It’s a given that the days of worrying about only what is within your four walls are long gone. Outsourcing took care of that a long time ago. The reach of the CIO domain is going beyond even that relationship, however, and into the “extended enterprise,” as some are calling it.
External customers, internal employees and partners are dragging data further and further away from the confines of a given data center or desktop PC and into the realm of mobile apps, social forums and the cloud. In a tip running on SearchCIO.com this week on securing the extended enterprise, Forrester Research Inc. security expert Chenxi Wang explains the extended enterprise as follows:
“Today’s businesses must constantly create new products and services, expand their geographic presence, streamline operations, and deliver topnotch customer services. To do this, your business will increasingly use third-party and cloud services to reduce cost and increase speed to market. Your business will unleash the creativity of your employees and customers with mobile, social and rich media technologies. More and more, devices — meaning cameras, cars, home electronics and even musical instruments — come equipped with microprocessors and will become conduits for businesses to deliver services and engage customers. To stay relevant, your enterprise must extend itself continuously to include new peripherals and meet new business scenarios. Forrester Research defines this vision of business as the extended enterprise, one for which a business function is rarely, if ever, a self-contained workflow within the infrastructure confines of the company.”
The term “extended enterprise” nicely ties together many of the topics we’ve writing about for the past year, the most prominent one being the consumerization of IT or, as our Senior News Writer Linda Tucci likes to call it, the “democratization of IT.” Regardless of what it is called, it is yet another opportunity (some might call it a can of worms) that CIOs are in charge of securing and navigating for the business.
Should IT organizations hire consumer advocates? The idea came up at our company’s annual editorial meeting during a panel discussion involving our own CIO, his senior director of IT operations and the chief information security officer (CISO) of the largest protected health information data warehouse in the U.S.
The panel’s topic, “A day in the life of an IT pro,” was intended to give reporters fresh insights into how IT pros spend their days, and it didn’t disappoint, covering many of the issues we at SearchCIO.com strive to understand better from the CIO’s point of view. Topics ranged from how technology investment decisions get made (methodically) to managing vendors (oy!), to which of the many buzzwords tech reporters bandy about are actually things IT pros need to pay attention to (“consumerization of IT“).
(A few tidbits before I get to the takeaway here: Telco vendors should be ashamed of the way they treat their IT customers. It’s a good idea to Google the phrase “[insert product name] sucks” before pulling the trigger on a technology purchase. EBay is attacked an average 100,000 times per day.)
Hiring a consumer advocate who belongs to the IT organization was a suggestion that came up in answer to a question about how IT roles are changing — must change! — to keep up with business demands. Standardizing processes has helped. Methods like Scrum, and waterfall too, have taken some of the hit-or-miss quality out of software development. But the standard practice of a business analyst or a business relationship manager collecting business requirements and translating them to IT? That was insufficient, the CISO on the panel said. The inventors of smartphones and tablets and social networking sites aren’t going to business relationship managers with their ideas. They are dealing directly with consumers. IT shops need a consumer advocate among their ranks, if they hope to keep up with what business users expect from technology, he said. What do you think?
One of my favorite movies is Poltergeist, with its never-ending quotable lines. “What’s happening?” probably is the most famous; but my favorite is when actress Zelda Rubinstein, who plays the spiritualist Tangina, claims, “This house is clean.” Not so, if you follow the movie, the premise of which is, don’t build a new housing development on top of a graveyard.
In many ways this movie reminds me of an IT department (bear with me here). CIOs inherit all the decisions, good and bad, that their predecessors made. As a result, they often are being asked to “clean house” — to simplify, to automate, to gain efficiencies and to cut down on rogue technology.
