CIO Symmetry

September 16, 2010  6:30 PM

Supporting cloud services is a quandary for IT

Christina Torode Christina Torode Profile: Christina Torode

A CIO was recently approached by a business line manager about a problem with a cloud service. The manager asked if the CIO could help resolve the issue, and the CIO gave him a flat-out “No.”

It is a sign of the struggle going on in many IT organizations: If users bypass IT to buy cloud services, is IT in turn responsible for that service and the support problems that come up?

This CIO, who was one of the attendees of a roundtable on cloud services sponsored by the trade and investment arm of the British Consulate-General in Boston, felt that he needed to make a point. It wasn’t so much that he didn’t want to help the manager, but in the future, he wanted the business to come to him before signing a deal with an external service provider. In the end, he felt that IT should be involved in selecting the provider and negotiating the contract.

Several of the attendees, a mix of CIOs, cloud providers and consultants, voiced their concerns about the growing demand for IT to support external services.

What they wanted to see was a service provider, or software vendor, that could develop an integrated services management layer for a mix of internal and external services, or several public cloud services. This layer has yet to appear, they said, yet many companies are moving in this hybrid direction. Of 500 IT executives surveyed, 43% said they plan to have a hybrid cloud services strategy (a mix of private and public cloud services) within the next three years, according to consulting firm Sand Hill Group. Read about the study in this blog post by Sand Hill’s head of cloud research, Kamesh Pemmaraju.

This sounds like a great opportunity for vendors, cloud providers or perhaps a new breed of startups to step in, but for now the attendees said they are developing their own standards and management layer for hybrid clouds.

Let us know what you think about managing cloud services. Email me at

September 14, 2010  3:38 PM

The new data security software landscape

Scot Petersen Scot Petersen Profile: Scot Petersen

The number of niche data security software solutions providers is getting smaller, and so are the choices for IT managers.

HP’s announcement this week to acquire ArcSight is its second security acquisition in the last month and the latest in a wave of bigger technology and computer companies gobbling up smaller players in the data security software and services market. HP followed buying Fortify, which specializes in secure development and security testing, with ArcSight, which focuses on compliance and risk management.

Last month, Intel agreed to acquire McAfee while Symantec — already the leader in data security software and services — has bought up PGP, GuardianEdge and VeriSign’s authentication services business in the past month. IBM just came out with new software from its acquisition of Guardium last year.

On the one hand, this market consolidation by these IT leaders will enable more of a one-stop shop for security products, and likely better integration that will enable a holistic solution.

However, many midmarket firms and small businesses that use Fortify, ArcSight or Guardium products may not already be current HP or IBM customers, certainly not for security products, and will miss the ability to build the niche security solution that fits into their environments.

It’s surprising that it has taken so many years for large IT and computer vendors to see the value of security. But now that it has, it could mean more challenges and less opportunity for midmarket security buyers.

September 10, 2010  1:55 PM

Emerging technology that’s hitting its stride

Christina Torode Christina Torode Profile: Christina Torode

Social media, it seems, is on everyone’s mind these days. How do I use it as a business tool? Should I allow employees to use social media tools for business purposes?

Its uses are varied, but it is clear, as far as emerging technology is concerned, that social media has entered the mainstream of corporate adoption. This comes from a survey of 100 companies that were asked where 58 emerging technologies stood on their adoption agenda. The survey was conducted by the Corporate Executive Board (CEB), a consulting firm whose members include some 200,000 business leaders (its IT practice caters to about 2,500 CIOs).

In fact, the mainstream adoption curve for social media started in 2009, as it did for data deduplication, Software as a Service, tablet PCs, 64-bit computing and RSS.

What’s interesting is that these technologies are being adopted because the perception is that they pose minimal risk to an organization. Low risk is determined by the following factors: marketplace maturity, available management tools, scalability, architecture integration, support skills and security, according to CEB’s Information Technology Practice.

Because of the same factors, emerging technologies — such s Cloud Infrastructure as a Service (with mainstream adoption slated for 2012), WiMax, virtual worlds and Linux on the desktop (the latter three not on the adoption agenda of these companies yet) — are considered high risk.

It’s interesting that social media is considered such a low-risk technology, given that many CIOs say their business is still trying to figure out what to do with it and what effect it would have on their security and compliance practices.

The risks are legion, depending on whom you talk to, ranging from malware, phishing and spoofing, to impersonation and blackmail from malicious outsiders.

