By Laura Smith, Features Writer
As more midmarket firms explore virtualization to achieve cost savings and other benefits, they’re discovering that adequate bandwidth and compliance with regulations as part of their disaster recovery solutions are drivers for success.
“You never know when a disaster is going to hit,” says Ray Lucchesi, president of Silverton Consulting Inc. in Broomfield, Colo., and a 30-year industry veteran with early patents on tape and disk storage devices. Lucchesi now counsels clients on issues such as bandwidth and regulatory requirements when setting up disaster recovery solutions in virtualized environments.
When transferring data from a virtualized production environment to a hot site, having enough bandwidth is critical — and that means planning and budgeting for it ahead of time. “Bandwidth issues can be expensive,” Lucchesi says. “If you’re going to support disaster recovery, you need to support the bandwidth requirements. In the end, you have to transfer the data. Bandwidth is the key governor to that.”
Sun National Bank learned that lesson the hard way — but then, that happens when you’re ahead of the curve. Three years ago — a generation in virtualization terms –the Vineland, N.J., bank embarked on a project that was slightly delayed due to bandwidth issues during failover from the production environment to the hot site. On the positive side, Sun National made good use of its displaced servers, setting up its own business continuity and disaster recovery site and pocketing the monthly fee it had been spending on third-party services. More importantly, the bank, now in charge of its own disaster recovery architecture, can comfortably guarantee it will deliver on user requests within 24 hours.
But this isn’t the brand of home-grown disaster recovery solutions we’re talking about. CIOs are dealing with disaster recovery requirements that are sometimes specified by financial or health regulations that require them to be operational within a certain time frame. “In some environments, such as a bank, being down for an hour can mean the loss of millions of dollars that you can’t retrieve, to a large extent,” Lucchesi says. And when one bank fails, another may follow, given the complex web we live in.
Surprisingly, European companies have been more actively involved in establishing failproof disaster recovery solutions than Americans — perhaps due to terrorist activity on the continent or more governmental regulations requiring it, Lucchesi suggests. After 9/11, the U.S. government initiated similar regulations, recently urging financial organizations to create plans for surviving a regional disaster. Some of these regulations require industries in the critical infrastructure — health care and power — to audit their disaster recovery solutions.
A CIO was recently approached by a business line manager about a problem with a cloud service. The manager asked if the CIO could help resolve the issue, and the CIO gave him a flat-out “No.”
It is a sign of the struggle going on in many IT organizations: If users bypass IT to buy cloud services, is IT in turn responsible for that service and the support problems that come up?
This CIO, who was one of the attendees of a roundtable on cloud services sponsored by the trade and investment arm of the British Consulate-General in Boston, felt that he needed to make a point. It wasn’t so much that he didn’t want to help the manager, but in the future, he wanted the business to come to him before signing a deal with an external service provider. In the end, he felt that IT should be involved in selecting the provider and negotiating the contract.
Several of the attendees, a mix of CIOs, cloud providers and consultants, voiced their concerns about the growing demand for IT to support external services.
What they wanted to see was a service provider, or software vendor, that could develop an integrated services management layer for a mix of internal and external services, or several public cloud services. This layer has yet to appear, they said, yet many companies are moving in this hybrid direction. Of 500 IT executives surveyed, 43% said they plan to have a hybrid cloud services strategy (a mix of private and public cloud services) within the next three years, according to consulting firm Sand Hill Group. Read about the study in this blog post by Sand Hill’s head of cloud research, Kamesh Pemmaraju.
This sounds like a great opportunity for vendors, cloud providers or perhaps a new breed of startups to step in, but for now the attendees said they are developing their own standards and management layer for hybrid clouds.
Let us know what you think about managing cloud services. Email me at firstname.lastname@example.org.
The number of niche data security software solutions providers is getting smaller, and so are the choices for IT managers.
HP’s announcement this week to acquire ArcSight is its second security acquisition in the last month and the latest in a wave of bigger technology and computer companies gobbling up smaller players in the data security software and services market. HP followed buying Fortify, which specializes in secure development and security testing, with ArcSight, which focuses on compliance and risk management.
Last month, Intel agreed to acquire McAfee while Symantec — already the leader in data security software and services — has bought up PGP, GuardianEdge and VeriSign’s authentication services business in the past month. IBM just came out with new software from its acquisition of Guardium last year.
