The global economy is in danger of collapsing under a mountain of debt — and guess what? So is the software that runs your company, according to a study this week from CAST, a software analysis and measurement company. The report shows that enterprise software is loaded with technical debt. That’s the term for the cost of fixing all the quality defects that remain in an application’s code after it’s released. Make that all the deliberate shortcuts and shoddy work. Technical debt is calculated only on violations that the organization intends to remediate.
Based on an analysis of 745 applications submitted by 160 organizations in 10 industry segments and representing 365 million lines of code, CAST calculates it costs businesses millions of dollars to fix technical debt — and companies are not budgeting for it.
“The findings revealed an average technical debt of $3.61 per line of code,” said Bill Curtis, CAST’s chief scientist and senior vice president of CAST Research Labs.
That debt adds up: Nearly 15% of the applications examined by CAST had more than a million lines of code. Just like the kind of debt that weighs on many of us 99%-ers, technical debt incurs interest as the violations go unfixed, so it just gets bigger and bigger over time. Research house Gartner predicts global technical debt will reach $1 trillion by 2015.
Notable findings in the CAST report:
- Java apps, accounting for about 45% of the study sample, scored lower on performance and carried more technical debt than apps using other languages — $5 per line of code compared with the average $3.61.
- COBOL apps (yes, these monsters are still around) scored highest in security. They deteriorate in quality as they get bigger, however, unlike their less secure but more modular, newer relatives, Java EE and .NET. (.NET apps scored lowest on security.)
- Structural defects were equally prevalent in outsourced apps and those developed in-house. This finding might be skewed, however, by the fact that most outsourced apps were developed in-house originally before being farmed out for maintenance, Curtis said.
“Even though we have known for two decades that things like cross-site scripting, SQL injection and buffer overflows are huge opportunities for hackers to break in, we still see those things in the code; and that is a huge problem,” Curtis said. “The problem is that you don’t always know which violation in the code is the one that is going to cause the outage or offer a hacker the way in.”
But you do know it’s going to cost millions to fix when it happens.
This leaves CIOs between a rock and a hard place when it comes to managing the risk of technical debt. You can’t fix everything — and you don’t want to, Curtis said. What CIOs need to identify are the most severe violations that carry the highest cost for the maintenance of the system or have the highest risk to the business — “for an outage or data corruption or a security breach or performance problem” — and then go fix those.
Opinions about the top trends for the coming year are starting to trickle into my inbox. Most of these “Outlook 2012” predictions are about the certainty of economic uncertainty.
I know, however, that soon I’ll start to get pitches from vendors and analyst firms predicting which mobile device will be the next iPad; what the next big disruptive technology will be (the cloud won that honor hands down this year, with mobile devices a close second); and the one thing that CIOs can’t ignore.
For me, that one thing is monetizing IT, a trend we picked up on last year but which I believe will be a game-changer for CIOs in 2012. Technology has become so integrated with how a business runs and serves its customers that CIOs are being asked to contribute to the bottom line.
More important, they are being asked to help others in the enterprise contribute to the bottom line. CIOs are working with chief marketing officers to promote and create new services. Technology practices such as Agile are being adopted by the rest of the business to speed up product time to market and add value to the business. And CIOs are working directly with customers (external customers, not internal end users) to gauge how the business can create a better user experience.
Cutting costs, efficiency gains, business process automation — those all are givens. What CEOs want to hear about is technology that will capitalize on the enterprise’s information assets. They want CIOs to rein in big data to deliver new insights and make money.
We’ll also be looking at how some of the biggest stories of 2011 — consumerization of IT, mobile, social media, big data, shared services and the cloud — will continue to shake things up for CIOs in the coming years.
One more big story for 2012? IT staffing: Finding talent is proving to be pretty difficult, in part because the skill sets in demand are in constant flux, and in part because internal talent development isn’t enough of a focus within IT organizations. As one CIO said to me at a show: “What do I do with the ‘old people’ running the systems we have when we bring in all these new systems?”
Good question. What are your predictions for 2012?
Let us know what you think about this blog post; email: Christina Torode, News Director
Something I heard about IT services organizations has been rattling around in my brain this week.
I was interviewing a CIO-turned-analyst for a story about the value of giving IT employees “line of sight” to strategic business objectives. The question was whether it was important that individual employees understand the connection between what they do on a daily basis and the business’s strategic objectives. Not just CIOs and IT management, mind you, but the guy who screws the server into the rack. Wasn’t this just another variation on IT and business alignment?
