A long-term care provider turned to cloud computing to shore up security and boost application performance. Here’s the rundown:
The IT situation at Creative Solutions in Healthcare was pretty dire two and a half years ago. When CIO Shawn Wiora came on board he found alarming security issues. The company’s out-of-date Windows Server 2003 machines were out of synch with current security protocols. Patch management as a formal program was practically nonexistent. There was very little documentation of Health Insurance Portability and Accountability Act (HIPAA) compliance. “From a security perspective, it was a ticking time bomb,” Wiora recalled. IT performance was also an issue with slow electronic health record (EHR) system response times.
Wiora noted a disconnect between the state of IT and Creative Solutions’ passion for patient care. The company, based in Fort Worth, Texas, runs more than 49 skilled nursing and 13 assisted living facilities. The CIO determined cloud computing would let the IT side catch up with the rest of the company. The company selected VMware’s vCloud Air, an infrastructure as a service offering, as its core cloud computing technology. VMware, Wiora said, was open to accommodating Creative Solutions’ security vision: A customized version of the Health Information Trust Alliance framework, which incorporates HIPAA, NIST and PCI among other security controls.
Incorporating the key frameworks into its cloud from the start put Creative Solutions on the proper security track. In addition, the cloud deployment improved the performance of applications such as EHR. Instead of a two-second lag, the company recorded round-trip latency in the 40-to-80 millisecond range. That’s an important plus for care delivery, considering caregivers at an individual facility use kiosk computers to record thousands of patient interactions daily. The company has also addressed internet outages, using Cradlepoint technology that fails over to 4G LTE in the event of disruption. “The company is now a phoenix out of the ashes in terms of IT,” Wiora said.
How to attract and retain talent for a digital future? That was the question posed by session moderator George Westerman, principal research scientist at MIT Initiative on the Digital Economy, at the recent MIT Sloan CIO Symposium in Cambridge, Mass. Wrapping up a discussion among three business executives and a prominent academic that ranged from using data to find the right talent to dealing with robots in the workplace, Westerman asked, “What one piece of advice would you give to a CIO how to build the right skills for the future in their unit and the organization?”
Karen Kocher: “I would have it be for the CIOs to be advocates of data-based talent decisions.”
Chief learning officer for healthcare insurance company Cigna, Kocher relies on data and various software tools to “identify the tendencies, the characteristics, the competencies of an individual.” Cigna does this to determine what differentiates a high performer from his or her peers. The company uses the same method to create a “role profile” that can be used as a reference point when helping others to develop their own skills. CIOs are key to implementing such tools and systems, she said, “because you are the ones most people look at as the sources of valuable data and information.”
Steve Phillips: “Hire the best and trust the people.”
Phillips is CIO of electronics distributor Avnet Inc. His strategy of developing skills for a digital future starts with finding the right people — often by building relationships with students and professors at universities. He also emphasizes the importance of building teams of people with the “right diversity” of say, thoughts or skills. Not only does that make for a powerful team, but it helps leaders with their own personal growth, Phillips said. “It also should drive for excellence and rigor as well.”
Gerald Chertavian: “Think differently about talent, where it resides and how you access it.”
Chertavian is CEO and founder of nonprofit Year Up, which helps low-income young people build their technical and business skills and get jobs. He stressed that if organizations look for talent in just the usual places — namely, four-year colleges and universities — “you’re really starting to narrow the pond in which you are fishing.” The 18-to-24-year-olds Year Up works with are highly motivated, Chertavian said, and stay in jobs two-to-four times longer than the average Millennial, who sticks around for 18 months.
Tom Davenport: “Plan for augmentation, not automation. Think of smart people working together with smart machines.”
The analytics and knowledge management scholar cheated, using two sentences instead of the one Westerman required — but both drive home the same idea. The digital future will be people working alongside robots. Robots are smart. They learn fast. And they “keep taking over things that we normally did,” Davenport said. So they aren’t overshadowed, the people CIOs hire need to be good at what they do — at some technical skill, such as programming — but they also need to exhibit “human” characteristics and skills such as initiative, interpersonal skills and teamwork.