On the one hand, this market consolidation by these IT leaders will enable more of a one-stop shop for security products, and likely better integration that will enable a holistic solution.
However, many midmarket firms and small businesses that use Fortify, ArcSight or Guardium products may not already be current HP or IBM customers, certainly not for security products, and will miss the ability to build the niche security solution that fits into their environments.
It’s surprising that it has taken so many years for large IT and computer vendors to see the value of security. But now that it has, it could mean more challenges and less opportunity for midmarket security buyers.
Social media, it seems, is on everyone’s mind these days. How do I use it as a business tool? Should I allow employees to use social media tools for business purposes?
Its uses are varied, but it is clear, as far as emerging technology is concerned, that social media has entered the mainstream of corporate adoption. This comes from a survey of 100 companies that were asked where 58 emerging technologies stood on their adoption agenda. The survey was conducted by the Corporate Executive Board (CEB), a consulting firm whose members include some 200,000 business leaders (its IT practice caters to about 2,500 CIOs).
In fact, the mainstream adoption curve for social media started in 2009, as it did for data deduplication, Software as a Service, tablet PCs, 64-bit computing and RSS.
What’s interesting is that these technologies are being adopted because the perception is that they pose minimal risk to an organization. Low risk is determined by the following factors: marketplace maturity, available management tools, scalability, architecture integration, support skills and security, according to CEB’s Information Technology Practice.
Because of the same factors, emerging technologies — such s Cloud Infrastructure as a Service (with mainstream adoption slated for 2012), WiMax, virtual worlds and Linux on the desktop (the latter three not on the adoption agenda of these companies yet) — are considered high risk.
It’s interesting that social media is considered such a low-risk technology, given that many CIOs say their business is still trying to figure out what to do with it and what effect it would have on their security and compliance practices.
The risks are legion, depending on whom you talk to, ranging from malware, phishing and spoofing, to impersonation and blackmail from malicious outsiders.
On the flip side, conservative companies like mutual fund provider Vanguard are taking the social media leap of faith. According to SearchCIO Senior Writer Linda Tucci, Vanguard has staked a claim with a Facebook page, LinkedIn presence, a Twitter account and its own channel on YouTube.
Still, it may be some time before social media truly reaches mainstream adoption status as a business tool, at least beyond its prevalent use for marketing and brand awareness.
Let us know what you think about this blog post; email Christina Torode, News Director.
It’s funny the places where you can gain some insight about business services management.
Last week, I spent two hours waiting at my local Massachusetts Registry of Motor Vehicles to exchange a green-lettered license plate for a red one (I couldn’t pass inspection without it).
This particular RMV is located in a big mall north of Boston. The place was packed on that afternoon and spilling out into the mall corridor, with people just milling around, waiting their turn. When you come in you get a ticket with a number that includes your approximate wait time. But me, and many other paranoids there, didn’t want to risk walking over to the Best Buy or the food court for fear of some freak occurrence that would skip a bunch of numbers and pass me by.
The waiting throng discussed some better options. “Why can’t we do this online?” someone asked, stating the most obvious solution. But another said, “They should have those beepers like they do at Panera [right around the corner in the mall], and buzz you when your number is close.”
A simple but brilliant solution. But she didn’t even see all the benefits of a service that could not only improve customer relations, but also drive commerce in the mall. A closer partnership with the mall could even enable the project to be subsidized, so as not to spend any more taxpayer dollars, a shortage of which has exacerbated the very situation we were in.
Once my number came up and I got to the service agent, it took her no more than two minutes to fetch me a new plate and print out a new registration. The situation recalled a story we did with another commonwealth of Massachusetts tie, “How CIOs are tackling IT business services creation,” in which Ed Bell, a former interim CIO for the state House and Senate, discussed how he sought to help his customers, the legislators and their staffs.
“I sat in the clerks’ offices, sat on the House and Senate session floors and watched what they did and how they did it,” he said. “From that vantage point you can take that information and do a better job communicating with constituents as well, who really are the ones we serve. It was a good education for them, and for me. From a business product standpoint and a customer standpoint, we need to engage with customers to see how we can improve their environments.”
This enlightened approach has not filtered through all of the corridors of the State House. But it’s a lesson for all managers, technology or otherwise: Get out from behind your desk to understand how your business really runs.