On the flip side, conservative companies like mutual fund provider Vanguard are taking the social media leap of faith. According to SearchCIO Senior Writer Linda Tucci, Vanguard has staked a claim with a Facebook page, LinkedIn presence, a Twitter account and its own channel on YouTube.

Still, it may be some time before social media truly reaches mainstream adoption status as a business tool, at least beyond its prevalent use for marketing and brand awareness.

Let us know what you think about this blog post; email Christina Torode, News Director.

September 7, 2010  4:49 PM

Improving business services management, one vehicle at a time

Scot Petersen Scot Petersen Profile: Scot Petersen

It’s funny the places where you can gain some insight about business services management.

Last week, I spent two hours waiting at my local Massachusetts Registry of Motor Vehicles to exchange a green-lettered license plate for a red one (I couldn’t pass inspection without it).

This particular RMV is located in a big mall north of Boston. The place was packed on that afternoon and spilling out into the mall corridor, with people just milling around, waiting their turn. When you come in you get a ticket with a number that includes your approximate wait time. But me, and many other paranoids there, didn’t want to risk walking over to the Best Buy or the food court for fear of some freak occurrence that would skip a bunch of numbers and pass me by.

The waiting throng discussed some better options. “Why can’t we do this online?” someone asked, stating the most obvious solution. But another said, “They should have those beepers like they do at Panera [right around the corner in the mall], and buzz you when your number is close.”

A simple but brilliant solution. But she didn’t even see all the benefits of a service that could not only improve customer relations, but also drive commerce in the mall. A closer partnership with the mall could even enable the project to be subsidized, so as not to spend any more taxpayer dollars, a shortage of which has exacerbated the very situation we were in.

Once my number came up and I got to the service agent, it took her no more than two minutes to fetch me a new plate and print out a new registration. The situation recalled a story we did with another commonwealth of Massachusetts tie, “How CIOs are tackling IT business services creation,” in which Ed Bell, a former interim CIO for the state House and Senate, discussed how he sought to help his customers, the legislators and their staffs.

“I sat in the clerks’ offices, sat on the House and Senate session floors and watched what they did and how they did it,” he said. “From that vantage point you can take that information and do a better job communicating with constituents as well, who really are the ones we serve. It was a good education for them, and for me. From a business product standpoint and a customer standpoint, we need to engage with customers to see how we can improve their environments.”

This enlightened approach has not filtered through all of the corridors of the State House. But it’s a lesson for all managers, technology or otherwise: Get out from behind your desk to understand how your business really runs.

September 2, 2010  6:54 PM

Mobile application development made easy … eventually

Christina Torode Christina Torode Profile: Christina Torode

A while back, I checked in with a few IT managers about their mobile application development plans. I was wondering if business intelligence applications were making their way on to their users’ iPhones.

The answer was, sort of. Basic reports were available, but it was proving too hard to make the information their users really wanted from their business intelligence systems work on mobile devices.

What they wanted was the ability to develop custom reports for users, but the design of iPhones doesn’t allow for local agents — it’s totally proprietary. Still, one IT shop is making a go of it anyway, with plans to take data from its SQL Servers, proprietary applications and a variety of other sources across the organization, and deliver the information on the iPhone.

This project was considered a “major” undertaking, but mobile application development for the iPhone and other smartphones could get a lot easier … in about five years.

That’s when Gartner analyst David Mitchell Smith believes the “mobile Web” will take off. HTML5 already makes it possible to bring desktop application capabilities to the browser. (Most popular mobile browsers have already adopted parts of the HTML5 specification). And, he said, you can’t discount other developments like:

  • An emergence of stable Web app stores (this is further out).
  • The rollout of 4G connectivity.

HTML5, the next-generation HTML standard, will allow for offline capabilities and video, and offer drag-and-drop options. Here’s a tutorial on how to make an HTML5 IPhone app by blogger and Yahoo front-end engineer Alex Kessinger.

“[These advances] will start to bring more and more of the richness of native environments to the browser environment, similar to what Ajax did on the desktop,” Mitchell Smith said during a webinar this week on how the Web and cloud computing will drive IT strategies.
With smartphones becoming the primary communication and computing device for many, it is safe to say that mobile application development will become a priority for IT. At Ridley Inc., a holding company for animal feed and nutrition companies, salespeople are getting mobile access to the company’s ERP system. Access is gained over a virtual private network to a Citrix server farm, which in turn connects to an ERP application that’s viewed on a Web portal that the company’s development team built. It’s not a rich client experience, but it gets the job done.
The mobile workforce has become accustomed to the limitations of the mobile app experience, but that acceptance may not remain, and businesses may not be able to just get by, as more business apps must make their way into the mobile world.