Having a tough time defining an IT security strategy able to take on big data and the Internet of Things? The panelists on the “Big Data 2.0: Next-Gen Privacy, Security and Analytics” session at last month’s MIT Sloan CIO Symposium feel your pain. One big conundrum for IT security practitioners, the panel agreed, is how enterprises should handle security and data governance amid the coming onslaught of regulations aimed at IoT and big data.
Moderator Alex “Sandy” Pentland, the Toshiba Professor of Media Arts and Sciences at MIT, said companies can’t afford to wait for regulations to come up with a governance strategy; IT security leaders need to figure out where the vulnerabilities are vis-à-vis new technologies — or put themselves at risk.
Rob Thomas, vice president of product development at IBM Analytics, said he likes to think about building data governance strategies like building castles. “When castles were constructed in the 1100s, they [were built as] a place to wage an offensive, to go on offense,” he said. He added that this is exactly how enterprises should approach their data strategies. “If the organization is waiting to hear what the regulations are, and then you respond with a data strategy, you have no chance of being ahead of the market.”
According to Thomas, going on the offense requires knowing what your data assets are, the flow and lifecycle of that data, and who has access to it and why.
Legal repercussions put damper on playing offense security
However, the task of building a data governance model that can tackle these demands in light of emerging applications such as IoT is easier said than done, said Anthony Christie, CMO of Level 3 Communications, an internet service provider and telecommunications company. If companies get it wrong, the consequences can be costly — and dire. He pointed to his own industry as an example.
“Carriers and internet service providers today … have the ability, in many respects, to proactively play this offense and to stop the number of threats — but the laws around culpability, if you get it wrong, are so grave that right now some of the more conservative providers don’t even want to deal with it,” he said.
So, is there a way to get out ahead of lagging government regulations? Pentland brought up the idea of test beds, or specific towns or cities in which companies can experiment operating under new rules, to gauge what consumers and citizens think is working.
Christie also believes test beds are a great opportunity for companies to explore and look for partners to develop their security and data governance strategies. He said these types of relationships have proven beneficial to Level 3, but companies may have to look beyond the obvious partners.
“In [Level 3’s] case, we actually had better success not with other service providers … but with equipment providers, who want to develop their equipment better,” he said.
Cloud Expo 2016 had an ambitious billing: “The World of Cloud Computing All in One Place!”
Held in a subterranean sector of the Jacob K. Javits Convention Center in New York in June, the convention indeed spanned a lot of topics, with educational sessions falling into 10 topical areas. “Enterprise cloud adoption” was one; containers and microservices another; wearables and the internet of things a third. Vendors led many of the sessions, but, for the most part, kept them neutralish.
One, dubbed a “power panel” of cloud vendor reps, discussed how to convince latecomer C-level executives to embrace the cloud. Randy De Meno said keep it simple.
“We have more devices creating more data,” said De Meno, chief technologist at Commvault, a data management software vendor with a cloud infrastructure line. Many execs already have one of those devices, an iPhone. “If you use iCloud, congratulations. You’re in the cloud. So a lot of C-level understand that.”
On the expo floor, where vendors are expected to talk up their wares and hand out swag like pens and stress balls, one vendor gave the crowd of coders, application developers, IT managers and consultants at the conference something a little different. Stratoscale, which sells software-defined networking, invited people to line up and play a video game. The prize was a remote-control toy helicopter.
Patricia Palacio, a disaster recovery architect at IT services provider Cognizant, was on the lookout at Cloud Expo for new technologies that might help convince more customers to do DR in the cloud. She said she’s not good at video games, but she got in line anyway, played and won the toy.
“It’s for my son,” she said. He’s 14 and, unlike his mom, a gaming fan. “I think he’ll like it.”
IT vendors weren’t the only ones with stuff to sell at Cloud Expo 2016. The New York Times was there with a special offer for conference goers: 75% off home delivery of the print edition of the newspaper and 50% off digital. After signing up, new subscribers got a set of Times-branded Google Cardboard virtual-reality glasses.
Food and drinks are an integral part of any tech conference. At Cloud Expo — which, curiously, had no water on offer between sessions — there were the usual pasta bars, roast-meat stations and tables stocked with bottled beer and wine. There were also a few curiosities. One was the cappuccino machine at the IBM booth. My colleague, SearchCloudApplications reporter Joel Shore, asked, “When you think of IBM, what do you think of?” He promptly got in line for a frothy café.