Looking over this year’s CIO Innovators profiles, you’ll find that CIOs clearly have cleaned house — without the help of spiritual guides. Among them is Steven Johns, the subject of our first CIO Innovator profile in 2011. He rolled up his sleeves when he inherited an “infrastructure overhaul” on joining H.B. Fuller Co. in 2007. His plan of attack was to take back the core functions of IT from a third-party outsourcing giant, update legacy systems and move non-core functions to the cloud. This “turnaround guy” met the needs of users through the adoption of cloud solutions; those in turn reduced rogue technology. He also cleaned up some big messes that had been left behind: systems in place since the 1980s and no standard collaboration system across the global company, to name just two.
But as CIOs begin to build the next foundations in an age of cloud computing, shared IT services and the consumerization of IT, I wonder whether they are potentially adding a weak foundational layer, at least in terms of controlling rogue technology. Are they adding to the problem as they accommodate the age of people-centric computing?
Self-service provisioning, for example, often is talked about as a must-have for shared services to succeed. Self-service provisioning portals also are a tenet of cloud computing. Some CIOs believe that “self-services” — putting the power of technology choice into the hands of users — is the future of any good IT services organization. Left to their own devices, however, will users really make the right decisions?
Will rogue technology, which leads to silos of information — something CIOs are trying to undo in this Information Age — only get worse?
Sure, making it easier for users to get their hands on the technology they need is not only smart but inevitable. On the other hand, what precautions should CIOs be taking to lay a solid self-service foundation?
It’s a question as old as information technology itself: “How do I prove the value of my technology investments to the business?” What makes the question so vexing is that there’s never been an easy answer — or any answer, period. There is no one-size-fits-all solution; and if someone were to come up with one, well, it probably would become obsolete in a matter of months. And then there’s the real kicker: This question has been plaguing CIOs for years, but it’s never been more important to answer it than it is right now, in the slippery era of all things global and mobile.
So, although I wish this paragraph contained some crazy, silver-bullet solution of the big “…until now!” kind, that’s sadly not the case. What I do have is some encouragement from CIOs who believe that proving the value of technology investments can reasonably be accomplished. One CIO is being practical in his approach, the other is scoring points with the business through creative thinking. Neither is trying to reinvent the wheel; they’re just looking at what they have to work with and running with it. And perhaps most importantly, both are being proactive: They didn’t wait for the business to come to them with demands for financial answers.
I’ll delve into more details in an upcoming story for SearchCIO.com about monetizing IT, but one CIO taking the practical approach is Raul Cruz, CIO at AECOM Technology Corp., an engineering and architectural design firm with more than 45,000 employees around the world. Two years ago, he implemented a financial management framework that gets truly detailed in its tracking of costs associated with services, activities and projects. He’s applying that information to a SaaS solution that will make all those figures accessible to his team and, of course, the business.
Then there is Larry Bonfante, CIO of the United States Tennis Association. What he’s done over the last few years might be considered a kind of “creative IT recycling.” This phrase, which I just made up, isn’t meant to cheapen his efforts by any means — in fact, they have made the USTA quite a bit of money. Here’s just one example: The USTA runs the widely attended US Open. The 700,000 or so attendees gotta eat; and when they do, they can visit the food village in the center of the event campus or an outlying kiosk. Choices are nice, but until recently, the outlying kiosks could accept only cash because they were too far away from the central village to connect to the system. Enter IT with a Wi-Fi solution, and those kiosks now can take credit and debit cards — and the USTA can take in an additional $200,000 in revenue. You know the business had to, ahem, love that.
The subject of shared services led to a lively debate about the need for IT chargeback — and, to put it bluntly, the strain and pain it puts on IT and business departments.
To back up a bit: This week and next we’ll be publishing stories on SearchCIO.com that define a shared services model from the IT executive’s point of view. Be forewarned: There are many CIO points of view on this topic. Here’s one definition of shared services: a multi-tenant environment in which IT resources and skills are pooled internally. As one IT executive put it, a shared services model is more about “the service and not the server.” Gone are the days when hardware and applications were dedicated to a given business unit. Instead, they now are pooled to be used as needed for projects and changing business needs.
