One of my favorite movies is Poltergeist, with its never-ending quotable lines. “What’s happening?” probably is the most famous; but my favorite is when actress Zelda Rubinstein, who plays the spiritualist Tangina, claims, “This house is clean.” Not so, if you follow the movie, the premise of which is, don’t build a new housing development on top of a graveyard.
In many ways this movie reminds me of an IT department (bear with me here). CIOs inherit all the decisions, good and bad, that their predecessors made. As a result, they often are being asked to “clean house” — to simplify, to automate, to gain efficiencies and to cut down on rogue technology.
Looking over this year’s CIO Innovators profiles, you’ll find that CIOs clearly have cleaned house — without the help of spiritual guides. Among them is Steven Johns, the subject of our first CIO Innovator profile in 2011. He rolled up his sleeves when he inherited an “infrastructure overhaul” on joining H.B. Fuller Co. in 2007. His plan of attack was to take back the core functions of IT from a third-party outsourcing giant, update legacy systems and move non-core functions to the cloud. This “turnaround guy” met the needs of users through the adoption of cloud solutions; those in turn reduced rogue technology. He also cleaned up some big messes that had been left behind: systems in place since the 1980s and no standard collaboration system across the global company, to name just two.
But as CIOs begin to build the next foundations in an age of cloud computing, shared IT services and the consumerization of IT, I wonder whether they are potentially adding a weak foundational layer, at least in terms of controlling rogue technology. Are they adding to the problem as they accommodate the age of people-centric computing?
Self-service provisioning, for example, often is talked about as a must-have for shared services to succeed. Self-service provisioning portals also are a tenet of cloud computing. Some CIOs believe that “self-services” — putting the power of technology choice into the hands of users — is the future of any good IT services organization. Left to their own devices, however, will users really make the right decisions?
Will rogue technology, which leads to silos of information — something CIOs are trying to undo in this Information Age — only get worse?
Sure, making it easier for users to get their hands on the technology they need is not only smart but inevitable. On the other hand, what precautions should CIOs be taking to lay a solid self-service foundation?
It’s a question as old as information technology itself: “How do I prove the value of my technology investments to the business?” What makes the question so vexing is that there’s never been an easy answer — or any answer, period. There is no one-size-fits-all solution; and if someone were to come up with one, well, it probably would become obsolete in a matter of months. And then there’s the real kicker: This question has been plaguing CIOs for years, but it’s never been more important to answer it than it is right now, in the slippery era of all things global and mobile.
So, although I wish this paragraph contained some crazy, silver-bullet solution of the big “…until now!” kind, that’s sadly not the case. What I do have is some encouragement from CIOs who believe that proving the value of technology investments can reasonably be accomplished. One CIO is being practical in his approach, the other is scoring points with the business through creative thinking. Neither is trying to reinvent the wheel; they’re just looking at what they have to work with and running with it. And perhaps most importantly, both are being proactive: They didn’t wait for the business to come to them with demands for financial answers.
I’ll delve into more details in an upcoming story for SearchCIO.com about monetizing IT, but one CIO taking the practical approach is Raul Cruz, CIO at AECOM Technology Corp., an engineering and architectural design firm with more than 45,000 employees around the world. Two years ago, he implemented a financial management framework that gets truly detailed in its tracking of costs associated with services, activities and projects. He’s applying that information to a SaaS solution that will make all those figures accessible to his team and, of course, the business.
Then there is Larry Bonfante, CIO of the United States Tennis Association. What he’s done over the last few years might be considered a kind of “creative IT recycling.” This phrase, which I just made up, isn’t meant to cheapen his efforts by any means — in fact, they have made the USTA quite a bit of money. Here’s just one example: The USTA runs the widely attended US Open. The 700,000 or so attendees gotta eat; and when they do, they can visit the food village in the center of the event campus or an outlying kiosk. Choices are nice, but until recently, the outlying kiosks could accept only cash because they were too far away from the central village to connect to the system. Enter IT with a Wi-Fi solution, and those kiosks now can take credit and debit cards — and the USTA can take in an additional $200,000 in revenue. You know the business had to, ahem, love that.
