Although security and compliance are the risks IT professionals point to first when they’re asked why they have bypassed cloud computing, bigger issues loom. Vendor lock-in and interoperability are what you really should be worrying about, according to cloud users and cloud providers at a cloud computing summit in Burlington, Mass., yesterday that was put on by the Mass Technology Leadership Council.
“This is a big issue in cloud. I would caution everybody in this room, as a potential Internet service provider or as a consumer, not to get caught in this trap, because what is going on here is that everybody is creating their own standard for what the cloud stack looks like,” said Michael Skok, general partner at North Bridge Venture Partners in San Mateo, Calif., referring to findings from interviews with some 400 high-level IT professionals and IT vendors. His prediction?
“I think you will see efforts like the OpenStack initiative become more popular, or you’ll see de facto standards coming from players like Amazon. But you’ve got to watch for this, because it is not going to be easy to navigate as we work towards these standards that are emerging.”
Now, it just so happens that North Bridge Venture Partners is an investor in two successful young cloud-based computing companies that have bent over backwards to make the issue of vendor lock-in and interoperability moot. One is Acquia, the commercial open source software vendor for the Drupal open source Web development platform. Drupal is used by some of the biggest and busiest websites in the world, among them the White House and the Al-Jazeera network. Acquia’s cloud infrastructure and services help these users manage, monitor and scale their Drupal platforms. The other company, Demandware, is an e-commerce software technology company whose customers include Lands’ End, New Balance and Barney’s. Demandware provides a Software-as-a-Service/Platform-as-a-Service offering that lets retailers control “everything about their Web and mobile presence,” CEO Tom Eberling said.
To address fears over vendor lock-in, Acquia, for example, offers something its coined “open SaaS,” said Chris Brookins, vice president of engineering and product management. “It’s not just about being able to get access to your data — which there has been a lot of talk about, with Facebook and Google — but it is also about the freedom and ability to leave our SaaS at anytime. You can take not only your code that powers the site, but the database; all your files; and effectively, if you feel too constrained by the SaaS, you can leave and host it yourself, hopefully on our PaaS,” he said.
A risk? Sure, Brookins said, when I caught up with him after the panel. But one that has paid off handsomely: “What we have found it that by eliminating that barrier to adoption — that fear that I might be locked in forever — we’ve had significant growth.” The company hosts 60,000 sites and enjoys 100% year-over-year growth. It also apparently offers a product that’s hard to refuse: Metrics show that even when customers leave, they are back in about a month.
“Our value proposition is: how do we effectively run their sites, scale their sites and add features at a pace that they couldn’t possibly do themselves for them –and, in way that they have the upside value but they don’t have any of the fear,” Brookins said.
What their answers came down to was that employee and customer expectations are changing and that in turn, the business has to change. Customers have come to expect Web-based services, and they want them now. That means that IT has to swap out older systems and business processes quickly. Employees don’t want to wait four years — or even four months — for new features and fixes to be rolled out. It’s about giving the business a competitive advantage through faster IT deployments.
If that isn’t enough to convince you, Alex Adamopoulos, CEO at New York-based Agile consultancy Emergn, whose clients include British Airways, British Telecom and Standard Life, has five more reasons for adopting Agile practices:
- To stop project paralysis: Agile translates into faster feedback and faster delivery. That means that IT delivers projects that keep up with the pace of the market and customer expectations.
- To accommodate change: Plan for change with Agile, instead of protecting the process and focusing on mitigating the risk of inevitable change.
- To make room for innovation: Agile allows for employee creativity and better idea management, which is often stymied by heavier processes.
- To improve the work environment: Agile enables companies to invest in their people and to “up-skill” them. As a result, Agile leads to happier, more productive employees who in turn feel more passion and ownership towards their work.
- To give the businesses transparency and control: Agile lets businesses identify where the greatest value exists in the organization’s portfolio of projects. Thus, Agile improves overall quality in delivering any type of project in the organization (IT or business related).
