CIO Symmetry


December 16, 2011  4:57 AM

Can you trust your KPI scorecard?

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

Mark Twain is attributed with the saying, “There are three kinds of lies: lies, damned lies and statistics.”

Any CIO faced with a meaningless key performance indicator (KPI) scorecard and performance dashboard knows that feeling about statistics: They can paint a rosy glow on your IT team’s performance, while anecdotal evidence tells a different story.

It’s a discussion that I had recently with our senior news writer, Linda Tucci, when it comes to outsourcing KPIs. My argument is that if you allow your consultants or your outsourcing team to designate the metrics and the KPI scorecard — essentially to grade themselves — the metrics themselves fall into question. In theory (and I know of at least one situation where this actually happened) they could lie outright about their own performance, especially if it’s tied to their own revenue stream.

The problem with metrics, KPIs, dashboards and every other self-performance measurement that we try to put into place is this: At best, you get exactly what you’re measuring; at worst, someone games the system but you take the numbers at face value.

A great example of a bad series of metrics comes from my tenure managing a newly outsourced help desk. One of the metrics was the number of completed issues (aka closed tickets). After three months, the contractor numbers were in the green, with greater than 99% of all tickets closed. The onshore help desk had never managed even to graze 97%, so senior leaders were ecstatic! Unfortunately, the user satisfaction scores were in the toilet. What the KPI dashboard wasn’t showing was that the number of user problem tickets had gone through the roof. Further root cause analysis revealed that when users called in, the agents closed tickets as soon as the call was completed, rather than keeping the ticket open to make sure that the actual problem was solved. When the user called back, they generated another ticket and another “solution” as soon as the agents got the user off the phone. Lather, rinse and repeat, with one user problem generating as many as 10 tickets in less than a week’s time.

It was our own fault. We weren’t measuring the actual solution and the users’ satisfaction. Aside from the obvious fact that a completed issue is a meaningless metric in the first place (all issues are not equal), the internal help desk staff members hadn’t needed an artificial construct to encourage them to satisfy the users — the members of the small, four-person team had known that if they didn’t solve the problem on the first pass, when the user called back, the help desk would pass the user through to the original agent. They worked with the product development team to deflect potential user problems proactively, and trained users as much as they helped them with problems. Why? Because we staffed four agents regardless of call volume — that bit of extra work made the agents’ lives easier in the long run. However, with the new outsourcing model, the contracted agents were staffed for call volume. Seemed like a good idea at the time, but why solve a problem if it means that your own hours are going to get cut next week?

We didn’t measure the user satisfaction KPI because it had been an invisible KPI all along. We changed the variables (the help desk agent structure) and were surprised when the same metrics no longer yielded similar results. Shame on us.

We are predicting (along with everyone else) that 2012 will be the Year of Big Data, but the devil is in the details. For some CIOs, the hardest thing they ever tackle will be their very own subset of “small” data on their very own KPI scorecard.  May it be more valuable than Twain’s bemoaned statistics.

December 13, 2011  3:33 PM

Cloud security planning should be part of strategy from beginning

Scot Petersen Scot Petersen Profile: Scot Petersen

What are you doing about cloud security planning? I say planning because, in a survey of attendees at the recent SearchCompliance.com Making the Case for the Cloud virtual seminar, more than half of the IT professionals responding said they don’t have a cloud strategy in place — though 100% said they would within the next year.

The point is that a cloud security strategy should be part of a cloud plan from the beginning. How that plan gets formulated is up for grabs, however. Responding to an instant poll taken during one seminar session on cloud incident response, 45% said their cloud security plan consists of reliance on SAS 70 Type II audit reports; another 32% said they rely on service contracts and lawyers to sort out the details; and 23% answered that they “can’t get management on board” for any security plan.

That’s pretty shocking. Even overlooking the 23% who are throwing up their hands, the other two options are not much better, certainly not by themselves. The SAS 70 standard was not designed with cloud security in mind.

According to IT security consultant Kevin Beaver, the speaker in the incident response session, SAS 70 had its place but is being phased out. “But it’s not that simple,” he said. “The bottom line is, you have to dig in deep; you can’t just assume that if everything checks out in the SAS 70 Type II audit report, everything must be fine. Because that is not the case, based on what I am seeing in my security work.”

