Although this new generation of smartphones seems to be a tech geek’s dream, IT might actually be most resistant to new technology when it will impact the business. IT has to decide early on if it’s going to support yet another new smartphone. The BlackBerry was once the standard, and RIM paid a lot of extra attention to enterprise IT support capabilities. IT spent a lot of time getting applications to work on BlackBerry, only to be faced with the iPhone a few years down the road.

The executives (interestingly not the Gen Xers) were the big iPhone purchasers. The C-level brought these new devices in as primary work phones and expected IT support. And since IT is ultimately there to support the users, if the decision makers want Exchange on their iPhones, well, they’re going to get it. IT would have to manage iPhone support costs and risk exposure while working around hardware and OS limitations.

The problem is, IT then has to worry about a new set of security policies (last year Apple’s iPhone and Google’s Android OS both had exposed flaws). Are there remote wipe capabilities? Is there encryption available? Further, the apps the sales team needs to use — for example, Salesforce.com, CRM, etc. — have to work on these new devices.

Although Verizon is offering some Exchange support for an additional fee ($15), recent reports state this will just be a software feature and won’t actually be in the same league as corporate network integration.

Do you really want to manage four sets of the same application (one for each potential device) and four different security policies, five times over?

You have to decide where to draw the line on device support – balancing user needs with business realities.

• Moving to Gmail: Want to stand out in a crowd of your midmarket peers? Pack your bags (top one off with a “Gmail or bust” bumper sticker) and wear an “I heart Lotus Notes Microsoft Exchange GoogleMail” t-shirt — ’cause you’re moving to Gmail!

  A survey of 53 firms by Forrester Research Inc. showed that 36 are considering or have considered a change in their email delivery. And one Gartner analyst said that the interest in Gmail has been growing since mid-2007, with more and more people pondering the pros and cons. Our own Linda Tucci interviewed one CIO earlier in the year who moved from Lotus Notes to Gmail and estimated saving about $500,000 in capital and operating costs over five years, and another $400,000 in labor. So bring some scissors — because you’ll also be cutting costs.

• Twitter Fail Whale: Going as the Twitter blue bird is so cliché. When Twitter experiences an outage, users see the “fail whale” error message — an illustration of red birds lifting a whale from the ocean along with the text “Too many tweets! Please wait a moment and try again.” Tie a few red, helium-filled balloons to your body and display the error message across your chest.

  Stand as the constant reminder of the potential trouble brewing behind that wide-eyed blue bird. Pose the question, “Is using Twitter always right for the enterprise, or is it a risk to a business?” And keep a list of the threats posed by Twitter, including data leakage, inappropriate content and lack of IT control. Make a splash in the office!

• Disaster recovery zombie: Zombies are in, disaster recovery is dead. Take advantage of this opportunity to put a unique spin on an oldie but goodie. Auto failover, redundant data and more emphasis on business continuity are moving CIOs away from the need to recover data (restoring thousands of servers leaves room for mistakes, mishaps and corrupted data) and on to the importance of continuous operations — made more accessible via virtualization.

  Go for the zombie makeup, the telltale strut and then cover yourself in disaster recovery plans (Post-Its may make a revival here).

• Lean thinking in IT: Doing more with less, reducing waste and focusing on customer satisfaction is what Lean IT is all about — so keep this one simple. Wear a plain outfit you made yourself from recycled materials (props for going green), lean wherever you can and offer tidbits of advice such as:
  - Don’t take maintenance agreements as set in stone. You can’t get discounts without asking.
  - Avoid using a single source. You’ll see more innovation by using multiple vendors.
  - Collaborate. Communication is key to compress cycle times.

  Buddy up with colleagues wearing Six Sigma black belt and ITIL v3 framework costumes for a real party – the A+(service) Team!

As for what my costume will be this year, I’m still deciding (and looking for suggestions!) Have any great ideas? Let me know via email, @kcaretta on Twitter or post a comment below.

The proposed rules would restrict how broadband providers such as Verizon and Comcast manage their networks, so that users could send and receive any legal or legitimate content over the Internet without worrying whether it’s going to be blocked or slowed down by the service provider. Comcast, for instance, actively interfered with file sharing online, controlling what kind of traffic and data could use its bandwidth and giving priority to some types of content and traffic while slowing down other traffic.

The FCC determined Comcast had gone too far, and the new rules will mean providers must become more and more like “dumb pipes,” with little leeway to shape the Internet’s traffic flow. Net neutrality also aims to prevent Comcast, Verizon and other service providers from being able to control Internet pipes to favor their content over content created by their competitors or demanding high fees for performance when a competitor’s content is requested.

It matters because the ban will allow small and midsized businesses unimpeded access to the Internet to send and receive legal and legitimate data across the Web, ensuring performance during their use of services from companies like Salesforce.com and Google. Large providers such as Comcast and Verizon will not be allowed to slow file transfers or favor their own Web apps or even email applications over competitors’.