The subject of shared services led to a lively debate about the need for IT chargeback — and, to put it bluntly, the strain and pain it puts on IT and business departments.
To back up a bit: This week and next we’ll be publishing stories on SearchCIO.com that define a shared services model from the IT executive’s point of view. Be forewarned: There are many CIO points of view on this topic. Here’s one definition of shared services: a multi-tenant environment in which IT resources and skills are pooled internally. As one IT executive put it, a shared services model is more about “the service and not the server.” Gone are the days when hardware and applications were dedicated to a given business unit. Instead, they now are pooled to be used as needed for projects and changing business needs.
As resources are pooled, however, whether in a multi-tenant environment or in a traditional centralized-IT model, IT executives are rethinking how they charge for IT services that are shared instead of dedicated. Is IT chargeback based on use really necessary? If it is, how should IT go about it?
The customers of one consultant with a systems integrator are having a pretty hard time trying to answer audit questions when they’re asked what exactly they bought for a particular project, he said. In a shared services environment, where a project investment is tied to usage as opposed to the purchase of a server, the answer isn’t simple. And, he added, the organization might not even have the metering or reporting tools to break out who is using which resources and what to charge them.
David Johns, CIO at Owens Corning, said he doesn’t bother with IT chargeback at all under his shared services model, because it takes IT’s focus off the business and ultimately the end customer, and is a burden on business units. “What value is there to the end customer if you spend an enormous amount of time going through a massive exercise focused on service charges to a business [unit]?” he asked.
In our upcoming stories, we’ll be exploring the issue of IT chargeback, the benefits of the shared services model and whether self-service provisioning portals are a given for shared services success.
Some say self-service absolutely is the ultimate end game of any well-run IT services organization. But where does that leave IT?
Security investments and priorities are a tricky thing to nail down, given that threats are constantly shifting, but one security precaution could be going the way of the dodo bird.
Michael Daly, deputy CISO at Raytheon Co., tells me the buzz at shows and security groups is about getting rid of some security measures — in particular, endpoint security tools, and possibly even staff.
The reasoning, he said, is that security for endpoint devices has become automated enough that endpoints don’t necessarily require some of the tools and people of yore to run effectively.
“An organization may have been staffed up in order to go through patching. Now everyone has patching automated, so I think people are asking, ‘Do we still need this many people, or do we have enough [automated] procedures now to get things done with [fewer] people?’” Daly said. For instance, “Maybe it turns out Microsoft has gotten better with Windows 7. You still need desktop [antivirus], but all these other things — insider threat tools, automated patching tools — are taking care of things, so, what can we give up?”
Then there’s the high interest in desktop virtualization, which essentially removes the data from the endpoint. Some experts, however, argue that virtualization should not be used as a security precaution, but that’s an issue we’ll explore in another story.
What’s in a name? Sure, a rose by any other name would smell as sweet — but what about a CIO? If you referred to him or her as a services broker, what would change? On SearchCIO.com you’ll find my story on the growing trend of businesses of all sizes adopting the IT services broker model. Sometimes referred to by analysts as “hybrid IT,” this model makes IT the services facilitator in order to address the business’ desire to consume IT as a service. The story also explains how, rather than hiding from it, a services model confronts “shadow IT” — the dreaded and growing tendency among business users to take IT into their own hands. Many CIOs and analysts agree this evolution is the way of the future for IT, but one CIO I spoke with, Dan Petlon at Enterasys Networks in Andover, Mass., is rather sour on the moniker.
What is it that makes this title such a thorny issue for Petlon? After all, by his own account, he embraces much of the ideology behind the services broker model. He estimates he spends about a third of his time talking with leaders in the business about what they’re working on and how technology can help them move forward — enough to exorcise the specter of shadow IT. And he’s a self-professed “huge cloud fan,” counting about two dozen cloud-hosted applications in use at his company. So, is the issue just a matter of semantics, then? Yes and no.
