When the Massachusetts Senate took action this week to modify the state data privacy act (Standards for the Protection of Personal Information of Residents of the Commonwealth), I didn’t jump for joy the way some people did.
Yes, the original legislation set such a high benchmark that it would place an enormous burden on businesses to comply: encrypting all personally identifiable information, designating one person to oversee a company’s privacy program (a big burden for smaller businesses where there’s not even one person dedicated to security). So I understand the hue and cry about legislators not getting the implications of what they are putting in place because they don’t understand the technology, or IT, or the economics of risk management for the business world. That is all true.
But what is also true is that data protection is changing, and needs to change, in the U.S. Even as the Massachusetts law would defer to federal law in many places, the fact is we don’t yet have a tough federal law on the order of what is commonplace in some other parts of the world. Americans, as capitalists, often roll their eyes at many European conventions (think: six-week vacations, nationalized health care, controls on greenhouse gas emissions) but in fact the U.S. could end up emulating some EU practices because they work. Privacy and data protection should be no different.
As a resident of Massachusetts, I’m disappointed that my state might not end up with the toughest data protection law in the nation. But I hope the feds will soon pick up the ball and take care of that for us. Unlike legislation like SOX, where the sins of the few brought the burden to the many, a federal data protection act would be one for all of us. With nothing less than the integrity of our identities at stake, creating such electronic border controls should involve federal funding just as any aspect of national security does. And on the global stage in the electronic age, this is indeed a national security issue.
Yes, many states have data protection laws on the books now. But that doesn’t satisfy the Europeans, who view our data protection as weak without a federal law. Now’s the time for the feds to step in and give us a united stand.
In the course of writing today’s story on spend management software and cost transparency tools, I talked quite a bit with Shane O’Sullivan, group CIO for Skandia Group Cos., about his methods for tightening up operational costs in procurement. O’Sullivan touched on many aspects of his organization’s program, and noted that having a procurement-related governance model in place from early on has been invaluable when it comes to being responsive to marketplace conditions, contract negotiations and the like.
That attitude makes sense to me: SearchCIO.com has looked at IT governance from a number of angles, and we’ve seen that — especially in a recessionary environment — organizations are finding that establishing protocols with regard to purchasing, hiring and other operational areas is imperative in order to run a lean-but-effective business.
I’m looking to write a longer story about procurement cost-cutting and governance strategies. Are you an enterprise CIO with experience in cost-cutting or governance related to procurement? If so, please email me at email@example.com.
Happy Monday! SearchCIO.com was hard at work this past week studying business process management (BPM), service-oriented architecture (SOA) and business activity monitoring (BAM). We also launched a new IT consultant blog. Read the details below!
A move to cloud computing should involve SOA and BPM – Enterprises preparing for cloud computing should involve SOA and BPM in the process to achieve transformational change.
How CIOs are enabling business activity monitoring with existing tools – Find out how CIOs are providing business users with real-time data without big investments in BAM tools.
BPM guide: Business process management best practices for CIOs – Business process management refers to an approach for improving an organization’s processes. In this all-inclusive guide, find BPM news, best practices and tools for enterprise CIOs.
Ask the IT Consultant blog – We hope all of our regular blog visitors will take the time to visit our new blog, Ask the IT Consultant, where members of the Boston chapter of the Society for Information Management are available to answer your questions.
Some ISVs are behind the curve when it comes to changing their licensing terms to accommodate application virtualization.
Having one installed application that is streamed to many users, as is the model with application virtualization, versus a per-user licensing model, is one curve ball ISVs are mulling.
There is what analyst Mike Cherry with Kirkland, Wash.-based Directions on Microsoft calls a chicken-and-egg game going on: CIOs are waiting for word from their vertical ISVs on whether they’re going to adapt their licensing models for virtualized versions of their applications, and ISVs are waiting on CIOs to tell them to come up with licensing that reflects a virtual environment/application.