A while back, I checked in with a few IT managers about their mobile application development plans. I was wondering if business intelligence applications were making their way on to their users’ iPhones.
The answer was, sort of. Basic reports were available, but it was proving too hard to make the information their users really wanted from their business intelligence systems work on mobile devices.
What they wanted was the ability to develop custom reports for users, but the design of iPhones doesn’t allow for local agents — it’s totally proprietary. Still, one IT shop is making a go of it anyway, with plans to take data from its SQL Servers, proprietary applications and a variety of other sources across the organization, and deliver the information on the iPhone.
This project was considered a “major” undertaking, but mobile application development for the iPhone and other smartphones could get a lot easier … in about five years.
That’s when Gartner analyst David Mitchell Smith believes the “mobile Web” will take off. HTML5 already makes it possible to bring desktop application capabilities to the browser. (Most popular mobile browsers have already adopted parts of the HTML5 specification). And, he said, you can’t discount other developments like:
- An emergence of stable Web app stores (this is further out).
- The rollout of 4G connectivity.
HTML5, the next-generation HTML standard, will allow for offline capabilities and video, and offer drag-and-drop options. Here’s a tutorial on how to make an HTML5 IPhone app by blogger and Yahoo front-end engineer Alex Kessinger.
“[These advances] will start to bring more and more of the richness of native environments to the browser environment, similar to what Ajax did on the desktop,” Mitchell Smith said during a webinar this week on how the Web and cloud computing will drive IT strategies.
With smartphones becoming the primary communication and computing device for many, it is safe to say that mobile application development will become a priority for IT. At Ridley Inc., a holding company for animal feed and nutrition companies, salespeople are getting mobile access to the company’s ERP system. Access is gained over a virtual private network to a Citrix server farm, which in turn connects to an ERP application that’s viewed on a Web portal that the company’s development team built. It’s not a rich client experience, but it gets the job done.
The mobile workforce has become accustomed to the limitations of the mobile app experience, but that acceptance may not remain, and businesses may not be able to just get by, as more business apps must make their way into the mobile world.
What’s the goal of data retention? Depends on the data. Sometimes it’s a second or two, so saving it is irrelevant. Other times, as with electronic health records, birth certificate data needs to be kept on file for 20 years or more in most states.
But how about 1,000 years? That’s the goal of Chris Puttick, CIO of Oxford Archaeology Ltd., which provides archaeology services for construction firms in Europe that need to comply with planning regulations. His job depends on strategic planning around data management.
“Archaeological data is extracted in a one-off ’experiment‘ with our teams on-site, excavating before the new road/airport/tunnel is built over or through it,” he told SearchCIO-Midmarket.com Features Writer Laura Smith. “What is observed, measured and photographed can never be repeated, leaving the resulting data the only surviving record of an archaeological site that had survived thousands of years before the excavation, or like this site, a mere 1,000 years, so our records should aim to be retained for at least as long, or the money and effort spent on the excavation was wasted.”
The corollary here is that what is stored must be found, so data retention strategies and technologies are equally important. And as data — and the corresponding information — consume more and more of our resources, it’s important to make management part of corporate governance.
One solution might be Generally Accepted Recordkeeping Principles, or GARP (save “the world according to” jokes), developed by ARMA International, which include accountability, transparency, integrity, protection, compliance, availability, retention and disposition.
If you want to learn more, log on to our virtual seminar on information governance on Sept. 16.
We are smack dab in the middle of hurricane season, but SMBs should be keeping an eye on well-intentioned employees in addition to the local forecast.
Like the intern who was hired to perform daily data backups to tape drives and mail them to the SMB’s disaster recovery location — an off-site vault. An IT manager decided to check up on the intern’s work after the intern left — and found that the tape drives had no data on them … zilch.
The architect who told me about this chuckled, partly because an intern was used to perform such an important part of his company’s disaster recovery plan, but also because, well, it was just bad quality control on the part of IT.
I look back on the summer jobs I had while in college and remember an example of bad quality control. I worked for an advertising agency that had me (an English major) making copies of floppy disks — its strategy for daily data backups. Did I know the importance of these mysterious black squares? No. Did I do a few things wrong? Oh yeah.
For example, a guide on how to make duplicate copies of your floppy disks says:
- Don’t allow them to come into contact with heat, dust, magnetic fields or electrical appliances.
- Do not keep all of your backup disks together in one place.
