July 17, 2009 2:44 PM
Posted by: Karen Guglielmo
Project and portfolio management
We’ve all heard about Obama’s promise for government transparency, but what about IT transparency?
First, what is transparency? Transparency is basically defined as openness and accountability in all areas of business. Obama’s promise for an “unprecedented” level of government transparency has caused many business organizations to look more closely at their systems and operations to determine how “transparent” they are and ultimately better protect themselves against potential legal ramifications.
Many IT organizations are also taking a closer look at transparency and accountability. By being transparent, IT can streamline processes, be more productive and improve customer service and support.
In a recent conversation with David Flesh, director of product marketing for ITSM at HP, we discussed how IT can drive efficiency and greater transparency to the business. One way of doing this is to leverage the power of the change advisory board. Change advisory boards are made up of IT and business stakeholders who meet regularly to review changes to systems and processes that will affect the business. With representation from all areas of the company, change advisory boards have the power to review and assess all changes taking place and ultimately confirm transparency among them.
Asset management is another area where IT can be more transparent to the business. As companies spend more money on IT, they want to know where all the money is going. Using asset management and IT financial management solutions, IT can again ensure spending transparency to the business.
Project portfolio management (PPM) is another way IT is addressing transparency. For example, one business unit might not have known that security was looking at a project that would involve reviewing confidential employee information. This could lead to legal issues. PPM helps address these issues and provide more transparency by creating a system where all units are aware of projects in the queues and how they affect other business and IT systems.
As Obama has said numerous times, “transparency promotes accountability.” Through formal processes and governance, IT can take a leadership role in delivering transparency to the business.
July 13, 2009 4:06 PM
Posted by: rlebeaux
CIO weekly wrap-up
Good afternoon! This past week on SearchCIO.com we ran the coverage gamut, from IT ROI strategies and network access control (NAC) to the real cost of cloud computing and email outsourcing approaches. Check out the stories listed below!
Proven IT ROI strategies in an economic downturn – CIOs who calculate ROI on IT projects are more likely to get executive approval, especially in an economic downturn. Learn how to effectively calculate ROI on new investments in business process management, IT Service Management and enterprise risk management.
Network access control now addresses multiple needs – Users have found multiple uses for NAC, including growing usage for guest networks. Understanding which of NAC’s four main use cases is yours is crucial to selecting the right system.
The real cost of cloud computing services – Cloud computing services reallocate costs and save you money in the short term, but companies should keep in mind what the usage-based model will cost long term.
Enterprises look beyond Gmail, cloud for email outsourcing services – Email outsourcing is taking off in enterprises as CIOs consider managed or hosted email services rather than Gmail or a full cloud-based email approach.
July 9, 2009 6:37 PM
Posted by: Christina Torode
CIOs are pretty paranoid when it comes to data protection, and rightly so given they put their job on the line when they recommend a new infrastructure or service approach like cloud computing.
I’ve been told many times now by companies providing cloud computing services that their security measures are good enough if not better than the ones that their customers have in place — end-to-end encryption being the primary pitch.
But does this satisfy SOX compliance or really prevent someone, say an admin of another customer or internal-to-the-service provider, from finding a way to peek at your data?
These questions are nothing new for CIOs that have gone down the outsourcing path, but the implications of data running on a shared infrastructure do tend to make them squeamish.
Here’s a sampling of some questions Sam Gross, vice president of global IT outsourcing at Unisys, is getting since his company entered the cloud computing fray with the Unisys Secure Cloud and its Stealth data protection technology last week.
1. How can you absolutely, positively assure me that a cloud administrator [employed by you] will not in error grant some type of read or write access to the content, facility or service?
2. How can you assure me that none of your cloud administrators will have any visibility to that data and compromise our SOX controls?
3. How can you assure me that you can’t, will not and don’t have mechanisms to electronically transmit my data in the background to another third party?