As resources are pooled, however, whether in a multi-tenant environment or in a traditional centralized-IT model, IT executives are rethinking how they charge for IT services that are shared instead of dedicated. Is IT chargeback based on use really necessary? If it is, how should IT go about it?
The customers of one consultant with a systems integrator are having a pretty hard time trying to answer audit questions when they’re asked what exactly they bought for a particular project, he said. In a shared services environment, where a project investment is tied to usage as opposed to the purchase of a server, the answer isn’t simple. And, he added, the organization might not even have the metering or reporting tools to break out who is using which resources and what to charge them.
David Johns, CIO at Owens Corning, said he doesn’t bother with IT chargeback at all under his shared services model, because it takes IT’s focus off the business and ultimately the end customer, and is a burden on business units. “What value is there to the end customer if you spend an enormous amount of time going through a massive exercise focused on service charges to a business [unit]?” he asked.
In our upcoming stories, we’ll be exploring the issue of IT chargeback, the benefits of the shared services model and whether self-service provisioning portals are a given for shared services success.
Some say self-service absolutely is the ultimate end game of any well-run IT services organization. But where does that leave IT?
Security investments and priorities are a tricky thing to nail down, given that threats are constantly shifting, but one security precaution could be going the way of the dodo bird.
Michael Daly, deputy CISO at Raytheon Co., tells me the buzz at shows and security groups is about getting rid of some security measures — in particular, endpoint security tools, and possibly even staff.
The reasoning, he said, is that security for endpoint devices has become automated enough that endpoints don’t necessarily require some of the tools and people of yore to run effectively.
“An organization may have been staffed up in order to go through patching. Now everyone has patching automated, so I think people are asking, ‘Do we still need this many people, or do we have enough [automated] procedures now to get things done with [fewer] people?'” Daly said. For instance, “Maybe it turns out Microsoft has gotten better with Windows 7. You still need desktop [antivirus], but all these other things — insider threat tools, automated patching tools — are taking care of things, so, what can we give up?”
Then there’s the high interest in desktop virtualization, which essentially removes the data from the endpoint. Some experts, however, argue that virtualization should not be used as a security precaution, but that’s an issue we’ll explore in another story.
What’s in a name? Sure, a rose by any other name would smell as sweet — but what about a CIO? If you referred to him or her as a services broker, what would change? On SearchCIO.com you’ll find my story on the growing trend of businesses of all sizes adopting the IT services broker model. Sometimes referred to by analysts as “hybrid IT,” this model makes IT the services facilitator in order to address the business’ desire to consume IT as a service. The story also explains how, rather than hiding from it, a services model confronts “shadow IT” — the dreaded and growing tendency among business users to take IT into their own hands. Many CIOs and analysts agree this evolution is the way of the future for IT, but one CIO I spoke with, Dan Petlon at Enterasys Networks in Andover, Mass., is rather sour on the moniker.
What is it that makes this title such a thorny issue for Petlon? After all, by his own account, he embraces much of the ideology behind the services broker model. He estimates he spends about a third of his time talking with leaders in the business about what they’re working on and how technology can help them move forward — enough to exorcise the specter of shadow IT. And he’s a self-professed “huge cloud fan,” counting about two dozen cloud-hosted applications in use at his company. So, is the issue just a matter of semantics, then? Yes and no.
“My job is to provide appropriate technologies to meet the needs of the business, whether that’s in the cloud or in-house, but I don’t think of myself as a service broker,” Petlon said. “I’m still a value-added function in the business; I’m not someone who arranges for someone else to provide a service.”
And therein lies much of his concern — CIOs and IT leaders devolving into a strict interpretation of “services broker.” He’s seen it happen to IT leaders who’ve given up on keeping up, Petlon said. They become glorified outsourcers, fighting with vendors and shuffling contracts while their relevance within the company diminishes.