There are risks that CIOs can run into if they forge ahead and virtualize an application without first checking to see if the ISV can support that type of deployment. Cherry has seen companies do just that, only to be told by the ISV to put the application back on the physical server because the ISV doesn’t know how to fix the application when something goes wrong in a virtual environment.
And he’s not alone. Ty Schwab, CEO and founder of virtualization consulting firm Blackhawk Technology Consulting LLC in Eugene, Ore., has said that not enough companies are checking to see if the ISV is supporting virtualized versions of their applications, and not all software vendors have a plan for how they’re going to charge for their applications in a virtual environment.
He advises that CIOs test the application to make sure it can be virtualized, then call the software vendors to come up with a plan for how they’re going to charge you for licensing.
In addition to the cost of the software license, keep in mind that you will have to pay for the technology used to create a virtual application, such as SoftGrid, which Microsoft acquired and renamed App-V 4.5. Such software comes with a one-time fee of $2,000 to $5,000 for the application virtualization studio or administration console needed to design, repackage and virtualize applications. On top of that there is an application virtualization licensing cost of around $30 to $150 per application that is virtualized.
Have you already gone through the process of negotiating virtualization licensing terms with your ISV? Do you have any advice for others as they start down that path?
Let me know at firstname.lastname@example.org.
Telecom providers will do whatever it takes to keep your business, even in a business downturn. And that’s not just lip service.
Did you know that you can insist on a “business downturn” contract clause in your telecom agreements? Many large corporations are spending in the millions on telecom expenses each year. Even the IT organizations that excel at telecom expense management can’t effectively do so when the business takes a hit. For instance, if your company loses a major account or sells off a subsidiary or business unit, a “business downturn” contract clause allows you to reduce your original commitment level to the telecom provider – in terms of spending, rates and/or contract length.
A “business downturn” contract clause can also cover migration to a new technology that possibly reduces the original amount of services covered by your contract. However, “you will want to eliminate language restricting the clause to business downturns ‘beyond the customer’s control’ or to situations in which the customer cannot meet the commitment ‘despite its best efforts,’” advises telecommunications and IT law firm Levine, Blaszak, Block & Boothby LLP on its website. “Such phrases eviscerate any rights that the clause otherwise grants.”
Just last month, TNCI, a national voice and data communications reseller, competitive level exchange carrier and VoIP network provider, announced that it was offering a “business downturn flexibility” contract clause to new and existing customers using its telecom services. The new contract clause is “designed as a method for renegotiating service agreements due to a change in the customer’s business situation as a result of the recession,” according to a statement by company officials.
TNCI isn’t the first to do this and definitely won’t be the last. Telecom providers are feeling the heat of this weakened economy and are doing whatever is necessary to work with IT organizations on managing their telecom spending and services.
Telecom providers ultimately want to keep your business. It’s easier for them to keep a remaining large customer than invest in a new one. “If Verizon has a customer with 1,000 analog lines, it is easier to lower their rates or work with them on their contract, than install 1000 lines for a new customer,” said Michael McCauley, PMP of TelPlus Communications, a managed telecommunications solutions provider. “It’s always much easier to negotiate from a point of strength.”
Whether your telecom spending is managed through IT or an outsourced service provider, adding a “business downturn” clause to your contracts is a smart business decision in bad times.
This past week, SearchCIO.com was all over business process management, from BPM and service-oriented architecture (SOA) and how they work together to how to find fast ROI using BPM. We also podcasted an interview with the Massachusetts state CIO, who offered helpful lessons for any enterprise CIO grappling with new technologies, compliance, budgets and more. Check it all out below, and scroll down for the latest from the blog.
The challenges of a state CIO – In this podcast, Anne Margulies, state CIO of the commonwealth of Massachusetts, discusses the challenges of investing in new technology, while keeping an IT infrastructure running smoothly.
How BPM and SOA work together for business process improvement – Enterprises should marry their BPM and SOA efforts if they really want reuse — and true business process improvement.
BPM software: How to find fast ROI on smaller projects – BPM software can lead to fast ROI when companies use it properly, experts and users say. Learn how Level 3 Communications launched its own BPM platform and how you can do the same.