Unisys Secure Cloud is backed by 800 consultants and Stealth is a technology Unisys developed for the Department of Defense based on bit-splitting technology made by Security First Corp. The technology splits data across multiple packets, across disks, multiple sectors and physical devices so that snoops can’t construct a single byte or single character of data using any single packet. On top of that, AES 256-bit encryption is used.
In answer to those three questions: No. 1, the assignment of read or write access is handled by the client through the client’s own directory and authentication mechanisms and not by Unisys.
No. 2, Gross uses the analogy of the cloud looking like nothing more than a series of pipes with water running through them when the cloud infrastructure is Stealth enabled. “The pipes have water running through them, but [people with malicious intent] can’t tell where the water came from, they don’t know where each drop of water is going and the water is transparent.” In other words it’s SOX compliant because all that is seen is a stream of ones and zeros.
No. 3, data that is in storage on the SAN is also Stealth protected so that even if you are a member of a client-defined community and transmit data, that transmitted data would be, again, a stream of unintelligible ones and zeros to the person on the receiving end.
“The end result is that if people put sniffers online, use Deep Packet Inspection mechanisms or physically remove a disk from a SAN and try to recover data, it’s impossible to assemble that data,” said Richard Marcello, president, Unisys systems and technology. “They won’t be able to recognize the payload or data construct, so therefore it’s cloaked and unrecognizable to the mechanism people use to steal data.”
Time will tell whether Stealth is truly the answer for a lot users, but you have to admit they have a much better explanation than, “Our security is good enough if not better.”
What security measures do you want to see from cloud companies? Let me know at email@example.com.
July 8, 2009 2:36 PM
Posted by: mschlack
, desktop virtualization
Nothing fuels the tech press like wars. So I have no doubt that we will see an endless string of reports from the battlefield over the next many months on the struggle between Google and Microsoft for world dominance. Wake me up when it’s all over.
Google’s announcement of its intention to field a Linux based, browser-centric operating system for netbooks and eventually most client machines comes at a strange time in the history of operating systems. Now, operating systems matter less than ever.
Once upon a time, your choice of operating system dictated your choice of processor, which often meant your choice of hardware vendor. It also dictated what applications were available to you and from whom. The only mainstream operating system that you can still say that about is the Mac OS.
Chrome OS will do none of those things. It will run on all the same hardware that Windows runs on, plus ARM-based systems. It will run browser-based applications, which will also run on any other browser. Undoubtedly, Google Apps will work really well on Chrome OS. Google is also suggesting it will deliver better security, easier configuration and quicker performance than the incumbents.
History (especially of desktop Linux) suggests that it will have to be a quantum leap better at all those things to make a dent. We can only hope they achieve that, since regardless of who delivers those attributes, they are desirable. But more to the point, Chrome OS comes at a moment when desktop operating systems are themselves in danger of becoming a big so what.
By the time Chrome OS shows up, desktop chips will likely have hardware-assisted virtualization. Increasingly, hypervisors will determine the performance characteristics of the system – how well they manage memory, how well they interact with CPUs, etc. With storage and applications increasingly being network-driven, the operating system’s chief function may well become the user interface. How security functions will be parceled out between hypervisor and operating system is perhaps an open question, so that function may still be crucial.
Nonetheless, the world Chrome OS makes its debut in will be one where operating systems can be swapped willy-nilly, where applications don’t care what OS they run on, and where, frankly, users may not either.
Google’s main impact may well be nontechnical, forcing Microsoft to drop prices and (just) maybe to improve Windows. Call me a contrarian or curmudgeon, but I think this development is more important to shareholders of both combatants than IT managers. How about it, CIOs? Game changer or no biggie?
July 6, 2009 3:06 PM
Posted by: rlebeaux
CIO weekly wrap-up
I’m happy to report that the sun finally shone in New England over the holiday weekend! I hope all of our American readers enjoyed July Fourth as much as I did. Now it’s back to work – join me in reviewing last week’s content from SearchCIO.com on IT governance and outsourcing contract success, lean BPM, enterprise risk management and more.