Let us know what you think about this blog post; email Christina Torode, News Director
I’m used to working from anyplace and (sigh) anytime. Getting to work usually involves guzzling coffee rather than driving my gas-guzzler to the office. But I am employed by a publishing company that was born in the digital age and produces content for online consumption. When a business the size and maturity of Kraft Foods ($49 billion in revenue, 108 years old, operations in 75 countries) decides that it’s in the company’s best interest to untether its employees with mobile devices and virtual communities, how we work in the digital age is no longer about some future state of knowledge workers. It’s mainstream.
If you have any doubts, this maker of real things (Oreos, Oscar Meyer hot dogs, Trident and Tang) is trying to turn this digital state of working into a commodity with its own internal brand name and slogan — as you’ll read about in my story next week on SearchCIO.com. Roberta Cadieux, director for information systems service delivery at Kraft, recounts the IT department’s efforts to harness the mobile gadgets and ubiquitous networks that employees increasingly take for granted into a coherent IT-business strategy — and the difficulty of selling the strategy (as opposed to the gadgets) to employees.
The transformation of how work gets done at Kraft extends to its physical offices, where “open innovative spaces” are replacing traditional cubicles and offices. The rank and file no longer are assigned desks. Employees can work from wherever when they are in the office. Wall-huggers — people who have worked at Kraft for years and feel they’ve earned the right to a corner office — have been given glassed-in rooms — fishbowls — but the occupants are increasingly “being challenged why they need them,” Cadieux said. Persuading people to change how they work has been hard, she added — so much so that she said she would like to go into the change management field.
One of the aspects of Cadieux’s job that does not get much play in my upcoming piece is her involvement with Kraft’s facilities people. She told me she worked hand-in-glove with Steelcase, the office furniture giant, to design the space, even walking into the office on Fridays to see how many people were there (usually almost half empty). As Cadieux was telling me about working with office designers, it occurred to me that one interesting spin-off is that IT will play a bigger role in the design of not only the IT architecture but also the physical space that employees inhabit.
Neil MacDonald wants you to stop worrying and love cloud service providers.
This Gartner Fellow is putting in a tall order. Look at any survey of CIOs and IT professionals regarding cloud computing, from its buzzy emergence up until, oh, this morning, and you’ll find that cloud security concerns sometimes outweigh all other cloud concerns combined.
For one, in a recent CompTIA survey of 500 IT and business professionals and 400 IT firms in the United States, 65% of respondents said that security is the area of cloud computing most in need of clarity.
To these folks, MacDonald says, Get a grip — or better yet, let go.
The big cloud service providers think differently about information security — and that’s a good thing, MacDonald told a virtual audience of CIOs and other IT folks during a recent Gartner webinar on cloud security. When it comes to information security, anything you can do, cloud can do better. Or soon will, he said. How exactly are cloud service providers better than you at information security? According to him, here are the new and improved ways big-name cloud service providers like Google, Microsoft and Salesforce.com think about security:
- They assume machines will fail, so they focus on resilience. “That’s their focus, it’s a delivery of an outcome independent of failure of the individual elements,” MacDonald said. “And that is quite a change in mind-set from traditional IT operations and IT security, where we try not to have any breaches or any failures.”
- Their security is baked in, not tacked on. Be it the shift from mainframe to distributed computing or from PCs to networks, security has always been an afterthought on the part of the provider and the user — until now.
- They have shifted to software-based, automated security controls. Most security issues can be traced back to human error, but automation eliminates the possibility while freeing up security professionals to focus on “the higher priority” of creating security policy.
- They take more responsibility than many of your other vendors for delivering outcomes. If you’ve never looked at the end-user licensing agreement for, say, Microsoft Exchange, here’s the short version: Install at your own risk; it might work, it might not. The online service-level agreement looks a little different: It promises 99% uptime or you get a 25% credit.
- They force users to think about outcomes. Fixating on “the bottom of the stack” — hardware, networks — is more about the illusion of control than real security. The focus should be on the top of the stack.
- Their offerings tear down IT silos. Network, storage, server and desktop can organize around security, retaining each group’s skill sets and enhancing agility.
- They employ better people and deploy higher quality controls. Does your on-site data center have palm readers or retina scanners at its entrances? Didn’t think so.
- They embrace change. Most IT folks hate change, especially in the form of patches and updates. Cloud service providers embrace it.
- They view security as an adaptive service. Rather than a set of silo products, it is delivered as an on-demand set of services.