“My job is to provide appropriate technologies to meet the needs of the business, whether that’s in the cloud or in-house, but I don’t think of myself as a service broker,” Petlon said. “I’m still a value-added function in the business; I’m not someone who arranges for someone else to provide a service.”
And therein lies much of his concern — CIOs and IT leaders devolving into a strict interpretation of “services broker.” He’s seen it happen to IT leaders who’ve given up on keeping up, Petlon said. They become glorified outsourcers, fighting with vendors and shuffling contracts while their relevance within the company diminishes.
“Increasingly, a lot of IT groups are finding themselves in that role, managing contracts, executing [service-level agreements] — and other than that, they’re not improving the business process,” he said. “It’s kind of like admitting defeat, saying ‘we’ll take that contract management vendor relationship role instead of being an active part of the business and trying to help the business compete on a higher plane. I think it’s the wrong path.”
If the title “CIO” becomes synonymous with “services broker,” will your role smell as sweet? Certainly there are benefits to the services broker model. But you should be aware of whether you define the label or it defines you.
With technology boosters like these, who needs Scrooge? That’s what many IT folks must be thinking when they take a gander at the sponsors of a bill before the U.S. Senate to limit overtime pay for computer workers. You can read about the details of the bill in a piece I wrote for SearchCIO-Midmarket.com this week. Suffice it to say, the Computer Professionals Update Act basically states that employers are no longer legally obliged to pay overtime to anybody in the computer field making $26.73 an hour or more.
The bill, (which goes by the cutesy acronym CPU), was introduced in October by Sen. Kay Hagan (D-N.C.), whose district includes the Research Triangle hotbed of high-tech companies. Sen. Michael Bennet, a Democrat whose Colorado district is home to clean energy, aerospace and medical device companies, is a co-sponsor, as are three Republicans: Sen. Michael Enzi of Wyoming, Sen. John Isakson of Georgia, and most recently, Sen. Scott Brown of Massachusetts, where high-tech is a mainstay of the state economy.
A litany of letters opposing the bill decry it as yet one more example of politicians putting corporate interests ahead of individual workers. Most are from people whose livelihoods will be directly affected.
But management, too, is shaking its head. CIOs I reached in my home state of Massachusetts who were willing to venture an opinion wondered about the intent of the bill — and possibly its unconsidered ramifications. John Lauderbach, CIO at Roche Bros. Supermarkets Inc., said he could see how curtailing overtime pay might even raise base pay, as a means of maintaining compensation levels for employed staff who earn a portion of their income from overtime.
Ed Bell, interim CIO for the commonwealth of Massachusetts’ Senate and House of Representatives, said he was disturbed by the “cookie cutter” approach the bill takes to compensation in an industry where the work and skills to do the jobs are anything but cut-and-dried.
“I’m under the belief that there are a lot of factors that need to be taken into account when defining whether a position is exempt or nonexempt: factors such as whether the work is in Wyoming or New York City; whether the position requires 35 or 70 hours per week; whether the position requires an MS from MIT (but [the applicant is] new to the market) or a high school diploma; or whether the position supports applications via an on-call schedule for endless hours per week or it’s just confined to the 9-5 time frame,” Bell said in an email.
Just as surely as you’ll hear that Mariah Carey Christmas song 900 more times between now and Sunday, you’re sure to keep running into 2012 prognostications on your daily travels around our family of sites between now and mid-January. Because it’s such a cheery time of year, I like to think of these as little gifts to our readers. I hope you don’t mind if I add one to the pile.
What I have to offer is not so much a guess at a trend as a sure thing. How do I know this? Because it’s already happening. I’ve been talking to analysts and CIOs about the idea of the IT organization as a services broker. IT as a services broker is a trend my colleagues have written about previously, and it doesn’t appear to be going anywhere but forward. From small and medium-sized businesses to large enterprises, IT organizations more and more are responding to the one-two punch of the consumerization of IT and an unstable economy by getting lean and decidedly less “mean.”
To keep up with the demand for flexibility from the business and to keep costs in check, IT leaders are positioning their organizations and themselves as facilitators of technology services rather than as the managers and mainframe-minders of yore. To remain relevant and keep tech missteps by the business at bay, IT is retaking the cloud reins from customers and stepping in to take over a myriad of cloud vendor relationships.
