We’ve written quite a bit about the need for changes to software virtualization licensing terms to uncouple them from the physical hardware and accommodate the dynamic, shared computing environments that virtualization has made possible. Many vendors’ licensing terms remain outdated because they prohibit the movement of workloads or the divvying up of resources.
This counters some of the benefits of moving to a cloud model and adds another snag to a long list of cloud security risks on the minds of CIOs and CISOs.
Michael Daly, deputy CISO and director of IT security services for Raytheon, said that it’s a two-sided security coin: Vendors and SaaS providers want to make sure that you are truly using only the licenses allowed to you by contract, but how do you prove usage in an environment in which usage is fluid?
What it comes down to is validation, said Daly. The vendors want to know that you are not “fibbing” about usage, “but the alternative is that you [give] all these vendors — and you might have hundreds of products in this [virtual/cloud computing environment] — oodles of usage data about every movement your business makes.”
That’s too much information to be giving away, and then some. “It might even not be legitimate for you to be giving it away under some SEC rule, because you might be giving away stock-affecting information about how many customers you have at any given time,” he said.
Daly’s advice to other CISOs and CIOs is to minimize cloud security risk by negotiating a contract that lets you test your hosted environment for vulnerabilities and change simple things such as passwords.
“Get friendly with a lawyer,” he said. “Walk through the contract language to make sure there is flexibility in there, and that you understand what happens financially when you do want to make a change to that environment.”
In our coverage next week, SearchCIO.com will explore how corporate information security practices change when a virtual cloud environment is added to the mix.
In the meantime, here’s more food for thought from experts and CIOs grappling with cloud security risks:
- Are you beholden to the security practices of the cloud provider, or is there room to change the rules to suit your needs?
- If your data is housed on a shared cloud, does it still meet the mandates of certain regulations?
- Do cloud providers need to create more modular environments for their customers to prevent potential data sharing mix ups between customers?
Let us know what you think about the blog post; email Christina Torode, News Director.
Innovation happens at the edge of an organization, with rebellious workers willing to go against the status quo, said an executive with a large IT consulting firm. That doesn’t exactly fit the modus operandi of IT, he said. Venture capital firms interested in investing in startups tend to avoid companies spending a lot on IT, he said in furthering his point, because they don’t believe IT equates to innovation.
IT does not result in innovation, said a vendor CEO on another panel, and pointed to an anecdotal number based on his dealings with corporations that “98% of organizations don’t see innovation in IT.”
I could go on with examples from other vendors (perhaps with their own agendas) explaining how IT is not innovative, though in large part through no fault of its own: Many CIOs still are mandated to cut costs. That’s not exactly a spur to innovation, although some would argue that indeed it is.
The point is that plenty of IT innovation — or maybe we should say business innovation through IT — is under way. Take, for example, the winner of this year’s MIT Sloan CIO Symposium innovation award: Marco Orellana, CIO at Chile’s Codelco, currently the world’s largest copper mining company.
Orellana set out to make the life of his workers easier. So, he helped create Digital Codelco, a system that automated a lot of the functions the miners really didn’t want to do. The idea was to allow them to spend less time in the mines — remote controls for the mines’ trucks is one example.
The idea is that innovative CIOs are in touch not just with the CEO or the C-suite, but also with the needs and desires of everyday workers in the company.
Let us know what you think about this blog post; email Christina Torode, News Director.
A perennial scolding heard at conferences is that if IT leaders ever want to have a seat at the table — if CIOs hope to play a strategic role at their organizations, they need to learn to speak the language of business.
Well, guess what? That table is turning. Or at least, it was my fleeting impression yesterday at the annual MIT Sloan CIO Symposium that the language of business seems to be morphing into the language of technology.
The theme of this year’s conference was how the role of the CIO will evolve in the digital business world. Now, as some readers of this blog might remember — and as repeat attendees of the MIT Sloan Symposium certainly know, the evolving CIO role was a major theme at last year’s symposium. The tagline, however, of this year’s event — Beyond the Crossroads — signaled that something was different. And something was, never more so than in the CEO panel that kicked off the day. The most striking aspect of the speakers was their tech savvy: Tech talk practically rolled off their tongues — and I’m not referring just to the word cloud, which came up often enough.