Since corporations like Comcast have their hands in many different business areas, that was a real threat: Comcast could potentially block smaller, less widely known competitors from sending and receiving data or even simply reduce, for example, the performance of Google Docs — preventing healthy competition.

Net neutrality will allow Google Docs, an unknown startup and Microsoft to all compete on the same grounds without Comcast picking a winner and favoring it.

While the counterarguments fear for the stifling of innovation and heavy-handed government involvement with the privacy of the users, the proposed rules could potentially put (or keep) smaller organizations on the same footing as larger corporations.

Back in June at BI vendor Information Builders’ user show, many attendees spoke of the benefits of marrying search technology and business intelligence. At the time, the Royal Bank of Canada was beginning to look at search technology to mine unstructured data in dead repositories. The 70,000-plus-employee company has unstructured data all over its enterprise, but the main target for now is archived enterprise content management repositories.

Also at the time, Boris Evelson said the future of BI lies in appliances that crawl both structured and unstructured data and places all information in optimized storage, where it becomes instantly available. The front end requires no IT support and users can explore the BI environment using search-like capabilities with no limitations, whether data is in email or desktop docs — making BI at last pervasive throughout the enterprise.

In a more recent conversation with SaaS BI vendor Birst’s CEO, Brad Peters, I heard a bit more skepticism on the topic of business intelligence applications being replaced by search technology. “It seems that every six to seven years that becomes a hot topic and you start to see BI companies trying to classify themselves as search companies, and it has come around once again,” he said.

It is true that BI tools are looking more like search, giving users the ability to pop up search-like dashboards and interfaces, but turning a search technology into an outright business intelligence tool is not that simple.

“The reason BI [tools] are successful is because business rules and the business logic around how your business is run is encapsulated in the BI solution, and that is created by adding human capital. And that’s something you can’t really pull out of search,” he said.

If you do a search on company revenue, for example, the result could be calculated 15 different ways based on what the user punches in. So can you trust that data?

“How was that data calculated? Where did it come from? If the answer is ‘I don’t know,’ then you can’t trust that number, and if you can’t trust that number you don’t have BI,” he said.

The idea of giving users a search box so that any user, with any level of skill set, will finally have access to BI, does appeal to Peters.

Yet, some argue that BI is not meant for the masses, but the business analysts within the company whose sole job is to crunch the numbers based on criteria set by executives.

As for the future of BI, Peters sees it in the cloud. A place where all your data can be accessed by logically integrating data, versus physically, giving data access to anyone in your organization.

Yet, when you bring up the marriage of search and BI to some experts they cringe, arguing that BI alone is hard to manage, never mind introducing another technology into the mix or adding unstructured data such as email or word documents into your BI strategy.

The debate continues, but it is clear that BI and search technologies can learn a thing or two from each other.

Give us your take in the comments.

As part of my security, compliance and disaster recovery coverage this year, I’ve listened to a lot of experts talk about the how-tos of risk management, such as, how CIOs need to stop taking a checklist approach to regulatory mandates and forge a risk-based strategy for compliance. Or how security officers still taking a buy-another-gadget approach to security will lose their jobs if they don’t focus on risk management. All this sounds good, as it implies that a rational scrutiny of risk can save companies money by focusing the available dollars on the most likely scenarios. But the reality is much worse.

A CIO I talked to this week has seen his IT budget cut by more than 50% over the past few years. He’s in the newspaper business, an industry whose business model has been beat up worse than most in this recession, so the necessity to cut costs is not unexpected. To help keep the company afloat, he’s dropped maintenance contracts, including on some mission critical systems. He’s walked away from a premier — albeit difficult-to-work-with — longtime database vendor to save more than $100,000 for his company.

“Sometimes the gamble has paid off, and other times we have paid for it,” he said.

A few months ago, he had some equipment fail. Under his higher service level agreement, the components that failed would have been replaced almost immediately, in two hours at most. In the new reality, the provider had to fly the parts in from a neighboring state. “We were down for about 12 hours, and it was mission critical,” he said. These were the internal networks for about 40% of the company. People affected couldn’t use email or store files.

Risk management makes these decisions all sound so, well, manageable. As the recession shows, however, CIOs can research the IT-related risks to their enterprise, plotting out every what-if scenario in the IT playbook, and still be surprised or, worse, undone by elements unimagined and unimaginable based on past experience. That’s when the person in charge has no choice but to be a risk taker. And be brave.

And what better time to raise awareness than on the heels of the Gmail/Hotmail/email phishing scam that compromised thousands of accounts. On Oct. 6, news broke that at least 10,000 Hotmail addresses and passwords had been leaked online. The next day, it was revealed that 20,000 addresses and passwords for email accounts from Hotmail, Gmail, Yahoo, AOL, Gmail, EarthLink and Comcast had also shown up on the Web.