The thing is, though, not every cloud service provider is Google or Microsoft. Not every data center is going to be built on its own island. It’s vital to ask probing questions and create a strong RFI or RFP. Chief among your inquiries, MacDonald suggested, should be not just how your data is protected and how it is segmented between fellow cloud-dwellers, but also who has access to it. (Will you trust your cloud administrator?) A lot of innovation is happening with data encryption in the cloud, he said, that might allow you to hold the keys to your information instead of an unknown admin. Don’t be satisfied with answers alone; ask to see the evidence. And while they probably won’t tell you, it wouldn’t hurt to ask, “Where is that island, exactly?”
Being that this was an online chat, there was no way to gauge audience reaction, so I’m wondering what you think. Does the idea that cloud service providers are approaching security in a different way change your thoughts about cloud computing? I’d like to hear your thoughts.
Let us know what you think about this blog post; email Karen Goulart, Features Writer.
Sometimes considered a Wild West approach to project management, Agile methodologies in actuality can create order, not chaos. The key is being clear on what Agile means at your organization.
Take the example of General Electric, which had too many software development approaches across GE Energy. When Agile was introduced, detractors complained it would be a “willy-nilly” approach, versus a familiar structured approach, such as waterfall, explained Paul Rogers, executive manager of GE Energy’s Software Solutions Group (SSG).
However, as Rogers explained at the recent Forrester Research event in Boston, Agile practices brought order to GE’s SSG by getting teams across the organization on the same development page, following one documented and governed methodology.
“In waterfall, it appears that you’re going from step to step. The product requirements document is created and sent to the technical requirements folks. They decompose it and send it to the coders. The coders send to it QA/QC, and you get the perfect product at the end,” Rogers said. “The problem with that is that with each handoff there is a different interpretation of the specs down the line.”
That’s a pretty unpredictable development process, he said, and the main reason SSG opted to make Agile the official methodology. All SSG employees were required to learn the GE-branded curriculum and become certified in the same Agile methodologies. The GE-branded part is a key point, since a lot of people have a different opinion of what Agile is and is not, he said.
The BPM approach
Taking the guesswork and, yes, chaos out of project management can also be achieved by using business process management (BPM) software to introduce Agile methodologies.
When a new product or service is being considered at a company, BPM identifies which processes will be affected. If changes need to be made to a process to accommodate a new product or service, it can be done quickly. Also, if a business process can not be changed — for example, a given process may protect the organization from violating a regulation — then the decision can be made on the fly not to change it.
“Being able to identify how business processes may need to change and who in particular needs to make that change, versus getting 100 people involved to see if a change might violate a standard or regulations, allows [project] teams to be Agile and flexible, and recognize where Agile is not possible,” said Mathias Kirchmer, executive director of Accenture’s BPM practice.
Yet another example provided at the Forrester event of Agile methodologies reining in a major project was Dan Simpson’s business transformation effort while CIO of Physicians Mutual (he joined Trustmark as CIO this month).
As Simpson told the audience, he was brought in to get rid of legacy systems and create a new set of modern services focused on customer needs and buying habits. His go-to solution was SOA. In the end he created services that could be reused time and again when a new application or service was called for by the business or customers. The main benefit? He delivered on his promise to create a single information view for the customer … and introduced Agile methodologies in the process.
“We decided to implement close to 40 new projects as part of the business transformation effort over a period of years,” Simpson said in an interview with SearchCIO.com. “Iterative development using Agile methods was our ’Agile version‘ for those projects. [That iterative method] was how we determined if user requirements were actually being understood during the development process, rather than us implementing something and finding out users aren’t satisfied.”
Agile saved them a lot of grief in terms of having to correct mistakes and redirect projects.
One takeaway from both Rogers and Simpson? Agile methodologies are going to vary from company to company, but you need to come to an agreement as to what Agile means in your particular situation — then document it, educate everyone and stick to it.
When asked, “Are you better off than you were three years ago?” most IT organizations answer in the affirmative. IT budgets, hiring and salaries are on the rise at the majority of companies, according to the latest annual CIO survey from the Society for Information Management (SIM).