Take David Castellani, senior managing director and CEO at New York Life Retirement Plan Services. He wants to “destroy the desktop” and move “to dumb terminals, iPads and small phones.” For Eric Openshaw, vice chairman and U.S. technology, media and telecommunications leader at Deloitte LLP, social media is top of mind (nothing too surprising there); but Deloitte, he went on to explain, is struggling to get “the right platforms” for both internal use and for engaging with the external world. Data analytics also is critical for Deloitte; indeed, the firm’s $1.2 billion investment in that analytics now allows it to do things like predict a bank failure within 60 days of it happening. But the “great opportunity” for his and every other company, according to Openshaw? That lies in “mining unstructured data,” he said. I could give other examples.
Now, the organizers of the MIT Sloan CIO Symposium might have gone out of their way to find tech-savvy CEOs and business people for their panels, but that would distinguish this symposium from last year’s. There, CEOs and CIOs alike voiced the same old CIO leadership issues in the same old words, such as speaking in the language of business, or the need for CIOs to align IT with business goals. Yesterday, CEOs at least sounded like they are indeed operating in a digital business world and have moved beyond the crossroads.
I’m pretty sure there isn’t a CIO around who hasn’t asked himself at some point or another if he has what it takes to do the job. Heck, there’s probably not a sentient person on the planet who hasn’t wondered at times if he is up to the task. On these occasions, our tendency is to look inward for the answer. Am I smart enough, tough enough, patient enough? Oh, shoot, am I good enough for this? But it just may be that it’s the ability to look outward that really counts — at least when it comes to being an IT innovation leader.
That’s been the experience of Roger Roberts, a partner in McKinsey & Co.’s Silicon Valley office, and leader of the firm’s IT Strategy service. Roberts is talking about new IT innovation models at the MIT Sloan CIO Symposium on May 18. I interviewed him for our ongoing CIO Innovators series.
Could Roberts tell me what characteristics IT innovation leaders tend to possess?
“I think the most important,” Roberts said, “is that they can easily place themselves in the shoes of different customers and stakeholders around the technology function.” Instead of describing a problem from the “supply side of IT,” innovation leaders can look at the problem from the “demand side,” he explained. He went further in his characterization: “The ability to adopt other perspectives and to truly empathize with both customers and business leaders, I think, is often the grounding for being able to release their agendas in IT and find ways to really solve problems on behalf of their stakeholders.”
It’s funny. This idea of putting yourself in somebody else’s shoes as the key to being an innovation leader has come up a lot recently, in one form or another. Bill Wray, CIO at Blue Cross Blue Shield of Rhode Island, was saying much the same thing when he explained in an interview that his approach to innovation was less about big software than about careful observation. He dispatches his IT team to sit side by side with frontline employees and find technology solutions (the cheaper the better) to improve their jobs — or as he put it, to make them “happier.” In fact, employee happiness is one of three criteria he uses as his yardstick for success. He referred to his team as therapists.
The view of the innovation leader as empathetic certainly doesn’t jibe with the stereotype of the single-minded, hard-charging business or military or political leader (Bill “I feel your pain” Clinton and Barack Obama are two notable exceptions, in my view). It’s closer to what I believe is the mental habit of great novelists and some visual artists. I remember hearing that Dickens would take the part of every character as he was writing — actually speak in their voices as he composed, acting out each person’s life. I think it’s a frame of mind that probably a lot of CIOs — with their having to take an end-to-end view of the company — would be wise to cultivate.
Okay, I have a funny story — and a compelling one.
There I was, sitting in the second row, alone in the small conference room, waiting for a customer panel to begin at Red Hat’s summit on open source solutions last week. The five panelists arrived early as well, shook hands with each other, found themselves at a loss for words and readily took their seats on their stools, staring straight ahead, maybe 10 feet away.
Well, this is awkward, I thought.
With nine long minutes to go before the start, I decided to break the ice and approach the panelists, introduce myself and exchange cards. Imagine my horror when the first panelist I approached, a man in a blue suit, appeared not to have a card on him. I raced back to my briefcase to retrieve several of my own, handed one to him and to two other panelists, along with a pen, and exchanged cards with the remaining two customers.
