drawn cars) in Philadelphia.
E-mail has become a parallel universe for storage. Users (that is, all of us) have constructed elaborate file structures within Inboxes, Sent folders, etc., that rival anything in the enterprise. This is so that we can file things, find things, reference things, respond to things, etc. Oftentimes content is copied to several accounts, and different areas within various accounts, where it mutates into different meanings and uses based on edits and alignment to other reinforcing content.
Contributing to the problem are vendors who are writing their business applications so that reports’ data can be delivered into e-mail folders. The thinking is: the one application that most C-level executive types are able to navigate is e-mail – and indeed the one app that everybody uses and is best familiar with is e-mail. So, why not deliver reports into folders inside e-mail, conveniently marked: 4th Quarter Finance Report, Current Membership Count, etc., etc.
This distortion of the e-mail system is a poor idea. E-mail has now been compromised – its focus blurred. E-mail should remain a communication vehicle. It’s overlap into the area of storage, retrieval, and its feeble content management capability is redundant, confusing, and inefficient. Further, maintenance such as retrieving deleted e-mail content for reinsertion to a user’s e-mail environment can be an enormous chore – even putting the stability of the production mail system in jeopardy.
Why store long-term content in the e-mail system, which is comparatively volatile? After all, there already exists a stable system of data locations, access control, and securities in your organization, which happily does not burden one of your prime electronic communications systems. It’s your network folder environment.
Realize that with appropriate training, everyone will make better use of systems and applications without bastardizing e-mail. Also, realize that as time moves by, staff will be more facile in their use of systems. This will happen through formal training and their self-motivation – it will also happen through the process of attrition and replacement. Therefore, you should be building expectations of use with a bias toward efficiency. Since everyone is becoming more tech savvy as time goes by, we should expect people to file, manage, and retrieve the information they need directly to and from respective business applications according to systems’ best use.
The Misplaced Burden: Managing e-mail has now become an elaborate endeavor for IT and Business: notifying users about system deletions and when to archive; running reports; reviewing mailboxes for size, content, number of items, size of items, age of items, inappropriateness, etc. Sometimes this oversight spills out of IT: there are business people who review mailbox reports in many organizations. This may seem like a disciplined approach to “managing” e-mail, but in fact it is not disciplined. It’s an example of a runaway, uncontrolled, system of “over-management.” This approach is a poor idea. All of this “managing” out amongst the leaves of the tree is inefficient, and expensive. Let’s get – not to the trunk – to the root of the situation. All of this human oversight and forced activity robs us of the resources that we have a crucial need for elsewhere.
Realize that e-mail is primarily about communication. The e-mail system should not be a records or content storage system. (The introduction and growth of content management systems, and their position relative to e-mail and other content, is an important exposure and lesson within the changing Business-Technology Weave). An e-mail system and its contents should be lean and mean. Any e-mail content that is important enough to keep should be filed elsewhere for whatever longer-term storage suits the item. If it’s related to budget, put it into a network budget folder; if it’s contract related, put it into an appropriate network folder, and so on.
Put the Burden Where It Belongs: Most e-mail should be answered quickly, generally within the window of the most aggressive cleanup policy. Most e-mail is answered within hours, and business etiquette dictates that e-mail is at least acknowledged within a day. E-mail should be dispatched within 30 days – answered (within a day or two), any contents saved as (and where) appropriate, and original e-mail deleted. When you do have e-mail contents that can serve as reference, or require keeping, groom your users to offload e-mail to appropriate network folders. It will be easy enough to retrieve and provide relevant prior info as a future attachment. The user can also choose to cut-and-paste relevant electronic material into an e-mail.
Even if a chain of communication is thought to be important, it can be saved outside of the mail system, as content, and tagged accordingly. But keep this in mind: You should not be relying on e-mails, in an e-mail system, to document agreements, commitments, or obligations. We have the ultimate authority of contracts for those things. Any interim agreements, as supporting e-mails to those kinds of things, need to be stored outside of the e-mail system in relevant folders for contracts, service agreements, policies, and other documents. Getting this control will greatly aid the return of “e-mail” to what it is supposed to be.
So, rather than archiving mail, or merely keeping it around forever, users should be encouraged to Save mail to network folders, according to content, whereby the resulting file will undergo the assignment of metadata. The file will experience subsequent management according to its content, not the whimsy of some e-mail system and/or administrator’s whack of data according to an arbitrary date. Remember – in an e-mail system, content is disposed of according to a date that serves the administration of the system; content is not treated according to its value. Once former e-mail content is filed appropriately on the network, you’re managing content according to value, which reduces not only a burden in the e-mail system, but the opportunity for mistakes. Advantages far outweigh any disadvantages.