At a conference session on risk management and compliance, CIO Carolyn Damon let it be known that it is not uncommon for CIOs to be spending 40% of their time conferring with legal counsel. And, no, she was not talking about CIOs at law firms, but CIOs in regulated industries.
Damon is CIO of GE Capital Americas-Capital Financial Inc. — and proof that in the risk-riddled Great Recession, the office of the CIO is extending far beyond the four walls of the data center.
Yesterday, at the Gartner conference on risk and compliance in Chicago, Damon was play-acting the role of the CIO at the fictitious WinterNuke Co., an energy conglomerate under fire from environmentalists, regulators, shareholders, ordinary citizens, you name it. The constellation of mismanaged risks behind all the bad publicity included a failed SOX audit related to a botched acquisition; plans to build a nuclear plant in a seaside resort area; and a fired overseas employee claiming the speculative trades he made that lost millions were in fact sanctioned by upper management. (The fake scenario is a compilation of problems experienced by Gartner clients this year.) As keeper of the corporate data, the make-believe CIO was at the center of the legal maelstrom. The truth is that many real-life CIOs are there, too, or soon will be, she said.
“It is an interesting fact of where we are going from an IT perspective. Understanding the regulations that are out there, understanding business language, as well as understanding technology and then marrying the three, is fast becoming the role of the IT leader in organizations out there,” Damon said.
In those fake CNN reports on WinterNuke, there was no mention of IT per se, “and yet technology touches every one of the areas” under fire, Damon said.
A critical component of the real CIO’s job is to know exactly what the IT controls are for those areas and to “feather them against the regulations” that affect those areas, she said. The other part of the job is communicating the business benefits of that model to your counterparts in the legal as well as financial departments. “The more you can communicate with your legal partner what that method does and how it manages the risks they are concerned about, the more you have a partner,” she said, adding that the same goes for the CFO, with the added data point of how many dollars can be saved by implementing the IT model. “It’s about one executive at a time.”
By the way, among the many wrinkles in the fictitious case under review is the location of the rogue trader in Europe, where the data privacy laws might stymie the company’s investigation. That would not have been a problem at GE because her company “has been proactive” and gotten preconsent from overseas employees. Knowing the countries that you’re doing business in is critical. Spend time with the attorneys, Damon said, and if they don’t know the data privacy laws, the record retention requirements or the data movement protocol in the various geographies, the CIO should be able to lay it out.
That said, it is not the CIO who owns the risk management program for the company, Damon stressed. “Somebody has to have the overall plan.”
Here’s a take on IT spending that most IT executives will be happy to hear: Companies that make IT investments in a recession will see the financial dividends for years.
“It’s double coupon days for IT investment,” Howard Rubin, MIT CISR research associate and professor emeritus at Hunter College of The City University of New York, recently told IT and business professionals at the Society for Information Management monthly Boston meeting.
If a company invests $10 million now in IT, Rubin said, then another company that waits until better economic times to make that investment will likely spend twice as much to catch up with the business that made the initial investment in a timely manner.
“Competitors won’t be able to afford to catch up,” Rubin said.
The thrust of Rubin’s talk – that IT investment still matters, even in a recession – hinged on the notion that spending on IT vastly enhances a company’s business performance, and the gap between you and the competition goes straight to your financial bottom line.
Each dollar of new IT investment between 2003 and 2004 led to a gross profit increase of $1.47 in 2006, Rubin said, while a 26% increase in cumulative absolute technology spending in the U.S. in 2006 helped drive 114% in absolute gross profit. In other words, IT pays for itself and more.
Of course, in today’s recession, technology spending is colliding with economic conditions, Rubin said. The current high fixed cost of IT in most companies is preventing change, and conventional IT cost-cutting models – outsourcing, offshoring, laying off workers, squeezing vendors, reducing portfolios — have “hit the wall” under pressures to spend less.
“You can take advantage of this time by optimizing what you’re doing,” Rubin said.