When the man in the blue suit was finished, he returned my card and inquired, “And who are you?” Embarrassed by the order of events, I told him about SearchCIO.com, its focus on the CIO’s point of view and my particular interest in cloud computing. I then collected the other cards and beat a path back to my seat.
Now, imagine my delight in the irony when I flipped over the card from the man in the blue suit to find the phone number and email of Jerome Bender, deputy assistant director at the FBI’s Criminal Justice Information Services (CJIS) division. It just goes to show that when you need to get information, sometimes you have to resort to persuasive measures — in this case, peer pressure from card-carrying panelists!
The compelling story is the one Bender told the room once the panel discussion got under way.
CJIS operates national law enforcement services across 18,000 agencies, and has about a million end users, Bender said. The National Crime Information Center in Clarksburg, W. Va., where CJIS is based, processes 8.5 million transactions a day. These include fingerprint processing (200,000 per day) and background checks (14.5 million per year).
The speed with which these transactions are processed against a database of 68 million people with criminal records is astounding: 15 seconds to 2 hours. “The fastest checks are in support of homeland security as people are coming across the border — 15 seconds,” Bender said.
Yet that isn’t what’s most compelling about Bender’s story. A rapidly increasing need for capacity drove CJIS to move two years ago from a proprietary hardware platform to commodity servers running Red Hat’s open source solutions, he said. In doing so, the organization saved about $80 million — while adding four times the capacity.
It takes a lot of horsepower to zip through a database of 68 million people. The FBI’s Next Generation Identification, or NGI, system, a cornerstone designed to enable CJIS to become a global biometrics leader, is deployed on 2,600 hosts in a highly redundant architecture that operates 24/7, 365 days a year.
There were challenges and successes in the FBI’s move to open source solutions, Bender admitted. “Security folks are not used to open source; it tends to be a challenge.” On the other hand, the decision to “do everything diskless and move onto a storage area network to minimize moving parts” has resulted in just one hardware failure over 2.5 years.
“Life-and-death stuff needs to be high-availability,” Bender said, and by using open source solutions, CJIS is providing that in a cost-effective service.
Open source computing is based on the concept that sharing is a good thing — a virtue we were all supposed to learn in kindergarten. This week at the World Trade Center in Boston, Red Hat shared its vision of an open source cloud ecosphere based on transparency and collaboration, the new business imperatives.
It’s a vision endorsed by numerous businesses including Nissan, which plans to deliver cloud services to automobiles in the future. The Japanese car manufacturer expects to sell 10% of its vehicles with “AV telematics” connected to a data center 24/7 for service, according to Celso Guiotoko, vice president and CIO at Nissan. Since the earthquake and tsunami in Japan, the company has strengthened its plan to standardize on open source technologies and applications as a platform for disaster recovery, he said.
Just how much money can a business save by going with open source solutions? Red Hat’s website has a TCO calculator, but just by way of a benchmark, company officials estimate that an implementation of Red Hat Enterprise Virtualization costs about one-seventh what a VMware installation costs. The government of Brazil saved 80% by moving to Red Hat, the officials said.
Open source vendors offer software for free but charge for support — a licensing model that requires customers to license support for all servers in order to receive it for any one of them, according to John Giordano, a system administrator from Harris Corp. in Melbourne, Fla.
The world is moving fast toward transparency and collaboration. Politically and professionally, innovation happens when people come together. The U.S. government, a huge open source user, is responding to Federal CIO Vivek Kundra’s cloud-first directive by consolidating data centers and looking for open source cloud solutions.
Red Hat announced two products — the CloudForms Infrastructure as a Service and the OpenShift Platform as a Service (PaaS). CloudForms repackages and enhances Red Hat’s technologies in concert with partners who offer open source application development, identity management, database, performance monitoring and other technologies, in order to provide enterprise customers with the tools to build an open source private cloud.
“Anyone with a private cloud today has had to do a lot of heavy lifting,” said Gordon Haff, cloud evangelist at Red Hat. “It’s our goal with CloudForms that you won’t have to do your own heavy lifting as you might have had to years ago.”