“I stopped thinking about IT alignment and started thinking about integration a long time ago,” my CIO-turned-analyst said.
Then out of the blue — or so I thought at the time — he said that what worried him was all the talk about the benefits of building an IT services organization and of running IT as a business-within-a-business. Running IT as a business was all well and good, he said, but were CIOs flirting with danger?
“The flip side is that there is a disconnect to the actual business you serve,” he said. The CIO/CEO of this “business within a business” is so consumed by the cost, the quality, the timeliness, the efficiency of IT services that he loses sight of his strategic role as a partner to the business.
Running IT as a business is something I write a lot about in one form or another. IT cost transparency — the ability of CIOs to know not only how much they’re spending but also why — is a goal of a lot of the CIOs I consult. Building a services organization helps sort out how the business consumes IT resources. My colleague Christina Torode has identified the transformation of IT into a services business — to an enterprise within an enterprise — as a major trend.
Still, my expert on the phone had a good point about IT services. Was this a route back down to the basement? To the CIO as the guy who runs IT? Or are we just confused about how an IT services organization runs? What are your thoughts?
For a few years now, stories, studies and surveys have been heralding the arrival of the next-generation workforce. Lately, though, the commentary is beginning to sound like trailers for 1960s horror flicks:
They’re here! They’re invading your cubicles and boardrooms! Their numbers are growing! They’re the Millennial generation, and they’re going to ruin you with their insatiable hunger for — using their personal mobile device for work! IT departments everywhere will be powerless!
Not so fast. As with any spooky tale, there is a way to stop the bogeyman. In this case, the silver bullet is a strong, updated bring your own device (BYOD) policy.
The thing is (as some IT leaders and analysts will tell you) when it comes to BYOD, these new-generation workers are really no different from their fellow employees and, indeed, employers. To paint their presence as a cause for concern makes them sound like impudent children. Are they any different from your CEO who insists on using her new iPad, or from the head of marketing who’s more comfortable with his ‘Droid than the company-issued BlackBerry?
It’s not a generational thing, it’s a societal thing. It’s the consumerization of IT — and that’s not about to change, so policies will have to: Maribel Lopez, principal analyst at San Francisco-based Lopez Research, has been sounding this particular alarm for more than a year.
“It started with senior management bringing in their own devices; now people are starting to realize it’s a big phenomenon,” Lopez said. “The new workforce is very accustomed to being tooled in their own environment; and what’s happened is, if you haven’t changed your policies, you could be losing out on a certain type of talent. … IT managers are saying, ‘We have to find a way to deal with this.'”
Those IT managers include Josh MacNeil, assistant director of technology services at the Whitman Hanson Regional School District in Massachusetts. He is very much in favor of letting people work in ways that allow them to be most productive. For the past 10 years, his district has allowed teachers 24/7 remote access. But dealing with devices will be a true challenge, he admits. He is creating a BYOD policy, gathering information from other school districts. The information exchange on the topic of BYOD has picked up pace noticeably in just the past couple of months, he said.
For organizations ready to take on the challenge of creating a policy, or working on updating their BYOD policy, Lopez Research suggests addressing 10 (seemingly) simple questions:
- Who is eligible? What type of employees can access the company’s network?
- What data and services can be accessed?
- How will applications and services be delivered?
- What does the company pay for?
- Which operating systems and devices, and how many platforms will IT support?
- How is the device secured?
- How is the device managed? Will it be maintained over the air or through syncing with a desktop or Web application?
- What support is provided?
- What are the privacy issues?
- What are the legal concerns?
It’s a short week. I’ll get straight to the punch. I heard General Motors Co. CFO Dan Ammann being interviewed last week about GM’s strategy for running the business, one year after the carmaker’s initial public offering. CIOs should pay attention to what he said about lowering risk and investing in innovation. In fact, they should think of Dan Ammann as their canary in the coal mine.
GM has gone from losing billions of dollars to making money, $7 billion so far this year. Thanks to its reorganization and government bailout, North America’s largest car company is largely debt-free. Granted, Europe is a problem. Apparently the company is not doing so well in South America either, a big car market. And the stock price is not where it should be. But in distinction to life in pre-bankruptcy days, GM’s new executive management team now has the luxury of actually running the business (as opposed to lurching from crisis to crisis), Amman told The Wall Street Journal Senior Editor Darren McDermott during a session at the recent MIT Sloan CFO Summit in Boston.