It’s not an overnight change. It requires a lot of planning, of course, and a lot of talking with the business to get to know customers’ needs and soften the Grinch-like reputation of the “Department of No.” The biggest benefits (sure to make eyes light up and hearts grow three sizes in the C-suite) are the financial ones. Done right, Chief Technology Officer Abdullah Haydar said, the financial benefits are huge. Think no more periodic hardware refreshes, leaner staff, less downtime for maintenance. In fact, a focus on finance is really the key here, he said.
The most important thing to do when setting down this services path, Haydar said, is to evaluate the ROI and present a business case. And for goodness sake, don’t rush it.
“Any CIO can tell you a huge number of projects fail because people rush in,” Haydar said. “If you migrate haphazardly, you risk having colossal failures, you risk having your systems fail. You have to have proper planning and proper management … there is nothing about this [strategy] that says the same lessons don’t apply. You need proper planning and a business case. You have to prove it’s worthwhile and have a plan of execution.”
I hope you’ll check out the full story after the holidays and share your thoughts on the whole concept of IT as a services broker. And when you do, feel free to “regift” it on the social media platform of your choice — I won’t be offended at all!
I check in with headhunters this time of year to get the lowdown on hiring — and more important, on what companies are looking for in their CIOs. What’s considered executive material these days? This year, I asked that question literally because — call me superficial — I’ve noticed lately that CIOs are — how do I say this? — a lot hotter than when I first starting covering IT seven years ago.
I’m not talking about CIOs moving away from being the bespectacled IT guy in white socks, short sleeves and pocket protector. That stereotype was stale even when I started writing about IT. CIOs are dressing for success: sharp suits on both sexes, high heels for the women; an iPad nearby.
What I heard back from headhunter Shawn Banerji helped explain what’s going on. And it involves more than a well-cut suit and the latest gadget. Banerji, who’s at New York recruiting firm Russell Reynolds, described for me a new breed of CIO executives: Ramon Baez, for example, who was recruited to head IT at Kimberly-Clark. The maker of Kleenex was in the midst of a huge transformation, and its expectations of IT were huge too. Once Baez agreed to take the job, he hired a personal trainer, dropped 20-something pounds and got himself into fighting trim.
“He told me that if he hadn’t gotten himself in shape, physically and mentally, he would have broken down; and irrespective of how capable an IT leader he was, he could not have been effective in the role,” Banerji said.
That’s the executive material required for the CIO job, Banerji said. “You’ve got to have a really strong constitution, mentally and physically. I liken it to professional athletes.”
And athletes not only good for the short sprints, he added. The journey of business transformation that many companies are on is so accretive that they can’t afford to lose their best executives. Corporations, need to create “a culture of performance for their top executives that is sustainable,” Banerji said. That’s hard.
“People say, ‘It’s a marathon not a sprint,’ but do you see how fast those people run in a marathon? Companies cannot afford to have CIOs working for a year or two and then getting burnt out completely,” he said.
CIO executive needs passion — and not just for enterprise architecture
According to Banerji, part of the new CIO persona comes from the fact that CIOs these days often have some major passion outside of work, and they really work at it. “These are people who are able to carve out specific blocks of time to do things that are meaningful to them outside the context of work,” he said.
One of the high-powered CIOs he knows races cars. Another races motorcycles. I wondered if he has come across any CIOs who write poetry or raise orchids. He hadn’t, but doesn’t doubt they’re out there. “The reality is, it’s not what you do but that you do something and that you carve out the time to do these things,” he said. Apparently the ability to turn off work and take a breather is an absolute must if one wishes to sustain the level of performance a company expects.
Some of these CIOs are flying a million miles a year. They’re responsible for operations around the globe. And forget about those long, alcohol-fueled dinners with your favorite vendor rep. “What happens if something goes down in Asia and they want you on the phone? Are you going to tell the CEO or CFO or the board of directors, ‘Sorry, I was half a bottle of Pinot Noir in.’? Doesn’t work that way,” Banerji said.