Once you get a new policy in place, and once the users get the hang of it, you will get important content out of the e-mail system. With discipline, it is possible to have everyone efficiently offloading relevant e-mails to folders within the network folder structure – where permanent and semi-permanent data belongs. It will now be managed from content and storage considerations along with all other content – this will be a leverage and an efficiency. This satisfies our driving of all content to an appropriate, centralized, network repository.
Try to manage e-mail the same way voicemail gets managed: You listen, you call back or forward when necessary, you write something down or type notes where necessary, then you delete the voicemail. Get users to administer their e-mail in a similar fashion: They read the e-mail (analogous to the “listen”), they respond to and possibly forward the e-mail, they file to a central network folder if necessary (analogous to writing down or note typing), then they can delete. A properly managed mail system will be far more cost effective, easier to use and administer, and be far more secure.
July 30th: On this day in 1844, the first U.S. yacht club was organized – the New York Yacht Club.
I remember riding my bike with friends when I was about ten years old. My brother, three years younger, was trying to keep up with us bigger boys. I was laughing, and urged my group on faster. We left my brother behind – he was much smaller. Later, I was in trouble because my father saw me leaving my brother behind, and I got a lecture to never do that again.
But that episode reminds me of IT governance’s lag; the seeming inability of many in the CXO class – that is, the CEOs, CFOs, and COOs – to simply pedal faster in today’s business-technology climate in maintaining optimal alignment. They don’t have the excuse of age, or size particularly, in explaining their inability to keep up – we’re all adults. It’s not that we expect a CFO, for example, to have the exact knowledge of a CTO or CIO – but we should expect that person to be qualified for the discussion and to bring valid ideas to the table.
Too many CXOs to whom IT reports are poorly qualified in making decisions regarding major IT directions and purchases – this can only have a negative impact on business-technology alignment. In seeking efficiency and cost savings, many a CXO blinks not only in the face of potential solutions, but also in their sizing and overall applicability to the specific environment; just because a system exists elsewhere and serves another situation, even a similar one, it doesn’t mean it will serve yours.
The CIO or CTO who entertains thoughts of Enterprise Resource Planning, Content Management, Configuration Management, the Cloud, social media, and all manner of other enterprise and business management solutions, needs qualified senior executives with whom to partner. This qualified group has to assess potential returns on investment vis-à-vis impacts to business: any specific large-scale change and corresponding enterprise impact may have little or no payoff in a particular environment – worse, it may simply be a negative.
It is certain that CIOs and CTOs are best protected by knowing business, and in the specific environment, knowing the business. By extension, they then best protect business and its interests: the CXO of IT is able to take a systems and enterprise view of business, and is able to speak to senior business execs in their language.
However, if you’re a part of IT governance – a senior executive; CEO, CFO, COO – and you’re taking the attitude that you don’t really need a corresponding understanding of technical resources and solutions, then it is definitely time to pedal faster. You need to keep up; you must qualify in understanding and progressing your business enablements to the best possible degree.
Your IT leadership can only go so far in discovering, assessing, and recommending solutions in delivering best business-IT alignment. You wouldn’t expect IT to know your business better than business itself, would you?
Start pedaling – hard.
July 27th: On this day in 1909, Orville Wright tests the first U.S. Army airplane; he flies for one hour and 12 minutes.
Doing More with Less More – Huh?
These days an organization cannot afford “hidden” assets. Who would want to be unaware of, and thus under-utilize, an asset? Yet many organizations fail to leverage assets that essentially hide in plain sight. In these days of austerity, particularly for small and medium sized business, an organization’s best efforts take on a whole new meaning – an unqualified meaning: It is no longer acceptable to take a position that “we’re doing the best we can, given the circumstances.”
We have to do our best (individually and collectively), in reaching the organization’s best – and further, we must constantly exceed “the best” by defining that best ever upward and hitting new heights. A steep challenge – and yet an ongoing goal that must be attained – and one with attendant rewards.
We must change and bias circumstances to favor everything we do in achieving objectives – with the maximization of all resources: fiscal, human, tangible, outside services, and so on. A few posts ago, I spoke of doing more with less – that is most certainly possible and surely desirable. However, once the organization has eliminated waste, possibly even reducing expenditures to the point of impinging on some legitimate supports, it becomes necessary to look at what’s left. Within that comes the concept of doing more with more.