What was GM’s strategy for lowering its risk profile? One big step was to dramatically reduce the company’s break-even point, Ammann said. “We had a huge fixed-cost base, so we had to build a certain number of vehicles to cover the fixed cost. We had a supply-push business model: You built the vehicles and then figured out how to sell them.”
“Getting the break-even point down allowed us to have a business model where we are building to demand, as opposed to building a particular level of volume, to allow the business to break even,” he added.
Building to demand: That should ring a bell for CIOs, I think. Calibrating IT supply to meet business demand is both tough and arguably more critical than ever if IT hopes to be a strategic partner. One way of building to demand is to build in the cloud, scaling up or back to keep the break-even point at a place where IT departments can spend less than their budgets. Why do that? So they can plow a predictable amount of money into innovation.
However, “you can’t cost-cut your way to prosperity,” said Ammann, whose New Zealand accent lends his statements a kind of matter-of-factness. GM invests about $16 billion a year in product development. The company needs to worry about whether it’s allocating the right amount and if it’s getting value for its money. With a debt-free balance sheet and low break-even point, on the other hand, GM can give its engineering department a predictable set of things to work on and a predictable amount of money to spend. And that, Ammann claimed, is the “best way to get efficiency into an engineering department.” That’s in distinction to the days when the fiscal crisis du jour resulted in billions wasted on engineering products that got canceled midstream.
To recap: Reducing the break-even point, so IT has a little money left over, makes it more likely that CIOs will have a predictable stream of revenue to plow into innovation.
Ammann didn’t get into the particulars of how that GM break-even point was lowered — the brutal job cuts, factory closings and production moved to China. That’s ancient history now. The current reality is that GM’s break-even production volume in North America is about half what it was pre-bankruptcy. And the executive team is relentlessly focused on keeping cost from creeping back in, he said. What’s important is that GM keeps “the break-even point down low enough so we are making money in basically any market environment,” he added. “It’s all about operational execution.”
One last observation, not exactly on point but germane: Ammann has inserted himself into GM’s product planning process — a nervy thing to do for a CFO, it seems. But product development is important for GM, so naturally he “went and got in the middle of it.”
“The role of finance … is that we are there to bring the information and insights to enable the right business decisions. And there are a lot of really important business decisions getting made when you are setting your future product portfolio and future investment strategy,” he said.
Ammann’s advice to the CFOs in the audience: “If you show an interest in the business, the business will show an interest back.” The same could be said to CIOs.
Who says enterprise architecture frameworks are worse than useless? Vivek Kundra, that’s who. The former CIO of the United States made a blistering case against enterprise architecture in his keynote at the 43rd Society for Information Management (SIM) meeting this week. It came in a talk on his efforts to reform the federal IT program with initiatives like IT dashboards and a cloud-first policy. The remarks were especially exciting because they followed a passionate argument for the value of enterprise architecture by John Zachman, an early pioneer of enterprise architecture frameworks.
When an audience member asked Kundra to clarify remarks suggesting that “enterprise architecture was secondary, maybe even tertiary” to the IT discipline, Kundra responded:
“My view is, absolutely architecture is secondary. And the reason is because I am confronting the truth as is, not as I wish it were,” said Kundra, who left his post in August for a fellowship at Harvard.
What idealists get, he contended, are ERP implementations like the one he found as the assistant secretary of commerce and technology for the state of Virginia. The $30 million project was funded by taxpayer money — and had nothing to show but paper two years into the project. “I kept pushing the person [in charge of the project], ‘What did we get, what did we get, what did we get?’ And ultimately it ended up being this book.”
Everybody has lost their way in enterprise architecture, Kundra said, especially enterprise architects. “They focus on documenting the current state or what the future state should be. By the time they are done with their architectural artifact, a new technology has already killed whatever they are working on,” he said.
Zachman, the inventor of The Zachman Framework for Enterprise Architecture, delivered an equally rapid-fire presentation (and with way more jokes), promoting the need for enterprise architecture frameworks. The 76-year-old Zachman argued that the extreme complexity of technology coupled with the extreme rates of change in the information age have made architecture more essential than ever to enterprise computing. IT has always been between a rock and a hard place in designing systems that align with the business. “Hey you guys, we’re never going to be able to produce implementations that are aligned with what you’re thinking about until we have a way to transcribe what you are thinking about,” he said.
IT people confuse building systems — the manufacture of IT products — with architecture. But if the current state of IT has proved anything, it is that anyone can build and run enterprise systems — bolting products upon products as technology and business needs change. Enterprise architecture is about drafting models for systems that will be integrative, flexible, interoperable, reusable and aligned with the enterprise. For people who confuse building and running systems with enterprise architecture, Zachman had this warning: “A cloud is in your future.”
His Zachman framework, more accurately called ontology, is akin to the periodic table. It is a schema or classification that requires architects to answer what, how, where, when and why, and thus to describe what they intend to build — before they build. “You get flexibility by separating the entities, and you don’t build until you are ready to build.”
Kundra made a polite nod to the guru of the Zachman framework, stating that he and Zachman were in agreement that architecture must not become “dogmatic.” Kundra comes at enterprise architecture from a business perspective. “But I have huge disdain for architects and the practice of architecture where all you are producing is paper that nobody ever reads.”
By the way, Kundra did not get off scot-free, fielding several questions — and pointed criticism — on the government’s track record on security during his reign. Who says rubber chicken events have to be bland?
Social business process management, or social BPM, promises to address the age-old problem of having a small group of business analysts or technicians create business processes, only to get pushback from frontline users.
The team has good intentions, but the people actually involved in making the business process happen end up saying, “This isn’t how we do it,” or “This isn’t what we had in mind.”
Employees end up reverting to the old way of doing business, and either all that business process improvement work goes down the drain or the BPM tools don’t get used.
With social BPM, employees — and in some cases, customers — are involved up front in changing and improving and even creating new business processes. Also called collaborative modeling by Forrester Research Inc. analyst Clay Richardson, the idea behind social BPM is to involve employees and customers in the design and planning stage. “Right now, it’s mostly top-down BPM; social BPM flips this model,” he said.
Richardson has written several blog posts on the subject, with one that discusses big process thinking, an approach that includes tying the customer experience to process improvement.
Richardson is seeing it happen among his client base. When a large health cooperative needed to transform its business processes, it brought customers into the conversation, worked with the customers’ employees and asked, “How do you think we should improve our processes?” he said.
With social BPM, a process can be changed midstream. “What’s critical is not just inundating people in the organization with a whole bunch of [business process] data, but putting it into the context of a work in progress so participants can take action on it real-time,” said Elise Olding, a research director in Gartner’s BPM practice.
Social BPM is one piece of the BPM strategy puzzle. We’ll be exploring other factors behind successful BPM strategies — and common mistakes — next week on SearchCIO.com.
Let us know what you think about this blog post; email: Christina Torode, News Director
“People always ask for more than they can use, and more than they need. Less is more.”
Thanksgiving is around the corner, so today’s brief missive is devoted to the eyes-are-bigger-than-the-stomach syndrome — in this case with regard to real-time business intelligence (BI).
Analyst Roy Schulte, the Gartner Inc. expert quoted above, was talking about the mistakes to be avoided when presenting operational BI. (Let’s ignore for now the semantic debate about whether real-time BI and operational BI are one and the same.) The point he was making is that when it comes to the intelligence aimed at decision making in the moment, both digital providers and digital users err on the side of too much. Our stomach for information is bigger than our capacity to process it.
The result is that the pertinent data is obscured and people are overwhelmed with information they thought they needed to help them work — but don’t. Less is more.
Schulte offered the advice at a session at the recent Gartner Sympoisum/ITxpo show. Here are three pointers (heavily paraphrased from the talk) that will improve operational BI.
Don’t junk it up with pictures. Nonessential clip art, logos and decorations actually slow down decision making. Unless you’re a genius at accessorizing — and maybe even if you are — don’t go there. The 3-D graphics that are all the rage in BI reports? Also a no-no. They can obscure the attributes you are trying to show.
Stop with the metrics already! People always want more metrics than they can use. If users ask for a bunch of metrics, it’s hard not to oblige and keep your job. But you can keep to your less is more rule by showing users the pertinent metrics, and making the other metrics optional behind a click-on icon, Schulte says. “Most times, after a couple of weeks people find they are not using that additional information.” (How to separate the wheat from the chaff on metrics is a topic for another story.)
Beware of alert fatigue. Alert clutter is just as counterproductive as information clutter.
The pointers, as I mentioned, came in Schulte’s talk about mistakes that even the pros make in operational BI. But these presentation rules spill over to all sorts of applications. The bigger message for CIOs — and one that I’ve been hearing at conferences and from IT people in the trenches — is the need to focus on people-centric design. If time is money, success will depend on designing applications and platforms that quickly adapt to and reflect how people think and work. And, just to make things more complicated, IT also needs to make these people-centric applications and platforms adaptable to a ton of devices. Less is more. And more is needed.
There are some worrisome predictions swirling around technology staffing, or a lack thereof.
Gartner Inc. predicts that because of technology staffing shortfalls, three out of 10 Global 2000 companies will miss their public business targets for “growth that is driven by information and technology.” This prediction reaches as far out as 2016, and that does not bode well for the CIO job.
The Corporate Executive Board (CEB) believes that a business services, not an IT services, organization is the wave of the future. The CIO won’t necessarily be in charge of this shared services organization. A service broker management office, a separate shared services unit or a new position title that does not come from the IT ranks could well be in charge of this function and the staff behind it, according to Washington, D.C.-based CEB.
The demand for people with new types of skills and for IT to drive new business is “soaring,” according to Gartner analyst Diane Morello. “Meanwhile, access and the ability to find and bring people up to speed at the quantity and pace the business needs are staying static,” she said during a presentation at the recent Gartner Symposium/ITxpo in Orlando.
Some CIOs, like Frank Wander at The Guardian Life Insurance Company of America, are focusing on developing and maintaining existing skills. Read more about his strategy to create a “healthy social environment” for the IT knowledge worker.
Maintaining is not enough, however. CIOs need to be prepared to fill a number of new IT roles: collaboration or social media evangelist, service architect, technology broker, cloud integration specialist, information insight enabler, and user experience designer, to name a few, according to CEB.
What is alarming is the disconnect between CEOs’ and CIOs’ staffing priorities. A survey of 350 senior executives and CEOs ranked the attraction and retention of talented people as their No. 2 priority in 2011. A similar 2011 survey of CIOs ranked technology staffing as their No. 6 priority, according to Gartner.
We’d like to hear about your staffing priorities, predictions and advice; email Christina Torode, News Director.
I don’t know many CIOs for whom the company’s CFO does not loom large. People responsible for what is often the business’s single largest capital expense don’t fly under the radar of the CFO, no matter whom they report to. But how does the relationship between CIO and CFO actually work?
When the CFO and the CIO get together, they both bring something to the table, but what is each one’s role in that meeting? How do the goals of the CFO for technology investments differ from those of the CIO? Do they value the value of IT to the business in the same way? And, if they do, does the CFO then loom less large? Who gets the final say on an IT investment? How do they relate?
That’s a mystery SearchCIO.com and CFO magazine hope to get the bottom of in an upcoming survey of CIOs and CFOs. Feel free to send me questions that might illuminate, preferably with multiple-choice answers.
One thing I already know is that the CIO-CFO relationship tends to be fraught. I was reminded of that at a recent dinner gathering of CIOs. Sparks flew when the reporting question was put to the table. There was some name-calling (eek!). Bean counters. Number crunchers. One MBA’d CIO claimed that most CFOs came up through the accounting ranks and knew less about business goals than CIOs. Glorified accountants! If the ambition is to make IT strategic to the business, CIOs need to answer to the CEO, period: That’s what the table more or less concurred, echoing what’s become the standard view.
The outcry was a nice setup for Faisal Hoque, the speaker that evening, there to talk about his management theories about how to get the business and IT to work together. He spells it out in a new book, The Power of Convergence. (Hint: the CFO can’t be the enemy.) I’m going to read it as soon as my editorial director lets me borrow his copy.
In the meantime, I heard what just may be the most interesting paradigm for the future of IT-business relationships from one of the guests, the CIO of a prominent architectural firm. She’s come to think of IT-business projects as serial movie productions: intense, immense collaborations among IT, the firm and its scores of partners — with the CIO as director! And the CFO’s role? Why, producer, of course. (So, who would be the assistant director?)
I’d like to hear about your relationship with your CFO. You can reach me at email@example.com.