August 31, 2010  4:02 PM

Data retention value grows with storage needs

Scot Petersen Scot Petersen Profile: Scot Petersen

What’s the goal of data retention? Depends on the data. Sometimes it’s a second or two, so saving it is irrelevant. Other times, as with electronic health records, birth certificate data needs to be kept on file for 20 years or more in most states.

But how about 1,000 years? That’s the goal of Chris Puttick, CIO of Oxford Archaeology Ltd., which provides archaeology services for construction firms in Europe that need to comply with planning regulations. His job depends on strategic planning around data management.

“Archaeological data is extracted in a one-off ’experiment‘ with our teams on-site, excavating before the new road/airport/tunnel is built over or through it,” he told Features Writer Laura Smith. “What is observed, measured and photographed can never be repeated, leaving the resulting data the only surviving record of an archaeological site that had survived thousands of years before the excavation, or like this site, a mere 1,000 years, so our records should aim to be retained for at least as long, or the money and effort spent on the excavation was wasted.”

The corollary here is that what is stored must be found, so data retention strategies and technologies are equally important. And as data — and the corresponding information — consume more and more of our resources, it’s important to make management part of corporate governance.

One solution might be Generally Accepted Recordkeeping Principles, or GARP (save “the world according to” jokes), developed by ARMA International, which include accountability, transparency, integrity, protection, compliance, availability, retention and disposition.

If you want to learn more, log on to our virtual seminar on information governance on Sept. 16.

August 26, 2010  2:55 PM

Hair-raising approaches to data backups

Christina Torode Christina Torode Profile: Christina Torode

We are smack dab in the middle of hurricane season, but SMBs should be keeping an eye on well-intentioned employees in addition to the local forecast.

Like the intern who was hired to perform daily data backups to tape drives and mail them to the SMB’s disaster recovery location — an off-site vault. An IT manager decided to check up on the intern’s work after the intern left — and found that the tape drives had no data on them … zilch.

The architect who told me about this chuckled, partly because an intern was used to perform such an important part of his company’s disaster recovery plan, but also because, well, it was just bad quality control on the part of IT.

I look back on the summer jobs I had while in college and remember an example of bad quality control. I worked for an advertising agency that had me (an English major) making copies of floppy disks — its strategy for daily data backups. Did I know the importance of these mysterious black squares? No. Did I do a few things wrong? Oh yeah.

For example, a guide on how to make duplicate copies of your floppy disks says:

  • Don’t allow them to come into contact with heat, dust, magnetic fields or electrical appliances.
  • Do not keep all of your backup disks together in one place.
  • Do not continually use one disk, as disks do wear out! One high-density disk can store a lot of text-related documents, but it is best to make several copies of your work on separate disks.
  • It is best to use Windows Explorer or My Computer in Windows to copy files to floppy disks rather than application software such as your word processing or spreadsheet programs.

I didn’t know any of this, and neither did the person in charge of me — we used the same disk over and over.

I know that most SMBs have better quality control for data backups in place than these scenarios, and the technology has come a long way: disk-based backup options are dizzying, and there’s new cloud-based backups popping up all the time. Then again, a recent study by Enterprise Strategy Group found that on-site disk and tape are still the backup approaches of choice at most businesses.

Moving into September, SMB backup options is a topic that several experts will tackle on, including how one CIO is sticking with tape drives as his primary backup plan, and why he’s not keen on cloud-based backup options.

August 24, 2010  3:55 PM

Trade promotion management: A missing opportunity?

Scot Petersen Scot Petersen Profile: Scot Petersen

If you read Linda Tucci’s recent story on the efforts of Tasty Baking Co. to find a workable solution for trade promotion management, you may have been struck, as I was, about why TPM can be such a challenge.

After all, most of the biggest retailers in the world practice some sort of trade promotion management, either via vendor or home-grown solutions. Yet there seems to be a lack of effective software tools for optimizing retail partner relationships, as well as few standards to rally around.

TPM is not a new concept either, but even a top analyst covering the field, Gartner’s Dale Hagemeyer, has not found significant movement in the field since his most recent report, “Seven Key Considerations When Choosing a TPM Solution.”

Yet Tasty’s CIO, Chan Kang, is faced with real issues as he seeks to work TPM into his tightening budget. Though the company’s direct store delivery model produces quality data, “What we don’t do enough is measure the effectiveness of those promotions: how much lift, what is the baseline, the incremental profit — in other words, whether it was a good idea,” Kang said.