In 2009, more than half of organizations surveyed suffered budget cuts. In 2011, however, 56% of IT budgets increased, a healthy percentage compared with 2010, when 34% of organizations saw their IT budgets go up, and to 2009, when 25% of organizations reported IT budget increases. These results are based on SIM interviews with CIOs at 275 organizations in late June.
“It’s probably the biggest jump I have ever seen, and puts us back at pre-recession levels,” said Jerry Luftman, distinguished professor at the Stevens Institute of Technology, who conducts the research for SIM’s annual benchmark.
IT leaders expect the positive trend to continue into next year. Despite talk of a double-dip recession, 84% of the CIOs surveyed expect 2012 budgets to equal or exceed 2011 levels. In one area, IT budgets did decline in the 2011 CIO survey: The percentage of corporate revenue allocated to IT dropped from 3.8% in 2010 to 3.5% in 2011. Luftman has attributed the decrease to a rise in corporate revenue last year and to the historically high percentage of corporate revenue allocated to IT over the past three years — which, at nearly 4%, was well above the average 3.6% of the past six years.
On the hiring front, turnover remains quite low, at 7%, partly because retirement-age boomers can’t afford to retire and partly because there are fewer job openings for senior-level positions, Luftman said. CIOs tell him that when an experienced staff member does retire, they are using that senior-level salary to hire two “newbies,” who cost less and often come in with the newer skills and technology expertise CIOs need. On the bright side, however, overall spending on salaries is trending up:
- IT staff salaries increased at 66% of organizations in 2011 compared with 2010.
- 67% of organizations expect staff salaries will go up again in 2012.
BI a hard nut to crack
Given their plushier budgets, what are CIOs spending money on? Business intelligence (BI) outstripped cloud computing; ERP systems; mobile and wireless apps; and customer relationship management, or CRM, systems as the top technology investment by CIOs in 2011, according to the survey — and by a long shot.
“BI was a standout — it was 50% higher in the rankings than all the others, which were relatively close in ranking,” Luftman said.
But it appears the upstarts are poised to give BI a run for its money. Mobile and wireless apps took fourth place, up from ninth last year and 13th in 2009. Cloud computing occupies second place, up from fifth place a year ago and 17th place in 2009, the year it made its debut on the SIM survey. The wide disparities in the amount companies are investing in cloud, however, show how nebulous this new computing model remains, Luftman said:
- 20% spend more than 10% of their IT budgets on cloud.
- 21% spend between 1% and 10%.
- 43% are doing nothing with cloud.
In one respect, BI’s top standing in the SIM survey is no surprise. The technology has ranked first or second on the SIM list of the top five CIO investments since 2003, Luftman said. The reasons for the heavy investment in BI, however, keep changing, he added — a mark of just how hard it is to extract potentially valuable insight from the reams of data collected by businesses . “Initially, BI ranked high because of the complexity of getting your databases in order,” he said.
As organizations have mastered the technical challenges of their BI investments, they have recognized they don’t have the talent to support the technology, Luftman said. “You can’t throw a tool up and expect magic to come out.” The portfolio of required skills goes beyond understanding databases and the way the technology works (important as that is) to include statistical and in-depth business knowledge. People with that combination of skills are “few and far between,” he said. The large volume and the velocity of data generated by companies — Big Data — adds to the challenge. “It is one of the more complicated technologies that we have been engaged in in perhaps in 50 years,” Luftman said — and SearchCIO.com can attest to that in our coverage of Big Data.
CIOs still have serious worries. Of the Top 10 IT management concerns of 2011, the first four focus on using technology to help the business compete. IT and business alignment claimed the top spot in 2011, followed by business agility and speed to market. Reducing business expenses through business process management and re-engineering took the third spot; and increasing business productivity and cost reduction came in fourth. Rounding out the Top 10 management concerns, in order, are these:
5. IT strategic planning.
6. IT reliability and efficiency.
7. Enterprise architecture/infrastructure capability.
8. Security and privacy.
9. Revenue generating IT innovations.
10. IT cost reduction.
The man sitting next to me at lunch yesterday works at a bank too big to fail. We were at the Forrester 2011 Forum in Boston, and were both following the content and collaboration track. He told me his bank uses Microsoft SharePoint for collaboration but he is in the market for enterprise social networking software that will encourage employees across the company to be, well, more social. To share. SharePoint works fine for project groups, he said, but tends to fortify organizational silos, not break them down. He’s looked at Jive and at running NewsGator atop SharePoint, but is leaning toward Cisco’s new Quad platform. His bank is a big Cisco customer and has offered advice to Cisco on making Quad work for regulated industries.