“Increasingly, a lot of IT groups are finding themselves in that role, managing contracts, executing [service-level agreements] — and other than that, they’re not improving the business process,” he said. “It’s kind of like admitting defeat, saying ‘we’ll take that contract management vendor relationship role instead of being an active part of the business and trying to help the business compete on a higher plane. I think it’s the wrong path.”
If the title “CIO” becomes synonymous with “services broker,” will your role smell as sweet? Certainly there are benefits to the services broker model. But you should be aware of whether you define the label or it defines you.
With technology boosters like these, who needs Scrooge? That’s what many IT folks must be thinking when they take a gander at the sponsors of a bill before the U.S. Senate to limit overtime pay for computer workers. You can read about the details of the bill in a piece I wrote for SearchCIO-Midmarket.com this week. Suffice it to say, the Computer Professionals Update Act basically states that employers are no longer legally obliged to pay overtime to anybody in the computer field making $26.73 an hour or more.
The bill, (which goes by the cutesy acronym CPU), was introduced in October by Sen. Kay Hagan (D-N.C.), whose district includes the Research Triangle hotbed of high-tech companies. Sen. Michael Bennet, a Democrat whose Colorado district is home to clean energy, aerospace and medical device companies, is a co-sponsor, as are three Republicans: Sen. Michael Enzi of Wyoming, Sen. John Isakson of Georgia, and most recently, Sen. Scott Brown of Massachusetts, where high-tech is a mainstay of the state economy.
A litany of letters opposing the bill decry it as yet one more example of politicians putting corporate interests ahead of individual workers. Most are from people whose livelihoods will be directly affected.
But management, too, is shaking its head. CIOs I reached in my home state of Massachusetts who were willing to venture an opinion wondered about the intent of the bill — and possibly its unconsidered ramifications. John Lauderbach, CIO at Roche Bros. Supermarkets Inc., said he could see how curtailing overtime pay might even raise base pay, as a means of maintaining compensation levels for employed staff who earn a portion of their income from overtime.
Ed Bell, interim CIO for the commonwealth of Massachusetts’ Senate and House of Representatives, said he was disturbed by the “cookie cutter” approach the bill takes to compensation in an industry where the work and skills to do the jobs are anything but cut-and-dried.
“I’m under the belief that there are a lot of factors that need to be taken into account when defining whether a position is exempt or nonexempt: factors such as whether the work is in Wyoming or New York City; whether the position requires 35 or 70 hours per week; whether the position requires an MS from MIT (but [the applicant is] new to the market) or a high school diploma; or whether the position supports applications via an on-call schedule for endless hours per week or it’s just confined to the 9-5 time frame,” Bell said in an email.
Just as surely as you’ll hear that Mariah Carey Christmas song 900 more times between now and Sunday, you’re sure to keep running into 2012 prognostications on your daily travels around our family of sites between now and mid-January. Because it’s such a cheery time of year, I like to think of these as little gifts to our readers. I hope you don’t mind if I add one to the pile.
What I have to offer is not so much a guess at a trend as a sure thing. How do I know this? Because it’s already happening. I’ve been talking to analysts and CIOs about the idea of the IT organization as a services broker. IT as a services broker is a trend my colleagues have written about previously, and it doesn’t appear to be going anywhere but forward. From small and medium-sized businesses to large enterprises, IT organizations more and more are responding to the one-two punch of the consumerization of IT and an unstable economy by getting lean and decidedly less “mean.”
To keep up with the demand for flexibility from the business and to keep costs in check, IT leaders are positioning their organizations and themselves as facilitators of technology services rather than as the managers and mainframe-minders of yore. To remain relevant and keep tech missteps by the business at bay, IT is retaking the cloud reins from customers and stepping in to take over a myriad of cloud vendor relationships.