Solid governance model key to IT outsourcing contract success – A solid governance model and a relationship-minded manager are crucial to the success of an IT outsourcing contract. Here’s what to look for.
Gartner: Future IT security jobs to focus on risk management strategy – Gartner predicts that by 2016, maturing technologies will supplant many security experts. The jobs that survive will be all about risk management.
Get the most out of your lean BPM solution – The demand for BPM solutions is up and budgets are down. Learn how specific lean BPM tools can help streamline your processes and reduce costs.
Enterprise risk management solutions for CIOs – Enterprise risk management programs buffer organizations from risky business practices. In this guide, learn how to employ enterprise risk management solutions in an organization.
June 29, 2009 7:21 PM
Posted by: Christina Torode
Michael Jackson’s passing and the outpouring of grief and curiosity made its way full force onto the Internet last week, slowing down webmail, news sites and search engines and grinding Twitter to a halt. It made me wonder if customers of cloud computing services are going to start asking what cloud providers have in place to account for such events.
Or maybe providers of cloud computing services have such a deep reserve of resources that it’s a nonissue.
Still, many companies can’t afford to have their Web-based applications slow down for the day, or longer, so just how deep are those reserves, and does the responsibility to ensure acceptable application delivery times rest on cloud providers’ shoulders or those of the ISP?
Or even the customer, when it comes down to it. Should they have signed up for overdraft protection when it comes to bandwidth in the first place?
Sure, spikes like those of last week are not that common, but it is not unthinkable that such occurrences may become more frequent, given that many people are turning to blogs, Twitter and YouTube in place of their local news station or paper to get up-to-the minute information on something like the Iran protests. And then you have to factor in the spamming that follows close behind a big news event.
And I’m not talking just about Gen X and Y flocking to the Internet when something happens, but people like my 66-year-old father, who stopped reading newspapers several years ago and now sustains himself on a steady Internet news diet instead.
What do you think? Is Internet traffic cause for concern when it comes to cloud computing services, or is it a nonissue? Let me know, firstname.lastname@example.org.
June 29, 2009 3:16 PM
Posted by: rlebeaux
CIO weekly wrap-up
I’ve held off on mentioning this until now … but is the rain in New England ever going to stop? The bright side of this weather (pun fully intended) is that I’m probably more productive at work when I’m not staring longingly outside the window at a sunny, summer day … at least, that’s what I’m telling myself to get through the gray days.
If you’re trapped indoors like I am (or even if you’re not), check out the latest SearchCIO.com content this week on business intelligence strategy, PPM software, customer service satisfaction and our new FAQ on Six Sigma methodology and let us know what you think!
Putting your business intelligence strategy to the test – Review our latest coverage of business intelligence and corporate performance management, then test your knowledge with this quiz.
How PPM software usage changes as firms grasp IT portfolio management – Nearly four in 10 large organizations use PPM software, but not all instances are created equal. New survey data shows what IT values most and how deployments mature.
Key to customer service satisfaction: Less complexity – Customer service satisfaction can be improved by simplifying complexity, according to business executives interviewed in this chapter of James Champy’s newest book, Inspire! Why Customers Come Back.
How does the Six Sigma methodology benefit IT? – The Six Sigma methodology has helped companies improve customer service and eliminate errors for years. Learn how IT can reap the benefits of this service-driven methodology.
June 25, 2009 8:17 PM
Posted by: mschlack
electronic health records
, Healthcare information systems
Healthcare actually pushed the Iranian elections out of the top news slot this week. Most of the attention has been on the administration’s efforts to establish a government insurance plan of last resort. But in the background, the health information technology (HIT) effort continues to boil along, with a lot of action and not much clarity emerging on standards for electronic health record (EHR) software.