Another surprise was a hot dog cart wheeled onto the expo floor. But then, perhaps it wasn’t a surprise to many there. It was New York, after all.
What are the qualities of a CIO? Gone are the days when the CIO role called for being responsible for mostly IT systems. Top-performing CIOs in the digital era are innovation-focused, devote more time to external customers, interact with their executive committees, and have their systems available for both internal and external use, according to a recent MIT CISR report.
“Five years ago, CIOs were generally perceived as being operation-oriented … but in the last couple of years the perception has become much more strategic,” Craig Stephenson, managing director of North America CIO practice at Korn Ferry, said.
Stephenson was speaking at a panel discussion on “The Perfect CIO: Empowering Business Partners and Serving Customers,” at the recent MIT CIO Symposium in Cambridge, Mass.
One indication of the shift to a more strategic business role is the rise in the number of CIOs reporting to the company’s top business executive. CIOs are now reporting to CEOs 56% of the time at Fortune 500 companies, a 12% increase over the past five years, Stephenson said.
Indeed, Stephenson said that most CIOs not only work more closely with their CEOs, but also are well positioned to become future CEOs because of their strategic involvement across the enterprise, from marketing to product development to partner relationships.
One thing that hasn’t changed in recent years: the longstanding reluctance of many CIOs to report to CFOs. Stephenson said that it takes a lot of work these days to convince a prospective CIO to report to the CFO. CIOs much prefer reporting to CEOs, a relationship that gives them access to the board and allows them to operate as a peer to others in the C-suite, he said.
Qualities of a CIO
So, what is the “perfect CIO” in Stephenson’s view?
“CEOs are looking for components of a CIO’s portfolio … that lead to exponential growth,” he said. “It might be around how you deal with change, it might be how you enable others, it might be how you bring people together.”
Here are some of the other qualities of a CIO outlined by Stephenson:
- A perfect CIO, as discussed above, should be able to combine both operational and strategic activities. According to a MIT CISR survey, 50% of CIOs — in addition to overseeing IT operations — are primarily responsible for innovation and managing digital threats. CIOs should have experience reporting to the board on a quarterly basis.
- A perfect CIO is able to attract and retain top-notch talent.
“The key risk for the CIO every single day is people,” Stephenson said. “There is a tremendous drain on talent in the marketplace.” CIOs should make sure their team members stay focused and are engaged. Stephenson recommended CIOs spend 10% -15% of their time on ensuring that their teams are being mentored and monitored appropriately.
- Perfect CIOs should understand their company’s business priorities and objectives to ensure that they can leverage technology plans and strategies to achieve those goals.
- A perfect CIO should be dynamic, charismatic, agile and willing to step outside his/her comfort zone.
- A perfect CIO should be able to communicate effectively. That means CIOs need to be comfortable interacting with their companies’ business partners and stakeholders — both within and outside the company — and with a high level of confidence.
“I think the CIOs that can actually facilitate consensus, common purpose and mission, are the ones that are actually really set to achieve great things,” Stephenson said.
Microsoft has been working closely with its large enterprise customers to help them map out blockchain strategies. But, as you might expect, the company is not ignoring blockchain in the consumer space.
As an example of how Microsoft is interested in watching blockchain tech for consumers, Yorke Rhodes, global business strategist at Microsoft, pointed to a company called Slock.it, which sells technology to control physical objects, such as locks, linked to smart contracts that run on the Ethereum blockchain.
“The idea is that you can use blockchain to provide secure ways to share stuff that doesn’t necessarily involve an Uber or an Airbnb or a sharing economy company,” Rhodes said. “Slockit also has a consumer IoT hub. … It’s basically a little computer that sits on the blockchain that’s also an IoT hub to connect other IoT devices in homes.” According to the Slock.it website, the technology gives “connected objects an identity, the ability to receive payments and the ability to enter complex agreements.”
As another example of a consumer-focused and IoT-enabled blockchain use case, Rhodes pointed to the idea of charging electric vehicles at places other than today’s dedicated charging stations. One of the gating factors in the sale of electric vehicles relates to the infrastructure around charging the vehicles: Long trips away from an owner’s home base are highly dependent on the location of existing charging stations.