Just barely into October, the news reinforces the theme of this year’s security awareness month, “Our Shared Responsibility,” in showing that we have to promote cybersecurity education and best practices to all users – down to the weakest links. Everyone on your network needs to understand the risks (and be aware of any warning signs) when online.

The need for that education was made clear by a statistical analysis of the 10,000 leaked Hotmail accounts, which showed that the top two most commonly used passwords were 123456 and 123456789.

With that in mind, here are some resources to guide you in continued online safety and security in your organization:

Small to medium-sized businesses are prime targets for cybercriminals because they often don’t have the resources to update their security programs. The National Cyber Security Alliance has some information on risk assessment and security plan implementation for SMBs to protect their brands, their customers and their employees.

Our recently published “10 must-have steps for an effective SMB information security program” highlights security information for small businesses from a soon-to-be-finalized guide from the National Institute of Standards and Technology. The guide includes information on steps to an effective information security program and common trouble spots to be cautious of, such as:

• Opening email attachments from unknown senders and responding to emails asking for sensitive information.
• Clicking on Web links in emails and instant messages.
• Clicking OK on pop-up windows and other hacker tricks.

The California Office of Information Security and Privacy Protection provides information and recommendations on data security – from online privacy tips (resources on bugs, hackers and more) to information protection practices for businesses.

Does the Red Flags Rule apply to your business? The Federal Trade Commission has provided some information on the fraud protection rule for businesses, including a how-to guide and a DIY template to help you identify red flags in advance and avoid data breaches.

Capital One and the National Cyber Security Alliance have come up with a top five list of cybersecurity tips for SMBs. Risk assessments and employee education were among the suggestions.

The National Association of State Chief Information Officers (NASCIO) has partnered with the Department of Homeland Security’s National Cybersecurity Division, the Multi-State Information Sharing and Analysis Center, and the National Cyber Security Alliance to promote cybersecurity awareness. Each organization has provided extensive awareness tools and resources, a list of which can be found on the NASCIO cyber security awareness page.

Good online security should be practiced 365 days a year – but take advantage of the added awareness this month to get your employees up to speed.

For IT, I have to wonder how Google Wave will also change the face of project management, business process management and IT service management. Why? Most of the major concerns I hear regarding these types of tools are their lack of functional, easy-to-use, real-time collaboration and monitoring features.

And for business process automation, which we’ve heard is becoming increasingly relevant as a budget saver, Google Wave could act as the interface tying multiple data streams together. For the midmarket, Google Wave has the potential to be an inexpensive way to get first-rate features — enabling new technologies — without a large infrastructure investment.

Here are some of the Google Wave features and add-ons that could drive real benefits for organizations:

Ribbit (currently in beta) brings in audio with its conference call gadget and message gadget, incorporating real-time audio streaming and recorded messages (including a transcript) in the associated wave. No means of communication left behind!

Salesforce.com is working on a prototype extension to Google Wave that could help its customers provide customized, documented support in their own businesses — leveraging the cloud-based platforms and interactive capabilities. Support cases are maintained and updated, from initial point of contact to resolution within the wave. Google Wave, with the ability to interact with other cloud platforms, could change the way customer support is handled.

SAP is working on a prototype for business process modeling called Gravity. Using the communication integration capabilities of Wave, users collaborate on business process modeling activities in near real time — working together to approve models, find windows of opportunity for business process automation and help build a strategy for execution and refinement of the processes.

It’s still early days for the Wave technology (some bugs and kinks need to be worked out) but it all looks promising and a tool for CIOs to embrace, not shy away from.

The most common automation tools used in IT center around standard service desk tasks. For instance, a midmarket IT shop could automate the process for auto ticketing or resetting passwords. One company set up a self-service task on their extranet that allowed contractors to reset their own passwords. Prior to this, contractors had to contact the help desk and go through a rigorous process to get this done. With process automation, IT frees up help desk resources and streamlines a process.

In other cases, automated tools can add new IT functionality without new resources. Consider resource and asset discovery. One financial services company used a product from Tideway for automated resource discovery; it provides profiles of current and new systems on the network, showing all machines, what versions of software they’re running, who owns it, who supports it, etc. Using this type of automation tool allows the company to effectively assess inventory and provide their operations center with an accurate view of what they have and when upgrades or new systems are needed — without any manual steps.

Automation tools don’t necessarily cost anything. “In some cases, the cost for automation tools is nothing,” said David Pultorak, founder of Pultorak and Associates, an IT consulting firm. “Automation tools are often included in the licensing agreements that come with the platform you’re using.” Systems management packages such as Microsoft System Center and HP OpenView include automation tools, but companies may not have configured them.