First steps for cloud security planning? Get a good lawyer, a good security consultant and your CEO, and put them in a room together. Order lunch. And get down to business.


December 8, 2011  7:17 PM

Good interview questions drive project management success

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

We all know that the secret to project management often can be boiled down to your team members. We’re currently in the process of collecting nominations for our SearchCIO-Midmarket.com IT Leadership Awards and often when I contact the nominated leaders to confirm their nomination information, they protest that they themselves were only leading a team. (I love those protestations, by the way, as it’s the sign of a great leader and it means that our IT Leadership Award nominations are spot on.)

Today, instrumental VP at Google Marissa Mayer is speaking at LeWeb in Paris. During the Q&A portion, she was asked what the secret is to be a great project manager. She thinks project management lives and dies through the interview with potential team members. Because Mayer’s candidates are already technically vetted before they ever get to the interview table, she is free to really get a feel for the potential team member through a series of surprising interview questions.

For instance, her favorite question is “What’s the coolest thing you’ve seen in the last six months?” Their answer will reveal what kinds of things they are exposed to and how those exposures influence them. Mayer also asks “What do you own that you love?” which is designed to reveal what the candidate is emotional about and helps Mayer grok how well the person will be able to emotionally connect to the products that they are designing and the Google customer experience.

That’s some pretty psychologically brilliant questioning. One could make some fairly sound judgments about a candidate who answered “my new iPhone 4S with the Siri personal assistant” versus “the Christmas ornament that my great grandmother left me in her will.” Which of those things is the right answer, according to Mayer? I suspect it might be the latter.

By the way, we’re still accepting nominations for the SearchCIO-Midmarket.com IT Leadership Awards. And no, we won’t think you’re being narcissistic if you nominate yourself. You can’t get ahead in the IT industry without celebrating your own successes, and this is a perfect time to do just that.

The comments invite you to share the coolest thing you’ve seen in the last six months. Who knows, it just might get you an interview with Google’s Marissa Mayer!


December 6, 2011  9:31 AM

Cloud computing services adoption could be the answer for security

Scot Petersen Scot Petersen Profile: Scot Petersen

About a year ago I moderated a panel on cloud computing services adoption in health care. A quick poll of the audience indicated that security was the No. 1 reason why their organizations were not using the cloud or were taking their own sweet time in figuring it out.

The panel of technology vendors tried to assuage fears that security issues could hinder cloud opportunities. One panelist compared the situation to online banking: What once was unheard of is commonplace now.

Still, adoption has been slow — and not coincidentally, because health care is an industry where data privacy has to be part of the fiber of its being. And if the state of security in health care is any indication, the industry has more pressing problems than deciding whether it should go cloud.

That could be the problem, however. Despite the myths about the cloud, maybe it’s where some companies can find more security than they are currently able to enforce themselves. For more information on strategies for making cloud the next step in your enterprise and security strategies, check in on the SearchCompliance.com cloud security virtual seminar Wednesday, Dec. 7.


December 5, 2011  7:41 PM

Can you use the Kindle Fire for business?

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

Each week, we mine the Web for the jewels of knowledge that appeal to CIOs. This week, we’re looking at the trend of using the Kindle Fire in business, what compels women to quit their IT teams and the expanding reach of the Data.gov website.

 We’re still not entirely on board with the iPhone 4S voice-controlled assistant Siri; apparently Siri has a problem understanding the Indian accent.

 The half-life of a tech worker is about 15 years, according to Matt Heusser. We’re feeling old right now, how about you?

 Get ready for some BIG big data. The White House is open sourcing its Data.gov website and taking it global.

 With the holiday tech season in full swing, this year’s big mover and shaker is Amazon.com’s Kindle Fire tablet. The company plans to ship almost 4 million Kindle Fire units in Q4 2011. But can you use it for business?

 Tired of all of those blog posts about how to keep women in information technology? Here’s how to get those women to quit so you don’t have to worry about it anymore.