Dr. John Halamka, noted CIO of CareGroup Healthcare System, reported on the second meeting of the HIT Standards Committee, of which he is a member. The committee is currently engaged in a four-dimensional exercise: drilling deep into the information space that healthcare inhabits to understand what data in what format has to be interchangeable, all the while trying to understand how these standards will develop over time. It’s a Herculean task, even at the 50,000-ft. level, and I’ll be very interested to see where they are able to make progress and where they stall. Halamka points out that already people are beginning to see that EHR won’t progress unless complementary initiatives like lab results data standardization also proceed apace.
Meanwhile, the standardization picture is far from clear. Neil Versel is hearing rumors that CCHIT may be replaced or augmented as the certification body for EHR software. The presumptive favorite body to certify may be sidelined or augmented by the Office of the National Coordinator for Health Information Technology, the federal agency overseeing the Recovery Act initiatives in electronic healthcare. One hospital IT director I’ve spoken with says he expects the Joint Commission that accredits hospitals to step into the fray. That might be a culture shock, as the Joint Commission has a reputation for rigor in its clinical inspections that could be a rude awakening for software vendors.
The next few months will hopefully clarify just what IT needs to do to demonstrate meaningful use of healthcare IT. Meanwhile, IT organizations are not standing still. Alex Barrett wrote recently about Boston-based Beth Israel Deaconess Medical Center’s EHR project to get private physicians integrated into their systems. BI-Deaconess is making creative use of server virtualization to build an infrastructure that can grow and adapt as it gains acceptance and use. This is not an insignificant problem for architects who face uncertain usage targets and unknown ramp up times.
Chris Griffin documents an interesting culture shift in healthcare IT, which he describes as a “culture that puts a big emphasis on software applications, rather than on hardware and a holistic view of the computing environment.” That’s probably a dysfunctional approach for IT departments that will face increasing pressure to store more patient data from imaging and other diagnostic procedures as well as for longer and longer times due to regulatory compliance requirements.
June 25, 2009 8:15 PM
Posted by: rlebeaux
, IT/business management
, outsourcing contracts
For those keeping an eye on IT outsourcing and offshoring, there were a couple of noteworthy pieces of news this week regarding the artist previously known as Satyam Computer Services Ltd.
First, Tech Mahindra Ltd., which purchased the troubled IT outsourcing company two months ago, following the Satyam scandal, has officially rebranded it as Mahindra Satyam.
Secondly – and, I think, more importantly – Satyam is looking to cut jobs if orders coming into the company continue to languish. According to this article, 8,500 employees placed in a so-called “virtual pool” might see their positions eliminated in six months if the company fails to find them work.
Satyam’s staffing troubles aren’t surprising — it must be difficult to woo new Satyam customers or retain those with expiring contracts, given the past transgressions of company leaders. Considering all that, I’m a little surprised that the new owners are leaving Satyam in the company’s name at all. As a point of comparison, after ValuJet Airlines experienced a series of safety problems and the fatal crash of ValuJet Flight 592 into the Florida Everglades, it changed its name and is now operating as AirTran Airways.
Since the Satyam scandal broke early this year, IT outsourcing and offshoring clients have struggled to parse through fact and fiction, protect existing contracts and wise up when pursuing new IT outsourcing deals. As the recession deepened, we began to hear that companies were seeking cheaper rates, sometimes in exchange for more flexibility on the part of the outsourcer in how work is completed. More recently, it seems that insourcing – bringing previously outsourced IT work back in-house – is on the rise.
So what role has the Satyam scandal played in these trends? I recently asked Ben Trowbridge, CEO of Alsbridge Inc., a U.S.-based IT outsourcing and business process optimization consulting firm, whether the scandal was sticking in his clients’ minds.
“Yes – but it’s amazing how short a memory clients have for bad news,” Trowbridge replied. “Within a month of that being brought to a head, it was like everybody had forgotten about it.”
This wasn’t the answer I was expecting. Google’s AdWords tool tells me that the term Satyam is still being searched quite a bit. So I’m putting the question out to enterprise CIOs: Has the Satyam scandal had any effect upon your company’s IT outsourcing and offshoring activities in the past six months? I’d love to hear your stories.