It’s not an overnight change. It requires a lot of planning, of course, and a lot of talking with the business to get to know customers’ needs and soften the Grinch-like reputation of the “Department of No.” The biggest benefits (sure to make eyes light up and hearts grow three sizes in the C-suite) are the financial ones. Done right, Chief Technology Officer Abdullah Haydar said, the financial benefits are huge. Think no more periodic hardware refreshes, leaner staff, less downtime for maintenance. In fact, a focus on finance is really the key here, he said.
The most important thing to do when setting down this services path, Haydar said, is to evaluate the ROI and present a business case. And for goodness sake, don’t rush it.
“Any CIO can tell you a huge number of projects fail because people rush in,” Haydar said. “If you migrate haphazardly, you risk having colossal failures, you risk having your systems fail. You have to have proper planning and proper management … there is nothing about this [strategy] that says the same lessons don’t apply. You need proper planning and a business case. You have to prove it’s worthwhile and have a plan of execution.”
I hope you’ll check out the full story after the holidays and share your thoughts on the whole concept of IT as a services broker. And when you do, feel free to “regift” it on the social media platform of your choice — I won’t be offended at all!
I check in with headhunters this time of year to get the lowdown on hiring — and more important, on what companies are looking for in their CIOs. What’s considered executive material these days? This year, I asked that question literally because — call me superficial — I’ve noticed lately that CIOs are — how do I say this? — a lot hotter than when I first starting covering IT seven years ago.
I’m not talking about CIOs moving away from being the bespectacled IT guy in white socks, short sleeves and pocket protector. That stereotype was stale even when I started writing about IT. CIOs are dressing for success: sharp suits on both sexes, high heels for the women; an iPad nearby.
What I heard back from headhunter Shawn Banerji helped explain what’s going on. And it involves more than a well-cut suit and the latest gadget. Banerji, who’s at New York recruiting firm Russell Reynolds, described for me a new breed of CIO executives: Ramon Baez, for example, who was recruited to head IT at Kimberly-Clark. The maker of Kleenex was in the midst of a huge transformation, and its expectations of IT were huge too. Once Baez agreed to take the job, he hired a personal trainer, dropped 20-something pounds and got himself into fighting trim.
“He told me that if he hadn’t gotten himself in shape, physically and mentally, he would have broken down; and irrespective of how capable an IT leader he was, he could not have been effective in the role,” Banerji said.
That’s the executive material required for the CIO job, Banerji said. “You’ve got to have a really strong constitution, mentally and physically. I liken it to professional athletes.”
And athletes not only good for the short sprints, he added. The journey of business transformation that many companies are on is so accretive that they can’t afford to lose their best executives. Corporations, need to create “a culture of performance for their top executives that is sustainable,” Banerji said. That’s hard.
“People say, ‘It’s a marathon not a sprint,’ but do you see how fast those people run in a marathon? Companies cannot afford to have CIOs working for a year or two and then getting burnt out completely,” he said.
CIO executive needs passion — and not just for enterprise architecture
According to Banerji, part of the new CIO persona comes from the fact that CIOs these days often have some major passion outside of work, and they really work at it. “These are people who are able to carve out specific blocks of time to do things that are meaningful to them outside the context of work,” he said.
One of the high-powered CIOs he knows races cars. Another races motorcycles. I wondered if he has come across any CIOs who write poetry or raise orchids. He hadn’t, but doesn’t doubt they’re out there. “The reality is, it’s not what you do but that you do something and that you carve out the time to do these things,” he said. Apparently the ability to turn off work and take a breather is an absolute must if one wishes to sustain the level of performance a company expects.
Some of these CIOs are flying a million miles a year. They’re responsible for operations around the globe. And forget about those long, alcohol-fueled dinners with your favorite vendor rep. “What happens if something goes down in Asia and they want you on the phone? Are you going to tell the CEO or CFO or the board of directors, ‘Sorry, I was half a bottle of Pinot Noir in.’? Doesn’t work that way,” Banerji said.
The new CIOs: more Marine than Mad Men and Mad Women! More polymath than Poindexter!