Doing More with More
We need to achieve success on an ever-expanding basis, in the circumstances of a business-technology change continuum. As but one example, let’s consider people. When we consider people, we have in each individual a considerable set of circumstances – and the potential for many optimizations. For any manager, we owe it to people to help them actualize and optimize their contribution to the organization. For any person, manager included, we desire to work smarter, making greater contribution, in forwarding the organization… and ourselves.
Just as we expose and leverage content contained in various systems of storage, we must expose and leverage knowledge as contained in people. This is what various forums present: From Users’ Groups to programmers’ meetings, manager’s enclaves, work retreats, etc. – opportunities to expose and leverage collective knowledge and talent in managing the present and future. There is always more knowledge and talent to be leveraged, and it involves every person at every level.
There are those individuals who know how to do things that others do not, or who know how to do things better than others. Things that are common requirements for all staff, or things that all staff can use. Because individuals have strengths and weaknesses, we should strive to propagate strengths in overcoming weaknesses. After all, it’s not like transferring water from one bucket to another: we don’t lose strength in one individual who imparts knowledge or training to someone who gains those things. Further, the imparting individual can gain training skills, communication skills, and other collaborative skills. The receiver gains the new knowledge and abilities. Of course the organization gains by having a more knowledgeable, able, staff. This is a win-win-win for all involved.
In the coming days we’ll explore additional doing more with more ideas.
July 24th: On this day in 1965 Bob Dylan releases “Like a Rolling Stone.”
I was reading an interesting article at InformationWeek.com today. I just happened to land on, Global CIO: The Top 10 CIO Issues for 2010 by Bob Evans. It’s a great article.
I was struck by something on the second page – Issue 7) CIO Priorities, CIO Compensation, CIO Evaluation. Even if you’re not a CIO, the thought that struck me still pertains to anyone working in the larger field of IT.
You can refer to the item as necessary, but Mr. Evans asks the question (of CIOs), “How are you paid?” He notes: not how well, but “how” as in… for what are you being paid? He asks in part if your compensation package is mapping to “tired jobs” of counting PCs, and functioning as an assistant to the CFO – as opposed to what he calls the new firebrand-type CIO – with growth, customers and market-centric innovation as key drivers.
If you, as a CIO, or you, as an IT staff member, are laboring in an IT department (and by extension, embedded in an organization) that has CIOs laboring to granular, mundane, details such as PC counts then something is grossly out of balance (and here neither I, nor Mr. Evans, mean running around performing a physical count, but rather answering to the counts). Any organizational department is a hierarchy: PCs darn sure need to be counted – as but one example from the article – and someone has to do the counting.
But it’s doubtful if many CIOs are “counting” in even an overview sense. A workstation population is a line in a budget, and it can be managed according to identification of less expensive items, more “bang for the buck” discoveries, etc., as delivered by proactive IT Directors/Managers, Network Managers, HelpDesk staff, even end-users – anyone the organization decides to actualize and listen to in delivering ever greater returns on behalf of business. The CIO, in part, leads, inspires, and trusts: At least in the environments that accrue and retain true, trusted, talent.
A post or two ago I spoke of “an accrual of returns.” Get everyone actualized – focusing on the near-term horizon and on the slightly more distant future – watch for things that work elsewhere, look to the puzzle pieces that may fit your future and suggest, test, implement…
I suggest you look up Mr. Evans’ article – it’s a great piece, and he likely has his finger on the pulse of many organizations: hobbling their CIO’s with what he refers to as “plumbing style metrics” (uptimes, line-items, SLAs, headcounts), which in-turn prevents CIOs from making imaginative contributions. Contributions such as process breakthroughs and tech innovations in service to sales, markets, customers and overall business profitability and success. I say: If CIOs are hobbled, then there undoubtedly is a crippling compress on all elements of IT and the people staffing it. A corresponding business hobble is inevitable.
As I wrote a few days ago, IT leaders who want to be truly effective must deliver on business expectations and beyond. In doing that, you must disabuse IT governance (business) of old-school notions of IT – IT is not what I used to call “glorified typewriter repair.” In doing this, you must install the modern IT department, with clear (but overlapping and backed up) division of duties; that’s not too difficult for the true IT leader and with a little sanction from HR. Following that, install appropriate inspiration to IT staff to grow their positions for the oncoming future (by virtue of their suggestions for leaders’ review and subsequent appropriate sanction).
IT is a functioning and enabling arm of business – and it’s contribution cannot be underestimated any more than, say, Sales and Marketing.
July 22nd: On this day in 1796, Cleveland, Ohio was founded by General Moses Cleaveland.
It’s rather interesting to monitor what’s happening in the UK right now. Data protection legislation is moving forward. And… business there supports data protection legislation.