Rhodes explained: “There’s electricity everywhere. The question is, How do you charge for it? If you can figure out a way so you can securely identify a consumer that’s going to charge from a distributed electrical outlet that might be on the side of someone’s building or someone’s house or garage or gas station or whatever and be able to distribute the fees associated with that appropriately, and do it securely and make it all seamless to the consumer, you’ve started to create a much more significant charging infrastructure for electric vehicles.”
Rhodes suggested that Microsoft may choose to embed blockchain tech into the operating system. “We could say, ‘Hey, we have a great operating system adopted by tens and tens of millions of people. What if there is technology that we could build into the operating system and/or in the browser that would help Joe Consumer be on the blockchain by default?’ He cautioned, however, that he doesn’t know whether that will come to pass.
Karen Kocher keeps an eye on Millennials. And at her employer, healthcare insurance company Cigna, there are a lot of them, comprising 50% of the population. Because many in this youngest generation of the workforce don’t currently make enough money to afford things like a home, a car, a nice vacation or two a year, the chief learning officer said, they’ll look to other sources of income.
The universe of freelance jobs dubbed the gig economy is allowing many to make extra cash and often pursue their passions: a marketing associate, for example, teaching writing on Tutor.com — or a graphic designer selling pottery on artisan forum Etsy.
According to a February study by the Society for Human Resource Management, 25% of people from the Millennial generation supplemented their income with a freelance job; only 6% of baby boomers did.
And for other companies with lots of Millennials, that could be a problem.
“How long will they be part of the workforce if they ultimately want to pursue this passion that currently is more of a side job but ultimately may be their full-time job?” Kocher said the recent MIT Sloan CIO Symposium in Cambridge, Mass. She spoke on a panel discussing skills needed for the digital age.
But is it finances or something else driving Millennials — now the largest living generation, according to Pew Research Center — to abandon their employers for the gig economy? Moderator George Westerman, a research scientist at the MIT Initiative on the Digital Economy, asked panelists whether they thought there was any truth to some of the stereotypical labels. (Westerman didn’t provide them, but for context, opportunistic, lazy and entitled are a few.)
Steve Phillips, CIO at business technology distributor Avnet Inc., said there might be a few cases in which the stereotypes — “they’re a little picky and choosy, et cetera” — are merited. But for the most part, the interns and recent grads he’s talked to are “just as hard-working as any generation.”
Phoenix-based Avnet seeks out potential young hires through partnerships with nearby Arizona State University and other schools.
Gerald Chertavian said his Boston nonprofit, Year Up, sees a different type of young people: “Millennial-age students without Millennial attitudes.”
Year Up trains low-income youths and helps find them internships and jobs.
“They know what poverty looks like and feels like,” Chertavian said. And when they do land jobs, they’re grateful. “Our folks have been through challenges — and the fact is, they’re hungrier, harder and grittier, and employers want that today.”
But perhaps some of the attributes assigned to more-privileged people from the Millennial generation aren’t so bad, Chertavian said. Working with them could be “a chance for us to be learning as opposed to saying, ‘You should be adapting to the way in which we grew up.'”
Kocher said the anti-Millennial rhetoric is just the latest version of age-old “these kids today” rants.
“I remember being younger, my grandmother would say to my mother the exact same thing that everybody is now saying about Millennials,” she said. “I think it may just be the youngest generation in the workforce, whoever that may be, gets tagged with a lot of these attributes that are just so different from what we’re accustomed to.”
Tom Davenport doesn’t make a ringing endorsement for robots in the workplace.
The renowned analytics and knowledge management scholar used a trio of unflattering adjectives to describe the machines: snobbish, egotistical, hegemonic.
But you’d better get used to them, because you soon may be sharing a cube with one.
“Increasingly, I think we need to think about computers as co-workers if we’re going to be successful in our careers,” Davenport said at the recent 2016 MIT Sloan CIO Symposium. He spoke on a panel about the skills people need to thrive in a digital future.
Working with robots won’t be easy for everyone. Robots are smart, Davenport said, and they get smarter faster than you do. They’ll snub you if you don’t know your work cold, because “they only want to work with experts.”
And they insist that you work with them if you want to do your own work well. So people should be keenly aware of what they’re good at and not good at – as you would around co-workers, Davenport said. If the robot is falling short, step in and do the job right. Or if you are, say, a hedge fund manager, you might want to be the boss.