The new CIOs: more Marine than Mad Men and Mad Women! More polymath than Poindexter!
What do a Gartner analyst, a Forrester analyst, the CIO of a group of community colleges, and mobile device management (MDM) vendors have in common? (No, this isn’t the setup for a bad joke.) Answer: All four point to the use of application portals to solve a myriad of problems related to the proliferation of mobile devices in the enterprise.
To retain control of the applications being used on mobile devices, CIOs are building portals for internal enterprise applications. These portals contain a list of tested and approved applications that can be used on many devices — and here’s the punch line — with the blessing of IT.
Christian Kane, a Forrester Research Inc. analyst brought this topic up while we were talking about mobile device management. It seems that many MDM vendors and enterprise-portal players have noticed the need for an internal app store, and have developed customizable templates that an organization can use to populate a store with apps and set policies for their use.
Jack Santos, an analyst at Gartner Inc., predicted that enterprises would start to build their own application portals — akin to those you find in Apple’s App Store — in his talk about the changing role of IT during the Gartner Catalyst Conference in San Diego in 2011.
Dustin Fennell, CIO at Scottsdale Community College in Arizona, decided to use desktop virtualization to give 13,000 students and 1,000 employees any-device, anytime access to data and applications. A big part of his strategy hinged on the building of an application portal. IT populated the portal with preapproved applications, but students and faculty can request the addition of new ones. These apps in turn are tested by the requestor before they are put into the application portal for general college community use.
Some might call this an evolution of the corporate intranet, but I think it’s more than that: It’s another way that IT is fulfilling the needs — particularly the mobile desires — of employees in a corporate culture driven by consumerization — while subtly making sure that security and other policies remain intact.
The global economy is in danger of collapsing under a mountain of debt — and guess what? So is the software that runs your company, according to a study this week from CAST, a software analysis and measurement company. The report shows that enterprise software is loaded with technical debt. That’s the term for the cost of fixing all the quality defects that remain in an application’s code after it’s released. Make that all the deliberate shortcuts and shoddy work. Technical debt is calculated only on violations that the organization intends to remediate.
Based on an analysis of 745 applications submitted by 160 organizations in 10 industry segments and representing 365 million lines of code, CAST calculates it costs businesses millions of dollars to fix technical debt — and companies are not budgeting for it.
“The findings revealed an average technical debt of $3.61 per line of code,” said Bill Curtis, CAST’s chief scientist and senior vice president of CAST Research Labs.
That debt adds up: Nearly 15% of the applications examined by CAST had more than a million lines of code. Just like the kind of debt that weighs on many of us 99%-ers, technical debt incurs interest as the violations go unfixed, so it just gets bigger and bigger over time. Research house Gartner predicts global technical debt will reach $1 trillion by 2015.
Notable findings in the CAST report:
- Java apps, accounting for about 45% of the study sample, scored lower on performance and carried more technical debt than apps using other languages — $5 per line of code compared with the average $3.61.
- COBOL apps (yes, these monsters are still around) scored highest in security. They deteriorate in quality as they get bigger, however, unlike their less secure but more modular, newer relatives, Java EE and .NET. (.NET apps scored lowest on security.)
- Structural defects were equally prevalent in outsourced apps and those developed in-house. This finding might be skewed, however, by the fact that most outsourced apps were developed in-house originally before being farmed out for maintenance, Curtis said.
“Even though we have known for two decades that things like cross-site scripting, SQL injection and buffer overflows are huge opportunities for hackers to break in, we still see those things in the code; and that is a huge problem,” Curtis said. “The problem is that you don’t always know which violation in the code is the one that is going to cause the outage or offer a hacker the way in.”
But you do know it’s going to cost millions to fix when it happens.
This leaves CIOs between a rock and a hard place when it comes to managing the risk of technical debt. You can’t fix everything — and you don’t want to, Curtis said. What CIOs need to identify are the most severe violations that carry the highest cost for the maintenance of the system or have the highest risk to the business — “for an outage or data corruption or a security breach or performance problem” — and then go fix those.