A survey of 1200 businesses indicates that those businesses are concerned about the strength of laws: Nearly 50% feel that laws are weak and require revision, and 87% believe that organizations should be required to divulge breaches of sensitive content where information about the public is involved. [Source: Sophos].
Here in the U.S., I rather doubt business is keen on more legislative oversight. Generally speaking, I’m wary of new legislation – new laws must be thoroughly reviewed so as to guard against unintended – and negative – consequences, particularly where business is concerned. In today’s economy, we don’t want to impinge businesses’ opportunities for hearty conduct and growth.
However, I do like the breach notification idea. It serves a couple purposes that come readily to mind:
– Stakeholders (the public, customers, allied agencies…) are entitled to know about breaches that affect them, or ones that just have the potential to affect the general well-being of the business.
– Also, healthy exposure and just that potential help to motivate businesses in the currency of their ongoing security measures.
Particularly for small/medium business, and smaller government agencies such as those at county/municipality level: Do you have in-house security professionals who cast the horizon for new threats, with attendant posture of proactivity? And, do you have strong security partners in the form of advisors, vendors and allied security products?
How do readers of the Exchange feel about it? Would you welcome new legislation? Are you confident regarding data security in your organization?
July 21st: On this day in 1990, Pink Floyd’s The Wall is performed where the Berlin Wall once stood.
IT leaders – CTOs, CIOs, Directors, Managers, et al., who want to shine need to deliver according to business expectations. IT leaders who want to be heroes – that is, viewed as virtually indispensable to the organization – need to deliver on expectations and beyond.
Competing for your enterprise’s top concern is the issue of Business Productivity/Cost Reduction: In short, doing more with less. In fact, when surveyed it rolls in and out for the #1 concern along with Business-IT alignment. [Source: Society for Information Management].
Of course on its face, the “with less” part seems counter-intuitive to the “doing more” part. If we have less, spend less, have fewer people to do something, are we not then facing a constriction in what we can do?… produce?… deliver? Too many IT leaders default to this sum, as do too many business leaders and general staff.
Often times, having more money and resources actually leads to the delivery of duplicitous, competing systems. Organizations and various elements within feel that they have to expend a budget so as to avoid having budgets cut the following year (government is a great example of this area of waste – and the resultant doing of less with more, for that matter). Too, there is the pressure to constantly deliver something… anything – and deliveries within the wrong motivators are of dubious value.
Deliveries should fulfill value to business, and fulfill (fully vetted) business expectations.
Otherwise, organizations face an embarrassing wealth of “assists” to business – often bleeding across the line of diminishing returns: Training burdens, staff avoidance, silo’d systems – and a tax of sorts on the legitimate core systems by removing focus from them. Watch too for “pet” systems that have a business person’s sponsorship, and their resultant feelings for vested reputation by virtue of whether that system lives or dies – no matter how cumbersome or ill-serving!
I am presently consulting at an organization that has made very poor demands of staff for fully utilizing core assets. Prior to my involvement, the organization’s take was to provide a bouquet of collateral products in assisting staff in performing their jobs, at staff’s request – until there was a dizzying fracture of reinforcing content, tons of hardcopy report output for delivery and share between departments, and a huge training burden for new, and even existing, staff. It was sort of like an anti-matter swirl of anti-ERP.
Incredibly, staff was quite receptive to a message about culture and some associated change: That is, to be a little more proactive in delving into core system’s robust online Help resources, to access authorized reference info on the web, and to be a little more self-sufficient in widening their facility within, and use of, systems and programs. A monthly roundtable knowledge share is working quite well too, with a business person as leader with IT assist.
You can drive your organization to do more with less. But you have to be smart about it: praise staff’s present facility (even if it’s not particularly good) – soften all the blows. Then seek some willingness to explore, and to step up. However, be certain to gain sanction and support from your senior executive class – make certain they understand what it is you’d like to do, and what the payoff will be. It is they, with the true power, who must backstop the expectations for other leaders and staff in their best use of systems and resources.
When doing more with less, things not only become simpler, but easier. “Simpler” by definition is not the same as “easier.” Here what I’m speaking of is pairing a less-complicated – simpler – environment with staff’s capitalization on it by making themselves ever-more qualified to capture efficiencies and full-use, thus making their lives easier.
Mistakes should go down, interactions should be smoother and more efficient, and time saved can be leveraged to better oversights and ever more self-training and formal training. An accrual of returns.
I’m actually a hero (at least for the moment) – I don’t mean to brag, but if they’re calling me that, I’ll take it!
Want to be a hero?
July 17th: On this day in 1867, the first permanent university dental school opens in the U.S., at Harvard.