But in any case, the problem won’t be the technology, he said, but in selling employees on the idea of an enterprise-wide social forum. Not only are the various operations of the bank siloed off from each other, but there also are silos within silos. People are uncomfortable with the notion of putting stuff out there that is visible to the whole company, he added. The economic climate hasn’t helped, nor have company layoffs. He has decided to provide a model for his employees by putting a little more information out in the bank’s current public forums — to encourage them to share more. Like what? Well, he wasn’t going to publish HR information, of course, but comments on how a project is going, or celebrating one of his employee’s successes, seemed fair game. Still, it was all a bit puzzling to him. In practice, workplace information goes viral all the time. Any email can be forwarded.
I thought about his comment on forwarding emails and had a mini epiphany about the disruptive promise of enterprise social networking. A forwarded email reinforces the countless pecking orders that (in subtle and not so subtle ways) can poison the working environment. Putting the information out on a common platform will flatten hierarchies. But what will equal access mean for companies and employees? Maybe employees know there is no such thing as equal access.
These are early days indeed for sorting out the effect on business of enterprise social networking. And a day’s worth of conference sessions on the topic did nothing except show how conflicted businesses are when it comes to social networking. One example: The gist of the opening session was that IT departments had to be involved in developing their companies’ enterprise social networking platforms — and not only for the obvious reasons of security and compliance. People are clannish. Multiple systems defeat the purpose of enterprise social networking. “It used to be ‘Let 1,000 flowers bloom,’” one of the Forrester analysts said. But that has led to business units each creating their own social networks, sometimes multiple social plots per unit. “Walled gardens are not helpful,” he told the audience. There needs to be an enterprise standard.
But therein lies the paradox. Once there is an enterprise standard and everyone belongs to “the club,” it isn’t a club anymore and people clam up.
One in five of the companies responding to a Computing Technology Industry Association (CompTIA) survey of cloud trends said they are moving some or all of their outsourced cloud systems back on-premises.
The top two reasons respondents gave for moving away from cloud service providers were the Amazon EC2 outage and the Dropbox security breach, according to CompTIA, which conducted the survey of 900 IT and business professionals and IT firms in June with research firm Research Now.
Difficulty integrating on-premise systems with systems in the cloud was another reason given for the shift back in-house, as was the realization by some of the companies that they could build their own private cloud.
“Adoption of the cloud model continues to grow, but there are different nuances,” said Todd Thibodeaux, CompTIA president and CEO. “I think some of these companies recognize that a hybrid [cloud] approach meets a variety of their needs, and some realize that they have the infrastructure in place to have a private or hybrid cloud.”
Overall, more people are using the cloud in more ways — whether with an IaaS, PaaS or SaaS provider, or through a public, private or hybrid model — and these far outnumber the people who are moving things out of the cloud, Thibodeaux said. The CompTIA study found that more than half of the respondents plan to increase their investment in cloud computing by 10% or more in the next 12 months.
If anything, the survey data shows that cloud adoption has moved to a point of maturity in which customers are surer of their needs and more confident that the public cloud model is the right vehicle to meet many of those needs. This is a far cry from a year ago when the leading question was still “What is the cloud?”
In fact, the cloud crosses the globe as a unifying strategic initiative, unlike any other technology Thibodeaux has seen in his decades in the industry, he said.
Our understanding of the cloud has matured, but we are far from nailing down best practices, the main reason being that the cloud has too many moving parts — not to mention players.
“The beautiful part of the cloud is that the technical challenges are not the critical part of the effort.” That’s Jason Lee of consulting firm MavenWave Partners talking about his firm’s rationale for focusing on cloud-based computing solutions — and deciding to partner with Microsoft’s arch enemy. I spoke with him for my story this week about going Google. A cloud believer, he also realizes that the 100% Web proposition is a big change for most enterprises — and “mistakes are made.”