The OpenShift PaaS supports several development frameworks for Java, Python, PHP and Ruby; and is the first PaaS to plan support for Java EE 6. “It’s not a me-too offering but an industry-leading platform on day 1,” a Red Hat official said in a press conference. However, the PaaS is currently in developer preview, and at this time does not come with a service level agreement — a potential deal-breaker for enterprise developers.
Attendees at my lunch table at the conference were nonplussed about the “new” cloud focus, calling it a new name for virtualization. The two customers who spoke on a cloud panel — one from a health care company, the other from a small systems integrator — have built private clouds using open source technologies, but haven’t tried CloudForms or OpenShift. Judging by a show of hands, few folks in the audience have moved beyond open source virtualization to private cloud development (which entails automated provisioning of IT services and potentially, metered charges for those services).
One questioner at the final keynote drew chuckles by asking whether he, as a system administrator, would become obsolete by adopting the new cloud strategy — a question that also plagues system administrators of companies that use proprietary cloud technologies.
What are the risks to enterprises deploying open source technologies? Email me at email@example.com.
I wasn’t looking for a CIO lesson or IT insight when I grabbed my laptop in the wee hours to read more about the story of the century. Like many others, I was just hoping to fill in the blanks on the daring hunt for and execution of the person who claimed credit for killing nearly 3,000 unarmed civilians going about their business on Sept. 11, 2001.
Then, a comment by security expert Rachel Kleinfeld about an information innovation made me think about your job as CIOs. The co-founder and CEO of the Truman National Security Project, she was commenting for The New York Times on why it took so long to find Osama bin Laden. She writes:
I know, some people are saying the opposite: that torture helped us get the intelligence that ultimately led to the courier who worked for bin Laden. But the facts simply don’t support the claim. Torture produced a lead, but it took nearly five years between that lead and the end game, which simply shows that torture produces intelligence leads that can’t be trusted and must be verified through other means.
Instead, the intelligence breakthrough came when Gen. Stanley McChrystal took over at Joint Special Operations Command in 2004. In the aftermath of Abu Ghraib, he and his intelligence chief, Gen. Michael Flynn, brought police experts to teach their special forces cutting-edge criminal forensic techniques. They then forced the special forces, Central Intelligence Agency, National Security Agency and National Geospatial-Intelligence Agency to work together.
This could not have been easy: I was a researcher in 2003 and 2004 on a Defense Science Board study looking at why intelligence agencies weren’t sharing information, and it is hard to overemphasize how much the deck was stacked against information-sharing. But McChrystal forced cooperation, and it paid off. It was the intelligence gained from this innovation that led to the breakthroughs of the last few days.
But McChrystal forced cooperation, and it paid off. It was the intelligence gained from this innovation that led to the breakthroughs of the last few days.
Readers of SearchCIO.com know that we are writing a lot about technology innovation this year: the role CIOs play in innovation, how they use technology to spur innovation, how they create a culture of innovation, how they measure the risks and benefits of innovation.
For many CIOs, breaking down information silos — and forcing cooperation — is the innovation that will lead to more innovation. Abha Kumar at The Vanguard Group is convinced that the social collaboration and communication tools her IT team is implementing and supporting will dramatically change corporate culture in concrete ways, such as compensation, as well as in ways we cannot even imagine.
The New York Public Housing Authority’s Atefeh Riazi is convinced that the business intelligence systems most likely to lead to the breakthroughs that will improve the lives of the authority’s low-income constituency are those that can cull and correlate data from inside and far beyond the parameters of her organization.
Breaking down information silos has become something of a cliché in CIO circles. It’s good to be reminded how monumental information-sharing is. Go forth and force cooperation.
Much of the data center construction around the globe is being conducted by purveyors of popular websites like Facebook and Google. These heroes of the Information Age are feverishly expanding capacity to deal with the massive amount of data being generated by their services over the Internet.
But look behind the curtain, and these Wizards of Oz have a dirty little secret: To a staggering degree, they’re still buying electricity generated by coal-burning power plants.