Kang is evaluating vendors, but even though industry groups like Trade Promotion Management Associates and the Vendor Compliance Federation are working to promote solutions for TPM, Tasty could be still confronted by vendor lock-in and integration issues with whatever solution it integrates.

Some observers are skeptical that TPM standards can be achieved, but this is one area that seems like a no-brainer for the Oracles and SAPs of the world to come together for the common good. Such cooperation could only help to increase the bottom line — for everybody.

August 19, 2010  6:26 PM

ITIL helps set IT service catalog expectations

Christina Torode Christina Torode Profile: Christina Torode

I don’t know about you, but to me, ITIL (or IT Infrastructure Library) is a little overwhelming. I’m only looking at using the ITIL framework as an IT service catalog tool, and I get a little lost.

Under ITIL guidelines, an IT service catalog is a subset of service-level management, which is a subset of service delivery. Service delivery is the topic of only one of eight ITIL books on IT Service Management (ITSM) guidelines, and that’s just in ITIL v2. ITIL v3 has five other books that update some of v2, but also introduce new ITSM strategies. and recently ran a survey asking our readers about their ITIL use. We haven’t pulled together all of the results yet, but here’s a preview: When we asked readers to choose up to three areas in which they would like to see improvements to ITIL, they said:

  • 35.4% — ITIL should provide more information on how ITIL works with other
    process-improvement methodologies, like Six Sigma and Lean.
  • 31.1% — ITIL should offer more prescriptive advice vs. just guidance.
  • 12.9% — ITIL should include more specific advice on transition from v2 to v3.
  • 12.5% — ITIL needs to be clearer on the differences between v2 and v3.
  • 8.1% — ITIL v3 is too complex.

So, it’s clear that people would like more guidance and less complexity, but anecdotally, a few IT shops and service providers I’ve talked to recently said that ITIL does just the opposite: It clears up some complexity.

When an IT service catalog is being put together, ITIL tells the business and IT what terminology to use, they say.

“ITIL gets people speaking the same language,” said Matt French, marketing director with Service-now, an ITSM Software as a Service provider. “It makes it clear what an incident or a request is, and helps an organization with [corporate] terminology [that is different across the company] use the same terminology.”

ITIL also helps IT set the right expectations for service delivery in terms of service levels and what is possible — and not possible — as far as services the business wants to see and what IT can realistically deliver. It does this by setting the scope of an IT service catalog project, including taking inventory of the skill sets IT has on hand (or not) to deliver a service, and helps organizations choose a set of standard services.

Any advice on how to use ITIL to reduce complexity, or how you have been able to simplify ITIL at your shop? I’d like to hear from you. Email me at

August 17, 2010  1:01 PM

Midsized companies migrating to Windows 7 find the payback worthwhile

Ed Scannell Ed Scannell Profile: Ed Scannell

If the sagging economy has forced midsized companies to delay hiring more IT staff, maybe migrating to Windows 7 can move them off that dime.

In a recent report by IDC, an impressive number of midsized companies migrating to Windows 7 say they realized a full return on their investment in just seven months. The migration also helped significantly reduce the time help desks spend dealing with malware downtime and reboots by replacing Windows XP and Windows Vista.

One midsized company says the money saved in migrating to Windows 7 has allowed it to hire some much-needed developers.

“Windows 7 gave us more cash to work with because we could throw it on a couple of hundred older PCs, so we didn’t have to buy new ones. Those savings will let us hire a couple of young developers to work on some internal applications we need pushed out,” said Joe Harmon, an IT purchasing agent with a midsized regional health care provider in western New York state. “I was surprised. Microsoft usually costs me money with some of their licensing plans.”

Costs were down in three important labor categories analyzed in the report: IT labor hours per PC, per year for deployment (down 45%); IT labor hours per PC, per year for service desk support (down 65; and IT labor hours per PC, per year for PC and operating system support (down 55%). In the 14 categories where a set of common end-user activities relating to the operation of Windows 7 was measured, savings resulted in 43 hours of productivity per year, per user.

Like IT professionals at other midmarket companies, Harmon also migrated to Windows 7 because Microsoft’s technical support for Windows XP, which includes regular delivery of security patches, is ending. Harmon said the built-in security in Windows 7 is superior to that of Windows XP, so he won’t be as reliant on security patches.

It’s nice to hear that some financial relief has finally arrived for SMBs, given how the Great Recession has ravaged them.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: