The WikiLeaks debacle has put a spotlight on the need for better corporate security policies and new technology approaches. But even these safeguards are no guarantee in an age where data is so easily transmitted for all to see online.
“I honestly believe [WikiLeaks] is not a technical leak, but malicious intent,” said Prateek Dwivedi, CIO of Mount Sinai Hospital in Toronto, about the WikiLeaks posts. Mount Sinai “does a lot of work” to prevent inadvertent data breaches, he said, “but if somebody wants to get in, they’ll get in. That’s what we have to worry about — how do we keep it from happening? I’m not a diplomat, and our documents don’t have trade secrets, but we do have information on people’s health.”
The hospital already has locked down everything it should, partly because the health care industry mandates it and partly because of Dwivedi’s “healthy paranoia,” he said. “We can make it really hard if it’s inadvertent, but everything comes down to policy,” including requiring people to take oaths not to leak sensitive or valuable information.
Yet corporate security policies and oaths can’t always control human behavior: physicians using a common-area fax machine, for example. For safer transfer of patient information, Mount Sinai is installing a secure link through a website that will replace fax transfers with encrypted PDFs. “The fax machine is not secure,” Dwivedi said. “We don’t even know who the fax is going to! As we implement new technology, we need to buy [more secure] products.”
Insisting upon secure PDFs instead of faxes is one way CIOs can update their corporate security policies.
But paramount is an overarching data management strategy, according to Gartner analyst Drue Reeves: Use document management to make sure you don’t have copies everywhere, and purge nonrelevant material. “Sometimes it’s okay to delete data,” he said. In fact, a lot of companies are forming internal groups to decide just what to chuck.
Other keys to corporate security policies: identity management (make people authenticate again and again), storage management and encryption, Reeves said.
And then, pray.
“Even if you do everything technically, if you have a determined hacker, you cannot stop them,” Reeves said. “Sooner or later, some company somewhere is going to be sued for negligence.”
As more corporate data resides on third-party infrastructures, that negligence could extend to cloud providers. They could be called on more often to adhere to the same security policies the corporations they serve have in place, according to experts.
With help from Reeves and others, I explored cloud liability in a series of articles on SearchCIO.com earlier this year. Perhaps it’s time for another take, as WikiLeaks “is yet another illustration of why organizations need to be focused on and cognizant of security risks,” said Tanya Forsheit, a founding partner of the Information Law Group, based in Los Angeles.
“This round was about diplomatic cables, but it could be the same thing in the corporate context, and we’ve seen suggestions in the media that that’s the next thing,” Forsheit said. “Regardless of whether it’s WikiLeaks or someone else, it’s a data breach.”
Best Buy uses social media like a pro, or as professionally as a business can, given the newness of the communication mode. The company’s Twelpforce service enlists the passion of Best Buy’s entire workforce, not just customer service employees, to help online shoppers make their purchasing decisions. The company’s most recent use of social media was to “crowdsource” its job description for a new social networking position, soliciting advice from its online community to get the requirements right. Best Buy senior management is right there in the mix. CMO Barry Judge chronicles Best Buy’s use of social media in his lively blog. CEO Brian Dunn talks about how he learned to love using social media in a piece in this month’s Harvard Business Review. In fact, if you google Best Buy and social media, the results page is thick with headlines touting the retailer’s savvy use of social media tools to connect with customers.
That’s why my ears perked up when I noticed Tuesday’s blaring headlines that Best Buy had overestimated holiday sales — not just overestimated, but badly misread its customers’ appetite for high-end televisions and other fancy gadgets. The misjudgment resulted in a drop in quarterly sales and lower-than-estimated earnings. The flub sent Best Buy shares plummeting, and put pressure on the shares of competitors and consumer electronics manufacturers, according to news reports. The miss cast doubt on the holiday prospects of the consumer electronics business — and more: “The lackluster showing also cast a shadow over the strength of the recovery in the consumer-driven U.S. economy,” Reuters wrote. A pall on the whole recovery!
It seemed to me ironic that a company so in touch with its online customer base could be so out-of-touch with the mood at large. Does using social media give companies a distorted view of their customers? I don’t know. It sounds like one of those dopey correlations we hear daily: People who do crossword puzzles are less likely to get Alzheimer’s, so doing crossword puzzles will prevent Alzheimer’s. Or my favorite when I was raising my children: Kids who do well in science and math are also good in music, so crank up the Bach and Mozart, if you want your kids to excel in math and science. In Best Buy’s case, good sales probably correlate with online enthusiasm, but that doesn’t mean that online enthusiasm causes good sales.
The problem may be that online social communities often turn into echo chambers of the like-minded, where the occasional contrarian only serves to egg on the social group to act even more like-minded. They are happy to be among their own kind. One thing is true: Being able to read the minds of the self-selecting customers who browse online is no guarantee that you’ve got the holiday zeitgeist right.
There’s good news for CIOs who need to find a way to do more with less: most IT budgets will stay flat or even increase by as much as 10% in 2011, according to a live survey of more than 2,000 attendees at Gartner Inc.’s 29th annual Data Center Conference in Las Vegas this week. A third of respondents (33%) said they expect their budgets to stay even, while nearly a quarter (24%) anticipate an increase of at least 6%, and half of those are looking at a 10% rise.
The extra funds will come in handy for tackling such CIO concerns as technology stacks and a proliferation of data — as well as the resulting storage. Then there’s the question of how to retain a new generation of IT staffers whom the U.S. Department of Labor expects to hold 10 to 14 jobs by the time they are 38 years old. All the while, CIOs are attempting to wrest back centralized control of IT resources and mobile devices, for security’s sake.
“We’ve been trying to control users for what, 30 years?” said David Cappuccio, chief of research at Gartner’s infrastructure group in Stamford, Conn. “All of a sudden, virtual desktops give us a way to do that.” In his keynote address, Cappuccio noted a “huge move to put virtual desktops in to get platforms away from end users.”
Virtual clients would enable IT to “split up a notebook” — two thirds for corporate use, one third for personal, he suggested. Citrix Systems Inc. already has a hypervisor for smartphones, and VMware Inc. is going to do the same thing, Capuccio said. Suddenly, such CIO concerns as embracing tablets and multidevices are much easier to address: “You develop software and push it out to those devices. It’s the same functionality in a much more controlled environment,” he said, adding, “Virtualization is just beginning. It’s going to take over everything.”
Top CIO concerns for the coming year
Virtualization is just one of the issues on CIOs’ plates, according to Gartner analysts. As Wiki Leaks shines a light on securing employee and company data (see SearchCIO.com next week for the CIO take), IT is fraught with changes–in the industry, in technology, and in human resources. We’ll be exploring all these topics in coming weeks, but to whet your appetite:
Stack wars: Major vendors are in more of an acquisition mode than they have been for some time. The result is a trend to convergence and consolidation in the portfolio, according to Joe Baylock, a Gartner group vice president. Oracle Corp. buys Sun Microsystems, EMC Corp. partners with VMware and alliances abound. “The knitting together [of technology stacks] is a trend that we see over the next five years that cannot be ignored,” he said.
The key issue is whether the stack wars will help or inhibit innovation. Baylock’s advice: “Avoid inadvertently backing into any vendor’s integrated stack. On the cusp between 2010 and 2011, there are too many unknowns. … It may not serve you well in the long run.”
Big data: Data is off the charts — Gartner analysts project an 800% increase during the next five years. Eighty percent of that data is unstructured — and untouched after 90 days, Ray Paquet, managing vice president at Gartner Research, told me. Nevertheless, it needs to be stored. Storage is the elephant in the room, especially because users expect access anytime from anywhere.
Where is all the new data coming from? From analytics, yes, but the culprit is content, as Cappuccio revealed in his enlightening keynote. To wit: The amount of video uploaded to YouTube in the last two months was more than would have been produced if ABC, CBS and NBC had been on the air nonstop since 1946, he said. Wikipedia, launched in 2001, is posting 4,300 new articles every day. Fifty percent of U.S. 21-year-olds have created content on the Web.
“It’s all about collaboration and content,” Cappuccio said. “Content is coming from everywhere.”
Keeping new workers content: It’s expensive to replace people, so how do companies keep them? Employers should create a “T-shaped” staff, where a deep skill in one technology is balanced with a breadth of knowledge that links to the business, Cappuccio advised. Companies should enable and reward learning; cross-pollinate skills; and, as in the data center, break down silos.
Also, when they think about unified communications, corporations need to understand that on average, American teenagers send 2,500 to 5,000 text messages a month and their lifeblood is their social networks. “You hire somebody today and say, ‘You can’t go on Twitter or Facebook’ — good luck!” Cappuccio said. They’re going to do it anyway, in a shadow process. Instead, employers should embrace open source collaboration on Plaxo, Orkut and Yammer, as well as on LinkedIn, Facebook and Twitter; develop a code of conduct; and set guidelines.