“The IT industry’s failure to disclose basic information on its rapidly growing energy footprint has hidden a continued reliance on 19th-century dirty coal power to power its 21st-century infrastructure,” said Gary Cook, an IT policy analyst at Greenpeace International, an Amsterdam-based organization that uses nonviolent, creative confrontation to expose global environmental problems.
Apple, Facebook and IBM have the biggest appetites for coal-generated electricity, consuming enough to supply more than half of their power needs, according to a new report from Greenpeace titled, “How Dirty is Your Data?”.
The report analyzes publicly available information to estimate the amount of clean and dirty energy being driven by investment decisions and energy choices by the major Internet brands. Finding those numbers from within the companies proved nearly impossible, according to Cook.
“Despite the fact that data centers … currently consume 1.5% to 2% of all global electricity and are growing at a rate of 12% per year, companies in the sector as a whole do not release information on their energy use and its associated global warming emissions,” Cook wrote.
U.S. data center construction is clustering in places like North Carolina and the Midwest, where cheap, coal-powered electricity is abundant. When opened, the Apple iData Center in North Carolina, for example, will consume an estimated 100 megawatts — equivalent to the electricity needed to power about 80,000 U.S. homes, or a quarter-million European Union ones. Apple has not yet announced how the data center will be powered.
Greenpeace’s estimates of coal intensity put IBM, HP and Twitter just behind Apple and Facebook: Apple at 54.5%, Facebook at 53.2%, IBM at 51.6%, HP at 49.4% and Twitter at 42.5%. Google’s coal intensity is ranked at 34.7%, Microsoft’s at 34.1%, Amazon’s at 28.5% and Yahoo’s at 18.3%.
Recognizing that such IT giants could be the group that leads the world to renewable energy — or, conversely, hastens the adverse effects of global warming — Greenpeace this month issued an Earth Day challenge to Facebook, calling upon the company to “unfriend coal.”
Alas, the deadline came and went with no such action, despite a blizzard of posts from 700,000 Greenpeace supporters who set a Guinness World Record for the most comments on a Facebook post in 24 hours.
Google, at least, is getting the message when it comes to new data center construction. The Mountain View, Calif.-based company announced last week that it would purchase power for the next 20 years from a wind farm to be built in Oklahoma; this follows a similar agreement last year to buy power from a wind farm in Ohio. Google plans to sell surplus energy from the farms to the local electrical grid, thereby ensuring that more renewable energy enters the market as part of Google’s goal of operating on a carbon-neutral footprint.
Coal-burning power plants emit harmful chemicals that are warming the Earth’s atmosphere to life-threatening levels. Nuclear power, long proposed as the safe alternative, is explosive under certain circumstances, as we’ve seen at Japan’s Fukushima Daiichi plant. Moreover, it’s extremely difficult to safely store spent fuel rods.
Wind, solar and geothermal power projects are coming along, but not as fast as the rate of data, which is forcing huge cloud providers to choose power sources during data center construction that appear to be less costly. Yet these business practices could be costly for environmental health, which affects us all.
For something as new and as nebulous as the application of social media to the enterprise, measuring a company’s social technology maturity — and what IT can do about it — seems like a dicey business. But that is what Forrester Research analyst Nigel Fenwick has intrepidly set out to do with a Social Business Strategy Maturity Model, published this month.
First, Fenwick and his team assume that the business adoption of social media and collaboration technologies will only accelerate. CIOs can sit back and watch while their business peers forge ahead — or they can position IT as a player in their organizations’ social business strategy.
According to Fenwick and his team, businesses tend to develop social tech maturity in one of two areas: They are internally mature — that is, they are adept at using social technologies that support collaboration and communication among employees. Or they are externally mature — in other words, adept at using social technologies to reach out to and support their customers. The challenge for companies is to develop social maturity in the area where they are weak. And this is where CIOs can help.
Here are Fenwick’s yardsticks for measuring an organization’s maturity in social technologies — and suggestions for how IT should respond in each case.
Social technology laggards
At the bottom of the social tech maturity model are what Fenwick has labeled the social laggards. These organizations are not piloting social technologies, internally or externally. When it comes to social media technologies, their yardstick for success is avoiding litigation. Their legal departments rule the roost regarding social media, and IT basically is charged with preventing access to social technologies. The strategic paradigm at these companies is risk avoidance.