This could involve tapping into technologies such as Gmail, or shifting more costs to vendors via new supply chain management models.
But time is of the essence, because your competitors will catch up if you give them the opening. If you can make external partners understand your new scale, he said, you should see rapid IT transformation that benefits the business’ bottom line. And isn’t creating dividends – both now and down the line — what we’re all looking to accomplish, especially in a recession?
It was a virtualization-heavy week for SearchCIO.com, as we covered VMware’s new cloud operating system, virtualization management tools and SOA governance, and tested our readers’ knowledge of virtualization and the private cloud. Check it all out below
Cloud computing initiatives show wide range as VMware touts cloud OS – VMware’s new cloud operating system, vSphere, brings new capabilities, though some big cloud projects will use Microsoft’s virtualization technology.
Virtualization management tools: Ready for prime time? – Virtualization management tools help enterprise CIOs address virtual server sprawl, workload balancing and other issues. Learn about costs and options in this podcast.
SOA governance: How and why to build it into your SOA initiative – Service-oriented architecture governance prevents duplication of services and wins business buy-in. Here’s how to start or improve your governance effort.
Virtualization and the private cloud: A quiz for enterprise CIOs – What do you know about virtualization and the private cloud? Take this quiz to find out.
It seems this Great Recession is pressuring some industry sectors more than others to turn to outsourcing.
While total value of large outsourcing contracts is down dramatically in the first quarter of the year, according to industry watchers, the number of contracts awarded by telecom, media, retail and the utilities, traditionally cool to outside help, is up at least 20% year over year.
Except for utilities, the sectors showing a 20% jump share another trait: All of them underperformed the Forbes Global 2,000 in growth of revenue and earnings and in market capitalization.
The data comes from TPI, a large global outsourcing advisory firm that tracks IT and business process outsourcing deals of $25 million or greater. Results from the first three months of the year show the total value of outsourcing contracts signed declined 22% from the same period a year ago to $19 billion, the lowest since the first quarter of 2001, when the air went out of the dot-com bubble. The number of contracts slipped to 141, 1.3% down from the same time a year ago. And the bulk of the contracts — 101 — were for IT work.
The utilities industry accounted for 30 of the 141 big deals signed over the past 12 months, compared with 23 contracts between 2007 and 2008. Highly regulated and influenced by unions, this is a sector that has traditionally avoided offshoring, according to TPI. But an aging workforce disproportionately hit by layoffs during the recession has depleted expertise, causing companies to look outside their four walls. The expense of compliance is also driving companies to cut costs on labor, even in the face of high demand for their products. “The industry has got to deal with the harsh reality of continued growth and demand for electricity, while the construction of the power plants to meet these new demands face increasing regulatory hurdles,” said TPI industry sector specialist Tom Lang.
The volume in retail, which also accounted for 30 contracts in first quarter, was up 40% from a year ago, although the total value of the awards dropped to its lowest level in five years, more evidence that the trend is to enact shorter contracts focused on fixing the problem at hand.
Telecom’s 99 contracts marked an all time high for that industry.
The underperforming media industry showed an uptick in both the number and value of contracts, consistent with the trend in that sector for the past five years. Most media outsourcing activity stems from the U.S., with about 60% of the transactions signed in the Americas. These are now increasingly coming not just from the top 25 global Forbes media companies, but also from smaller players.
“Companies of all sizes are aggressively seeking new ways to reduce costs and develop new revenue streams,” Lang said. “To make the most of their assets, they are also looking to leverage content across multiple platforms, which often requires the development of new software applications and other IT-driven innovations. But there is also a fair amount of BPO, largely focused on the financial processes.”
The media market is an exception on business process outsourcing (BPO). The market for big, transformational BPO work, hot during the boom-boom years, has shriveled, especially in the Americas, and it is unlikely to come close to any of the metrics of the past five years, TPI’s Peter Allen said. “The cost savings are generally longer in coming in BPO and require broader organizational change than we see in IT outsourcing, giving ITO the priority.”