There are also free automation tools available if you know where to look. For midmarket shops using mostly Microsoft products, Pultorak recommends visiting the Microsoft site and searching for solution accelerators. There, you’ll find all sorts of free automation tools for desktop deployment.

Another tip for getting on board with automation is to work with your vendors. All the big vendors, including SAP, Microsoft and HP, have specific service offerings for small and midmarket organizations. Pultorak advises going to your vendor and asking what they offer. You might be paying too much for extra products when there are free downloads or scaled-down versions that cost less and do the trick.

Process automation isn’t new. But the reason for using automation tools is. In today’s economy, midmarket companies can’t afford to not automate processes. By automating mundane, everyday processes, IT can keep going with a tight budget and deliver more value to the business.

Midmarket CIOs can possibly learn from D.C.’s success — strategically opening up data access can mean more grass-roots employee innovation and, for a real ROI, fewer internal and external support calls. So how can IT provide an efficient service to the organization, track its performance and free up time to work on other projects?

In the case of D.C.’s Data Feed project, the office of the CTO led the initiative and supplied the raw data (housed in the district’s Citywide Data Warehouse) to over 320 data feeds. The publicly accessible information has meant less time spent handling questions and requests, city administrators reported. Real-time data feeds on building permit information, government employee credit card transactions, crime data and virtual town halls give D.C. residents access to a lot of data.

The data also provided performance indicators and metrics to measure up against established goals. Residents are able to track the performance of agencies and have the information to hold the government accountable.

How can you make this work in your organization? Internally, a more public help desk (utilizing social networking across IT) could reduce some of the help desk ticket overload. In many organizations, once a request is submitted to help desk, there is no indication of whether or not it is a widespread problem (”Am I the only one without email today?!”). Employees may not pester IT if they already know their problem is being worked on, cutting down on excessive requests.

And externally, sharing more with your vendors may reduce unnecessary workflow. Johnson & Johnson has a social networking community for its top vendors that includes up-to-date delivery requirements, a centralized location to download paperwork and a way to reach out to relevant contacts quickly. Providing information so vendors (and customers) can help themselves reduces time spent fielding the same or similar questions regularly.

But don’t expect the transition to be easy. According to one CIO I spoke with, IT departments may not be as eager to give employees access to all internal data the way D.C. has exposed it to the public.

According to him, IT is not always willing to work as a team with the entire company because there is so much tech camaraderie and “feeling privileged and above the users.”

However, breaking down those silos and reminding everyone that they are part of a team is important to the success and efficiency of IT and could result in a more productive IT shop.

I’ve been getting some interesting questions about how to move an ERP project forward since sharing Peet’s Coffee & Tea’s ERP implementation story. One email was from a person who has never done an ERP implementation before and is hitting a wall at the stage of choosing an ERP vendor.

I certainly don’t have all the answers, but I can tell you that a series we ran called ERP Journey chronicled a CIO’s 20 months spent choosing and installing an ERP system. One big point was how he chose a system after identifying and reviewing some very vertical-specific packages, contacting some user groups and even asking other companies in his same field what they used and why.

At Peet’s, CIO Tom Cullen started out by sending RFPs to several vendors (Microsoft, Oracle and SAP), asking them to choose their top three implementation partners. Cullen ended up going with Microsoft Dynamics AX for several reasons. One was that Microsoft had a strong partner that had done many Dynamics installations, but the partner also had expertise in the industry that Peet’s plays in: food and beverage.

Peet’s also went with Dynamics because the company is a Microsoft shop, making it easier to integrate with existing systems such as its Microsoft BizTalk integration layer, and giving end users a familiar interface.

Another point brought up by Kirk Sloan, consulting director of Junction Solutions, the Microsoft partner that helped with Peet’s installation, is to choose an ERP system that requires minimal customization, “because more customization means a longer timeline, more testing, more costs and more likelihood that the project will fail.”

I am skipping over a lot of steps here of course because I have never been involved in the process of choosing an ERP vendor. I do know that all projects share many of the same obstacles during the planning through installation phase. You will run into pushback on many levels, from IT and from business users who just don’t want to learn a new system. Then there is the bigger picture of how much the new system will impact and completely change the business processes and essentially the way the business is run.

Commenting on the Peet’s article, blogger Raj Sheelvant says:

“It’s not Engineering Change Management, but People Change Management that is more challenging [in reference to an ERP installation]. Automating business process by itself is not difficult. But to do that in the face of resistance from not only the management but all the employees needs strong leadership skill — change management skill.

“…People change management is hard and it’s wise to expend upfront energy to rally everyone behind the goal of Engineering Change Management. Individuals and departments needs to be transitioned to a desired future state before implementing ERP. I think this is the only way to successfully implement ERP for SME organization.”