CIO’s course of action: Experiment with social technologies that boost IT productivity or efficiency, while you look for opportunities to support a business-driven social media project. You might try using Yammer, for example, as a platform for requesting IT’s help in answering a tech question. IT gets to experiment with social technology while you foster social media experience in the enterprise.
Internal social technology maturity
Companies that have internal maturity in social technologies have piloted projects that improve employee communication and promote collaboration. The typical measure of success at these organizations is employee participation. The strategic paradigm at work here is increased productivity. (For a case in point, read our profile of Vanguard Group.) IT is often heavily involved. In fact, the business sponsor usually is IT or HR. The teams coordinating projects typically oversee governance. Typical technologies include such social collaboration platforms as Microsoft SharePoint, Jive and Yammer.
CIO’s course of action: The aim is to help develop external maturity in social technologies. CIOs should work with their peers in HR, sales and marketing to help employees explore how social technologies might support customer-centric goals, such as improved customer service or better brand awareness. An example would be to empower staff to use Facebook or Twitter to engage customers.
External social technology maturity
Companies that possess external maturity in social technologies have engaged customers through social media as a way of improving marketing efforts and brand awareness. Measures of success include page impressions and traffic volume. The marketing department is the boss here. Sales, sales and more sales is the strategic paradigm at work here. (Read our story on the connection between social media and a “third wave” of capitalism for some prime examples.) IT’s job is limited to providing technical support to marketing or to integrating data. Marketing’s go-to social platforms include Facebook, YouTube, Twitter, Lithium and Radian6.
CIO’s course of action: Support marketing while you figure out how to help increase employees’ adoption of social technologies. One path to maturity, Fenwick suggests, is “to integrate collaboration platforms and social networks that extend between employees and customers, such as social CRM.
Put your social technology house in order
And in the short term? Fenwick et al. remind CIOs that social virtue begins at home. Here are three to-dos:
- Establish an IT social business council of IT leaders and social advocates to strategize and drive adoption of social technologies within IT.
- Hold social technology workshops for IT.
- Start an IT leadership blog.
Don’t be surprised if NASA’s Nebula cloud becomes the model — and maybe the mother — of cloud infrastructure in the U.S. NASA is embarking on an ambitious plan to overhaul its existing data center infrastructure to standardize on open source technologies and ideas.
At the forefront of the Obama administration’s efforts to consolidate data centers and adopt cloud services, Washington, D.C.-based NASA has “aggressively consolidated” 32% of its data centers in the past 12 months, according to Deborah Diaz, the agency’s deputy CIO. That had been a goal to be reached by 2015, but now NASA expects to consolidate 66% percent of its data centers by then.
“We’re looking at this holistically,” said Diaz, who is heading up a transformation that involves virtualization and such new technologies as geothermal power. The goal is not simply a reduction in the number of data centers, but also the “better utilization of computing resources,” she said. The result will be a hybrid cloud infrastructure that standardizes on open source technologies to save the American public money and further the agency’s lauded Open Government plan.
Diaz is leading an initiative as part of NASA’s IT Infrastructure Integration Program that’s called the computing services platform. Next month on SearchCIO.com, I’ll look at how she’s bringing together virtualized data centers that combine cloud infrastructure with high-performance computing and energy efficiency. She was in the private sector before she launched USA.gov and became CIO of Homeland Security.
NASA was founded in 1958 to “provide for the widest practicable and appropriate dissemination of information,” and its principles of open government are deeply embedded in its culture. Yet new initiatives are designed to take that to the next level by giving the public a voice in future endeavors. NASA’s Citizen Engagement Tool, for example, deployed through its Participatory Exploration Office, netted 420 ideas from 280 individuals in February and March.
NASA also co-founded (with Rackspace Hosting) the OpenStack initiative to foster open source development in the private sector. I’m looking forward to the upcoming Red Hat and JBossWorld conference in Boston in two weeks, where I’ll learn about the latest in open source cloud computing. Are you going? Email me at firstname.lastname@example.org.