If your company is considering using Google enterprise apps — whether it’s a wholesale adoption or (more likely) just for certain employee groups — here is Lee’s framework for converting. Based on his experience with clients that have made the transition to Google Apps (and on a whole lot of bad Lotus Notes implementations in a past life), the framework has three main steps. And here is the clincher, CIOs: Your organization needs to fund conversion through all three steps, for multiple years. Even though going Google is cheap, it’s not free.
1. Commit. Remember why those ERP and CRM implementations went bad? In one respect, going Google is no different: There’s some heavy politics with changing big applications. Email and messaging touch everybody. The commitment to converting to Google Apps has to be top-down. “Or it won’t be adopted,” Lee said. You need a clear business case for the transition, a funding strategy that spans multiple years, and champions.
2. Enable. How you get the base Google platform out to the enterprise will vary with the scope of the implementation, of course, but converting users to the base capabilities of the system shouldn’t take longer than two to four months, Lee said. You need clear requirements for what the system is intended to do — down to the details. Google has a big leg-up on collaboration, but don’t assume users know how to use the platform.
“There should be an active and aggressive change management program that gives users every opportunity through every channel to understand how to use the new platform,” Lee said. Good project leadership and management are critical to going Google. Consider appointing a daily Google advocate.
3. Collaborate. Once you have converted people to the base platform and they are using it for everyday communications, look for pain-points in manual business processes, and use the Google platform to automate them. Start with stuff that’s easy to fix — or, as Lee put it, the “low value-adds” (for example, a travel approval process that was manual). MavenWave client Journal Communications Inc. of Milwaukee is automating its copy-approval process, as it moves its 27,000 employees to Google Apps.
The long-term aim of going Google is quantifiable improvements in productivity. “Small, new collaboration sites, incremental in nature, will have a big impact when put together,” Lee said. In the first three to six months, IT should be integrating the Google platform with core business processes and systems.
To realize those gains, the ideal situation is to have the majority of users on the platform. “Going half-in is tough,” Lee said. If the whole population is not going Google, segment the user groups that interact the most, and build solutions that will make them more productive.
Criticism of IT’s command-and-control approach is pretty common these days, given the march to people-centric computing, as Gartner dubs it, or IT consumerization, as IT execs themselves call it.
When it comes to mobility, social networks and even the cloud, however, command-and-control is still very much in place — although it isn’t necessarily the CIO who’s setting the ground rules now.
Sure, IT has a lot of input in setting policies for bring-your-own-device (BYOD) programs, given that IT departments have to control their support costs. But limiting choices to a specific iOS or to just BlackBerry devices is more of a corporate cost-control mandate than a control issue for IT.
Social media policies encourage employees to reach out using social platforms but to do so within certain parameters. And those parameters often aren’t set by IT but by company executives — namely, legal.
At Medtronic Inc., a maker of biomedical device implants such as heart pacemakers, Suzanne McGann, social media program manager for global interactive strategy, was told by the company’s executive committee that there “will be no social media in the organization” until she figured out how to do it safely.
IT and CIO were terms McGann didn’t use when she gave a presentation at June’s Enterprise 2.0 show in Boston on the subject of developing social media policies. Medtronic’s director of information risk (who headed up social media policy development) was mentioned quite often, however, as were the global branding, intellectual property, human resources, legal corporate, legal regulatory, and FDA legal and regulatory departments.
It’s an interesting Catch-22 for IT teams. They are not always the rule-setters for IT consumerization, but they ultimately are the enforcers and the ones who take it on the chin. After all, if you violate the rules around that BYOD program, who is going to wipe that device?
On the other hand, many would argue that IT is very much in charge of setting the ground rules for IT consumerization. IT wants to make sure that mobile data doesn’t end up in the wrong hands; it helps business units choose the right cloud provider; and yes, it gives users a choice when it comes to device and application selection — which is why IT was so gung-ho about virtualization long before the business was.
In fact, many CIOs are leading the charge, taking it on themselves to develop a mobile device management program to accommodate proliferating iPads. IT is not so much a command-and-control center as it is a services broker leading corporations to the right choices.