 You might want to watch your credit card statements over the next few weeks. The hacker group Anonymous is pulling a Robin Hood: It’s attacking the finance industry by removing funds from credit card accounts and donating the stolen money to charities around the globe. (If you see something odd, notify your financial institution for reimbursement.)

 Where do you fall in the argument about using the iPad 2 versus the Kindle Fire for business?


December 2, 2011  3:58 PM

Are you at risk? Huge Java vulnerability now weaponized and exploited

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

It’s every CIO’s worst nightmare — that panicked call when you least expect it, delivering the worst possible news: “The firewall has been breached.” We know that you do everything possible to avoid that gut-dropping moment, so we’re letting you know that today might be the best day possible to force your users to do a Java software update. It seems that Oracle Corp. detected a major Java vulnerability a few months ago and fixed it. But now the folks who live to create chaos and disorder have picked up on the weakness too. According to the National Vulnerability Database (NVD):

“Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.”

 How bad is this? The NVD has scored it 10 out of 10. This isn’t Jabba the Hutt bad or even Darth Vader bad — it’s The Emperor of all Java Vulnerability bad.

 Java is historically a bit of a screen door for corporations in the first place. It doesn’t use the same engine for updating as Windows or Adobe Flash do, and the Java software update tends to get overlooked by IT. Considering that it’s a huge, overreaching software that affects users of Windows, Linux and Mac OS X, it’s the perfect opportunity for malicious programmers to exploit and “weaponize.” Even if you deployed a Java software update in mid-October, you might still be at risk — JRE 7 and 6 Update 27 and earlier are still at risk, according to security expert Brian Krebs.

Krebs managed to sneak into one of the exclusive hacker cybercrime communities and obtained a hacker video demonstrating how the hackers can exploit the Java vulnerability. It’s worth checking out, if only to see exactly how the criminals can easily take control of your users’ machines.

And of course, it would be worth the time to take a peek at your Java software update and make sure that your users aren’t going to accidentally stumble on an infected page or ad while using Mozilla Firefox or Internet Explorer — especially if they are still using Windows XP. There’s no time like the present.


November 30, 2011  3:20 PM

First, ‘bring your own device’; now, a zero email policy

Scot Petersen Scot Petersen Profile: Scot Petersen

The wave of optimism that began with advancements in smartphones and tablets that could enable a new generation of bring-your-own-device employees has been taking some strange zigzags of late.

 The first “zig” is that a major health care provider is taking steps to restrict workers’ Internet access as a result of an out-of-control malware problem.

 The latest “zag” comes from Thierry Breton, CEO at Atos, a French IT services firm. He wants to institute a zero-email policy within the next two years.

 This could be a shock to old-school users, who still live and breathe in their email application eight hours a day. But it could be a boon to up-and-coming Millennial-generation workers, who spend most of their time on devices communicating through social networks.

 In my case, I’m playing in both the old and new schools. I take notes on my iPad, then email them to myself for future reference. That might go against the common sense of Nicolas Moinet, information and communication professor at Poitiers University in France: “We have now reached crazy situations where employees go to a meeting, continue to send emails and then ask colleagues present to send them an email to know what was said during that meeting.”

 There’s a level of the absurd in this, but banning email? Like cutting off employees to the Internet, this latest attempt to get control of things will end up causing more problems. I like the out-of-the-box thinking espoused by Breton, but we need to rein in some workable solutions.


November 28, 2011  7:04 PM

Social media networking tips for finding new CIO positions

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

There’s nothing like the first day back after a major national holiday to make you feel like you’re drowning in task items. Cheer up, we’ve got your back. We’ve combed the Web and picked only the best and most interesting selections, ensuring that you’re up-to-date on last week’s high points. We’ve got social media networking tips, an automated elevator-pitch helper and help for resuscitating languishing CIO positions.

If you’re not sullied by Dropbox’s bad reputation for security breaches, John Jantsch gives you five ways to make Dropbox more useful.

One of the biggest social media networking tips is to protect yourself: Don’t let oversharing give crooks an upper hand.

Everyone needs a solid elevator pitch, whether it’s for a project you’re excited about or for yourself as you look at new CIO positions. Harvard Business School’s Elevator Pitch Builder offers helpful word suggestions while you craft your pitch.