An important part of a CIO’s job is understanding which IT functions are best handled by others and which should be kept in-house. But the answer is not always so clear-cut in the outsourcing vs. insourcing dilemma; in fact, it can be a real brainteaser.
“It’s not a bright line,” explained Tom Young, who oversees the infrastructure group at sourcing advisory firm TPI. “Think of it in terms of left brain and right brain, where the analytical left-brain functions get outsourced and the conceptual, big-picture right-brain functions are retained.”
Such as? A company’s security policy and its enterprise architecture are ill-suited for farming out, in Young’s opinion. An IT security policy needs to constantly adapt to new threats and changing regulations. “You might want to have the administration of security done through a third party, but you want policy and oversight set by the company,” he said. And if you farm out enterprise architecture, he added, you’re simply raising a conflict of interest for the provider: “You don’t want to give the person providing the service the keys to the kingdom.” What’s the rule of thumb? Functions that are routine and can be done by a set of rules tend to lend themselves well to third-party providers.
To help its clients solve the outsourcing vs. insourcing conundrum, TPI draws a chart of all the IT functions and subfunctions within each domain that a company might outsource, laying them out from the “transactional and simple to the conceptual and complex,” according to Young. At some point along that continuum, a company draws its line: outsourcing to the left, insourcing to the right. And even then, the rationale sometimes doesn’t become clear until after the CIO has lived with the contract for a while. “You’ll find yourself wanting to adjust those boundaries once you’ve had time and experience with that contract,” he said. “It happens a lot.”
Do you have an outsourcing brainteaser? If your company has solved the outsourcing vs. insourcing puzzle, I’d like to hear the details.
Thinking about heading out to Gartner Inc.’s 29th annual Data Center Conference in Las Vegas next week, I’m reminded of how much data center infrastructure has changed since the mid-1980s, when Comdex expanded across the desert as the PC took hold in corporations. No doubt the conversations then were focused on raised floors and midrange systems, as businesses built out their client/server networks.
Fast-forward to 2010, and the hot topics at next week’s conference will concern consolidation rather than expansion, as the data center’s infrastructure is transformed using virtualization, automation and green technologies to achieve something that never goes out of style: saving money.
Going green is one way to gain efficiencies in the budget and satisfy a universal need for better stewardship of the world’s data centers. Businesses can’t afford to plug in servers that are running at 12% optimization, nor can they ignore the growing evidence from the scientists gathered in Cancun this week that climate change is real. Green technologies, such as air economizers, promise to deliver results for both the bottom line and the Earth, and that’s why IT executives are getting serious about the topic. On SearchCIO.com this week, we explored the need for green data centers. Stay tuned next week for ways to get green.
The need for cost savings is driving another trend: partial outsourcing of the data center infrastructure, according to John Phelps, a research vice president at Gartner and co-chair of this year’s conference. “People who are not running their data center efficiently would save money with outsourcing,” he said. “We tell our customers, ‘take a look at anything where you are not adding business value, and look to outsource that.'” The model can be anything from colocation to “turning over everything,” he said, adding, “the word outsourcing is a mixed value.”
Another growing trend is for IT departments to order all the infrastructure needed for a data center, which then is packaged up and installed in the company’s building or at a co-lo site. These “modular” data centers enable companies to add modules in increments, instead of spending multiple years’ worth of capital expenditure up front. These aren’t your father’s (or my father’s) old shipping containers filled with servers and cables; they’re nifty green pods, complete with racks and hot and cold aisles, that defy convention.
What’s new in your data center? Let me know at firstname.lastname@example.org.
Thanksgiving, Black Friday and Cyber Monday are behind us. Time to bring out the 2011 technology predictions. Hot off the presses from the Gartner research files are the consultancy’s top technology predictions for IT organizations and users for 2011 and beyond. With, I might add, enough eye-opening implications for IT professionals to make Scrooge’s Ghost of Christmas Yet To Come look like an angel of mercy: To wit:
- Automation will eliminate 25% of IT labor hours by 2015.
- 90% of organizations will support corporate applications on personal devices by 2014.
- New revenue generated by IT will determine the compensation of CIOs at large companies by 2015.
The technology prediction that caught my eye, however, was the one dripping with irony. As the Gartner research report notes, most companies have established a social media presence, mostly by broadcasting messages through Twitter feeds and Facebook updates. Well, those robotic attempts at adding a social element to the same old, same old marketing pitches will soon be handled by — social robots, automated software tools that engage customers. According to Gartner, by 2015, 10% of your online “friends” will be nonhuman. Viva la 2011 and beyond!
Here’s the short take on Gartner’s technology predictions:
- By 2015, new revenue generated each year by IT will determine the annual compensation of most new Global 2000 CIOs.
- By 2015, a G-20 nation’s critical infrastructure will be disrupted and damaged by online sabotage.
- By 2015, information-smart businesses will increase recognized IT spending per head by 60%.
- By 2015, tools and automation will eliminate 25% of the labor hours associated with IT services.
- By 2015, 20% of non-IT Global 500 companies will be cloud service providers.
- By 2014, 90% of organizations will support corporate applications on personal devices.
- By 2013, 80% of businesses will support a workforce using tablets.
- By 2015, 10% of your online “friends” will be nonhuman.
For the annotated list of Gartner predictions, go here. And let me know what catches your eye.
Every C-position has its own argot, its own turn of phrase. CEOs are addicted to sports analogies and fighting words. A CIO career requires constant tactical maneuvers, as the CEO might put it, against the three-letter acronyms that drench IT speech and dampen relations with the business.
I thought you might enjoy hearing some of the verbal tics of the CFOs I heard speak at a recent summit of CFOs in Boston. You might be surprised at how alike you sound on a few topics.
In any case, next time you sit down to talk turkey (Happy Thanksgiving!) with your CFO, sprinkling on a few familiar phrases can’t hurt your CIO career.
Runway room, as in: “Some stimulus to the business sector to really start growing jobs and get this economy to turn is really important. That and runway room. Without some runway room, so you can take advantage of the stimulus, you are not really stimulating anything.”
Growth, as in: “We are very much focused on growth.”
“We have always been focused on growth.”
“We try to be entrepreneurial and focus on profitable growth.”
Resource allocation, as in: “One of the most important things a CFO does is resource allocation. Not all investments are created equal.”
“We are much more disciplined about resource allocation.”
Execution, as in: “Execution cures all ills.”
“You can’t worry about the swings; you have to focus on execution.”
Quarter to quarter, as in: “If businesses fall into the trap of being focused quarter to quarter, it is because they have allowed that to happen.”
A penny of EPS (earnings per share), as in: “We don’t think a penny of EPS really matters one way or another if we are investing those dollars with a high ROI.*”
The reality for us…, as in: “The reality for us is that there are a lot of other places in the world that are more investment friendly.”
At the end of the day, as in: “At the end of the day, in business, you make decisions based on confidence.”
*ROI: This is a term your CFO can’t get enough of.
If you have any others, please let me know. I’m making a dictionary.
For more tips on how to talk to your CFO, check out, “Build a strong CIO-CFO alliance in 2011, or put IT strategy at risk.”
Enterprises might not be rushing headlong into the public cloud — indeed, most experts believe the infrastructure of the future will be a hybrid cloud — but savvy CIOs are taking a page from the public cloud subscription model to negotiate software licensing agreements on their terms.
Take George Brenckle, senior vice president and CIO of UMass Memorial Healthcare, the academic partner of UMass Medical School, with three campuses in Worcester, Mass., and four member hospitals in Worcester County. “Health care is a very capital-constrained industry,” he said, and he’s realized that the cloud subscription model might be a better way to balance the books while purchasing new technology.
“If I don’t have the capital to buy a product now, but [a vendor] can offer me a service model and build the infrastructure to do remote support, there’s nothing to stand in the way,” Brenckle said.
That realization came to Brenckle two years ago, but when he asked an independent software vendor (ISV) to consider a subscription model, he “got the blank look,” he told attendees at a recent Society for Information Management meeting. Last month, expecting the same blank look he got two years ago, he repeated the request “and they jumped on it,” he said, and promised to come back with a proposal.
Welcome to the age of “anything goes.” As ISVs modify their licensing models to accommodate the economic downturn, virtual use, cloud computing, and in turn, subscription-based options, negotiating new software licensing agreements has become one of the top issues for IT, experts say. And the licensing-agreement term of choice is subscription-based.
By 2014, 40% to 70% of ISVs will offer a subscription model for business software regardless of whether it resides on a public, private or hybrid cloud, according to a study of 756 IT professionals in the public and private sectors by CDW LLC, a global technology solutions provider based in Vernon Hills, Ill. That’s because it makes sense, not only from an enterprise point of view but also for the vendors, said Nathan Coutinho, virtualization solutions manager at CDW.
“In the last six months, ISVs have begun to offer subscription-based pricing models,” Coutinho said. “At some point, it will only be subscription-based, if I had to guess. It would let the ISVs develop much faster, with a steady stream of revenue because of maintenance.”
An army of technology vendors is scrambling to sell you enterprise social media platforms, as I discovered in my reporting for a pair of stories on SearchCIO.com this week on enterprise collaboration. These platforms aim to add a social element to business applications, either “layered” over the many applications we use for work (Socialtext and IBM’s strategy, for example) or embedded in applications (Salesforce.com Inc.’s Chatter, for example).
Underpinned by a lightweight Web-oriented architecture, enterprise social media platforms aim to get people to work across the proverbial silos of the modern corporation. Twitter-like “activity streams,” jangling with metadata, will not only advertise what you are doing, but also expose your goings-on to others — and others’ application activity to you. Suddenly, for example, a person in the professional services group will be able to retrieve information from the sales group.
The punch line: “What we see is that as companies deploy social software, people who hoard information are at a disadvantage to those who share,” said Ross Mayfield, president and co-founder of Socialtext Inc., the Palo Alto-based maker of business social software.
As president of one of the leading enterprise social software companies in this young business area, Mayfield has reasons not to be a naysayer, of course. But this way of working comes with legitimate security issues, and perhaps social ones as well.
Breaking down silos is fine as long as all the silos are on the same farm: the company. But what prevents similar sharing between enterprising members of different companies? Especially if this information provides advantages to the sharers, relative to their more cloistered comrades?
As a business reporter for many years before I started covering IT, I’m skeptical that this will work, even within the confines of the “You’re OK, I’m OK” culture we give lip service to now.
Social media platforms in the enterprise rewrite the rules of competition — not to mention the divide-and-conquer mentality typical of many managers. And I am not talking just about the ruthless tactics used to squelch an outside competitor; I’m also talking about the ruthless intramural competition that permeates the all-for-one-and-one-for-all teams that are supposed to pull together for the good of the corporation.
Business is bellicose. The CEO of one of the largest Catholic health systems in the country, a nun, pointed out to me once that one needn’t look any further than the war-like language that permeates business discourse — from bullet points to the blatant crushing the competition rallying cries of annual meetings — to see that muscle — not sharing — is the virtue extolled at the top.
Maybe a new generation will rewrite the language of work. I read just this week about one study that found students who tweeted in class did better than those who didn’t. (Are you tweeting me?) But that’s a story for another post.
A little while ago, I asked the CIO of a multinational distributor of electronics equipment what he most needed to read about. His answer? Application monitoring.
It’s an area ripe for development, as I discovered this week while looking into monitoring tools in a virtual environment. These holistic tools use such forward-thinking concepts as behavior learning to anticipate trouble spots in performance. They allow you to measure core elements — for example, storage, network, server and desktop — on into the operating system. The same cannot be said for software applications themselves, whose IT metrics for meaningful performance measurements are limited, experts said.
Another spot where standard IT metrics are lacking is the cloud, according to Henry Mayorga, manager of network technologies at Baron Capital Inc. in New York. “Say you’d like to store a couple terabytes of data on a cloud service,” he said, then asked, “Is the provider going to charge you by measuring data coming out of the pipe, with the network overhead? And when the provider restores data that has been compressed or deduped, will it charge for the compressed or the uncompressed amount?”
Unlike the sealed electric meter on a house — which gives confidence to homeowner and electric company that a reading is true — there are no standard measurements for data in the cloud, Mayorga said. “We need normalized data, good systems of measuring, some way of speaking about a common number across the board,” he said. “There is no such thing for cloud computing.” The only way to measure massive amounts of correlated data — meaningful data — is to approach it from a mathematical point of view.
IT metrics in the cloud may not be adding up, but adoption rates for application transfers to the cloud are. Orange Business Services — a systems integration branch of France Telecom Orange — surveyed 500 multinational corporations in 12 European countries to understand their plans for data center consolidation and virtualization — specifically, which applications are being cloud-enabled.
More than two-thirds (67.6%) of the 500 companies in the survey planned to consolidate their data centers and servers within the next two years. One factor determining the response to a question about loading applications into the cloud was whether a program was off-the-shelf versus those that typically are customized. Microsoft applications, Web conferencing and video conferencing were most likely to become cloud applications, according to respondents, but only 95 of the 500 companies planned to virtualize their call center applications; even fewer planned to virtualize customer relationship management, enterprise resource planning and human resources.
What numbers most interest you? Let me know at email@example.com.