“All the trades in the hedge funds are typically done by a computer, but somebody’s looking at the entire portfolio,” Davenport said. He followed with a quip: “I think that’s worked out fairly well for hedge fund managers.”
They also keep doing things only human beings did before. They’re already doing business process outsourcing work and are now going after jobs held by doctors, lawyers and journalists.
Working with robots: A primer
But Davenport isn’t one of the pessimists who think robots will snatch 50% of jobs from American hands anytime soon. No one knows exactly how many jobs will be lost to machines, he said; his guess is 10% to 20% over the next 10 to 20 years. One of their more appealing attributes is they’re slow to take over.
“There were in 1980, 500,000 bank tellers in the United States,” Davenport said. “In 2016 there are roughly 500,000 bank tellers in the United States — despite ATMs and online banking and so on.”
So to stay relevant while working with robots, human beings will have to understand the business and communicate effectively — “with carbon-based lifeforms as opposed to silicon-based lifeforms.” They should have some grasp of technical topics, too, such as programming.
“Some quantitative, some computational and some business and communication,” Davenport said, “I think that’s still going to be a very important combination of skills over the foreseeable future.” No doubt, in workplaces with or without robots.
With the explosion of the Internet of Things, it’s time to rethink the CISO role — including who that role reports to. This was the consensus of a panel of security leaders at this month’s MIT Sloan CIO Symposium in Cambridge, Mass. The traditional reporting structure that puts security and risk officers under the IT organization doesn’t work in the age of Internet-connected things, they said.
The massive growth in the number of connected devices will create new and exciting opportunities for businesses, but it will also create more attack surfaces, the panel said. IoT equals more cyber-risks, better hackers and a flourishing black market for the stolen data from those devices. Indeed, IoT’s impact on security spending could be huge: from $6.89 billion in 2015 to $28.90 billion by 2020, according to an estimate by research firm Markets and Markets.
The IoT challenge for security leaders is two-fold: They need to convince their companies that security should be built into Internet-enabled products and services from the get-go; they also need to show the business and board members that security is an enabler, not an obstacle, to business processes.
That’s a big hurdle to clear, said Mark Morrison, senior vice president and CISO for State Street Corp. in Boston. In his experience, employees, including business leaders, don’t really get how security fits into business operations.
“We’re constantly balancing operations with security,” he said. “It’s a much larger challenge, because everything that people do with a computer, they expect to work miraculously.”
This lack of understanding goes both ways: IT leaders have often been guilty of pushing out tools for the business without completely understanding the business risks and requirements, said Sam Phillips, CISO for Samsung Business Services.
Reporting structure a barrier to cybersecurity
The first step in turning the tide of how the security function is viewed by the business is having the CISO role operate independently from the IT organization, Morrison and Phillips said.
Morrison’s State Street job is his fifth stint as a chief security officer, and he has always reported to the CIO.
But at State Street, Morrison also reports directly to the board. “I’m the only standing agenda item,” he said of board meetings, which meets nine times a year. Every time, he fields the same questions about cyber-risks: How serious are they? Does he have enough resources to do his job? All this while his boss, the CIO, sits by his side.
“What happens is this natural tension between operations and cybersecurity, and there’s only so much money. There’s only so much time and prioritization that can be allocated,” he said. The reporting structure makes it “hard to give a very honest answer.”
Phillips agreed that the current reporting structure has become a roadblock. In his previous CISO job, he started out reporting to the CIO, and found it difficult to keep security moving forward. One big issue was resources.
“I wanted money to drive security programs,” Philips said, but when security was “hidden off in someone else’s organization,” his programs often got short shrift. Eventually, he ended up reporting to the chief legal officer. This separation from IT allowed him to maintain his programs’ momentum.
“I think a lot of companies are going to see [CISOs and] chief risk officers reporting directly to the COO or CEO,” Morrison said. Phillips agreed, adding that he’s seen several other companies where these functions report directly to the audit committee or the board of directors.
Before CIOs sign up their companies for a gig in the sharing economy, there are a few things to know. Chris Taylor, general manager, Uber Boston, bears both good and bad news for organizations looking to build a platform on which an ecosystem of value creators and consumers can converge. Taylor, speaking during a recent panel discussion on platforms at the 2016 MIT Sloan CIO Symposium, detailed the pros and cons of these business models.