- Do not continually use one disk, as disks do wear out! One high-density disk can store a lot of text-related documents, but it is best to make several copies of your work on separate disks.
- It is best to use Windows Explorer or My Computer in Windows to copy files to floppy disks rather than application software such as your word processing or spreadsheet programs.
I didn’t know any of this, and neither did the person in charge of me — we used the same disk over and over.
I know that most SMBs have better quality control for data backups in place than these scenarios, and the technology has come a long way: disk-based backup options are dizzying, and there’s new cloud-based backups popping up all the time. Then again, a recent study by Enterprise Strategy Group found that on-site disk and tape are still the backup approaches of choice at most businesses.
Moving into September, SMB backup options is a topic that several experts will tackle on SearchCIOMidmarket.com, including how one CIO is sticking with tape drives as his primary backup plan, and why he’s not keen on cloud-based backup options.
If you read Linda Tucci’s recent story on the efforts of Tasty Baking Co. to find a workable solution for trade promotion management, you may have been struck, as I was, about why TPM can be such a challenge.
After all, most of the biggest retailers in the world practice some sort of trade promotion management, either via vendor or home-grown solutions. Yet there seems to be a lack of effective software tools for optimizing retail partner relationships, as well as few standards to rally around.
TPM is not a new concept either, but even a top analyst covering the field, Gartner’s Dale Hagemeyer, has not found significant movement in the field since his most recent report, “Seven Key Considerations When Choosing a TPM Solution.”
Yet Tasty’s CIO, Chan Kang, is faced with real issues as he seeks to work TPM into his tightening budget. Though the company’s direct store delivery model produces quality data, “What we don’t do enough is measure the effectiveness of those promotions: how much lift, what is the baseline, the incremental profit — in other words, whether it was a good idea,” Kang said.
Kang is evaluating vendors, but even though industry groups like Trade Promotion Management Associates and the Vendor Compliance Federation are working to promote solutions for TPM, Tasty could be still confronted by vendor lock-in and integration issues with whatever solution it integrates.
Some observers are skeptical that TPM standards can be achieved, but this is one area that seems like a no-brainer for the Oracles and SAPs of the world to come together for the common good. Such cooperation could only help to increase the bottom line — for everybody.
I don’t know about you, but to me, ITIL (or IT Infrastructure Library) is a little overwhelming. I’m only looking at using the ITIL framework as an IT service catalog tool, and I get a little lost.
Under ITIL guidelines, an IT service catalog is a subset of service-level management, which is a subset of service delivery. Service delivery is the topic of only one of eight ITIL books on IT Service Management (ITSM) guidelines, and that’s just in ITIL v2. ITIL v3 has five other books that update some of v2, but also introduce new ITSM strategies.
SearchCIO-Midmarket.com and SearchCIO.com recently ran a survey asking our readers about their ITIL use. We haven’t pulled together all of the results yet, but here’s a preview: When we asked readers to choose up to three areas in which they would like to see improvements to ITIL, they said:
- 35.4% — ITIL should provide more information on how ITIL works with other
process-improvement methodologies, like Six Sigma and Lean.
- 31.1% — ITIL should offer more prescriptive advice vs. just guidance.
- 12.9% — ITIL should include more specific advice on transition from v2 to v3.
- 12.5% — ITIL needs to be clearer on the differences between v2 and v3.
- 8.1% — ITIL v3 is too complex.
So, it’s clear that people would like more guidance and less complexity, but anecdotally, a few IT shops and service providers I’ve talked to recently said that ITIL does just the opposite: It clears up some complexity.
When an IT service catalog is being put together, ITIL tells the business and IT what terminology to use, they say.
“ITIL gets people speaking the same language,” said Matt French, marketing director with Service-now, an ITSM Software as a Service provider. “It makes it clear what an incident or a request is, and helps an organization with [corporate] terminology [that is different across the company] use the same terminology.”
ITIL also helps IT set the right expectations for service delivery in terms of service levels and what is possible — and not possible — as far as services the business wants to see and what IT can realistically deliver. It does this by setting the scope of an IT service catalog project, including taking inventory of the skill sets IT has on hand (or not) to deliver a service, and helps organizations choose a set of standard services.
Any advice on how to use ITIL to reduce complexity, or how you have been able to simplify ITIL at your shop? I’d like to hear from you. Email me at email@example.com.