Do you ever feel like everyone in your company hates the IT department? You’re right, they do.

Poor AT&T. Not only does Lance Ulanoff think the AT&T-T-Mobile merger is DOA, but the recent business customer phone-hacking was tied to terrorist funding.

File this under “You get what you pay for”: India is losing a huge chunk of its outsourcing business to offshore Filipino call centers, even though the workers in the Philippines are paid slightly better than their Indian counterparts, driving the overall cost of outsourcing up a smidge.

While the content of CIO positions doesn’t change, the context is a struggle, says John D. Halamka.

Using social media as a networking tool takes some finessing. It’s not as simple as setting up a profile and letting the job offers come to you. Here are some social media networking tips for using LinkedIn to find a better job.


November 22, 2011  8:19 PM

Celebrate a colleague with our CIO awards

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

We all know those amazing IT leaders who make a difference in our companies day in and day out but often go unrecognized by the IT world at large. Not everyone can pull a Steve Jobs or a Bill Gates, after all, but I have witnessed solid and amazing innovation in midmarket companies time and again. That’s why we want to celebrate and award those CIOs and IT leaders who are blazing trails and making exciting things happen within midmarket companies.

Our SearchCIO-Midmarket.com IT Leadership Awards are open for nominations. We’re looking for not just the brave and the daring technological advancements, but also those individuals who excel at building culture or embracing green IT as part of their inherent strategy. These CIO awards celebrate all manner of IT excellence, whether it’s building a culture where millennials feel comfortable or Gen Xers find places to lead inside and outside the org chart, or by introducing new technologies to the IT department, either through innovations in data center cooling or exciting BYOD policies. Of course, it could be something else that we haven’t even considered, which is why I’m so excited to be a part of these SearchCIO-Midmarket.com CIO awards. I can’t wait for the CIO award nominations to dazzle us with the creativity and inspirational leadership that I know is out there.

Do you know someone who deserves to be recognized for their outstanding IT leadership with one of our CIO awards? Someone who is always thinking of better ways to optimize and motivate their teams or drive business value through technological contributions? Someone who has figured out a way to really engage the customers of an organization, whether internal or external? Or is that person you? Let us know!

We’re looking forward to sharing with you stories about the outstanding IT leaders on SearchCIO-Midmarket.com throughout next year. We’ll also award six amazing individuals with American Express gift certificates as well as engraved glass trophies, suitable for bragging rights in the office. As well, recognized IT leaders will receive exclusive invitations to IT industry networking events throughout the country.  We’re also going to award one of those IT leaders with the title of IT Leader of the Year — and oh yeah, they’ll get an iPad2, too.

And because we’re not above bribery, if your nominated IT leader is one of those exceptional elite, we’re also going to give you an American Express gift card. Consider it a CIO awards finder’s fee.

There are no catches. Well, one: You can only nominate one person, so choose carefully. Ready, set, go get ‘em!


November 21, 2011  8:50 PM

Will the outsourcing model be the death of CIOs?

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

Each week, we scour the Web to track down interesting news pieces and commentary to help you maximize your surfing potential and information consumption. This week, we’ve got analysis of the Kindle Fire’s marketing strategy, concerns about the IT outsourcing model, and tips for negotiations and job interviews.

Is the outsourcing model going to be the death of IT? Vlad Mazek thinks you might be surprised.

 Despite rigid restrictions, North Korea has just reached 1 million active cell phones. Considering that a North Korean citizen was actually executed last year for calling South Korea, that speaks to some hardcore desire for mobility.

 Looking for your next job? Erica Swallow has tips to take control of your next job interview.

Amazon would like you to believe that the Kindle Fire is a service rather than a product. We’re not so sure we buy the rationale.

 The iPhone was a technological breakthrough. Or was it? New Yorker columnist Peter Thiel doesn’t think so.

 Everyone wants to be the smartest person in the room. Lewis Howes thinks that might be your biggest problem.

 Next time you find yourself hammering out your outsourcing model, follow these three easy lessons on better negotiations.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: