When I heard about a study on password worst practices at social network app maker RockYou (which was hacked late last year), my initial thought was a very mature “I must be smarter than their users — because who wouldn’t follow password best practices?” Who chooses passwords like 123456 or password in today’s hack-happy, data-privacy-and-protection-focused tech world? I remember Sarah Palin’s Yahoo account getting hacked soon after she was named John McCain’s vice presidential running mate back in 2008, and experts surmised that it was because she used easily obtained personal data in setting her passwords.
But we all learned from her errors, right? Savvy corporate IT users and their CIOs don’t need to worry about such password faux pas, right? Wrong. Wait, what?
Because users tend to use the same passwords on most of all of their work and personal accounts, a hacker’s ability to infiltrate one can quickly lead to unlocking the rest. In a 2009 Twitter document hack, “once the hacker broke into a single employee’s Gmail account, he was running free and eventually got access to a lot of sensitive corporate information.”
Gulp. Maybe I need to stop patting myself on the back. Just because my passwords are more difficult to guess than iloveyou (another top choice), it doesn’t mean I’m not putting my own information — or, worse, my company’s – at serious risk of an IT security breach by selecting similar passwords for various corporate sign-ons.
We research and write a lot about the technical side of data privacy and protection — but what about the human side? It surprises me that there still may be many company employee manuals that don’t include a section on data privacy that stipulates password best practices and emphasizes that duplicate passwords are a no-go. Could it be that employees are just ignoring the rules or making information too easily accessible to potential breaches? My colleague Kristen Caretta once blogged, quite correctly, that dressing up as a Post-It note with a secure password could qualify as a scary geek Halloween costume, since one-third of most passwords are still being tracked that way.
Does your company maintain rules regarding data privacy and protection with regard to passwords? Do you have a good way of enforcing these rules? And what’s your favorite password? (Kidding, kidding)
After a week or so on the phone with any CIO I could get in touch with, here’s my super-unscientific prognostication on IT budgets in 2010: IT spending and CIO priorities are all over the board.
You get the picture — it’s all over the board.
In an attempt to put some data to these impressions, I checked the most recent predictions coming out of the research houses and found them to be no help at all. What can you make of things, when Gartner is predicting a 1.3% growth in IT budgets for 2010 — so basically flat — while Forrester Research is projecting 6.6% budget growth for the IT market in 2010?
Certainly, the Gartner prediction is more in line with other surveys out there. Our own TechTarget polling shows the majority of CIOs expect IT budgets to be flat or smaller this year. Then again, Gartner got 2009 wrong, starting out by predicting roughly 3% growth in IT budgets in 2009 only to revise that number downward quarter by quarter. This week, Gartner proclaimed 2009 the worst year ever for IT budgets: down by 8.1%, wiping out four years of growth.
Meanwhile, over at Forrester, analyst Andy Bartels told me it is not surprising that CIOs are telling survey takers that budgets are flat or down next year. “Coming out of recession, they want to be cautious; they don’t want to go out on a limb,” he said. Barring the country slipping back into recession, however, he is convinced that CIOs “will get leave to spend over their budgets.”
Question of the day: Are you getting any signals from the boss that you’ll be able to spend over your official budget this year?
To our readers in the U.S., happy Martin Luther King Jr. Day! I’m guessing some of you have the day off and won’t see this post until later in the week, but I wanted to catch you up on the buzz on the Web, as well as our latest content from SearchCIO.com.
Of course, the overriding story around the globe this week was the 7.0 earthquake just off the coast of Haiti, which has devastated the small island nation, particularly its capital, Port-au-Prince. The role of technology and the Internet in sending aid Haiti’s way has been very well documented, from the role of social media such as Twitter lists in keeping the world up-to-date on the latest condition to a techie summit to discuss solutions and text messaging campaigns that have raised millions of dollars for the relief effort (although, sadly, there are questions about how quickly these funds will actually reach the victims).
A slew of IT outsourcing deals inked in the past week, including Virgin Atlantic’s five-year, multimillion-dollar IT support contract consolidating more than 40 contracts from previous suppliers, and New York, officials announced that they are streamlining IT, in part by migrating more than 40 agencies to a single email platform, which they expect to save the state at least $4 million annually.
Here on SearchCIO.com this past week, we looked at SaaS, BI, IT pessimism heading in 2010, and whether tactical concerns overwhelmed strategy for CIOs last year. Read the stories linked below and please share your thoughts on our coverage.
IT salary survey: More pessimism than optimism in IT outlook for 2010 — The IT outlook in 2010 for many enterprises is one of pessimism, although, surprisingly, some hard-hit industries report optimism in their IT shops. Get a 2010 outlook with our breakdown by industry here.
SaaS BI helps boost Welch’s efficiency, data retention — Welch’s uses business intelligence Software as a Service to retain data during an ERP implementation and gain operational efficiencies and savings. Talk about juiced-up BI!
SaaS applications help Bosley consolidate apps, cut maintenance costs — SaaS applications are helping the hair restoration provider cut maintenance costs, consolidate applications and centralize data for business intelligence.
Tactical decisions outweighed IT strategic planning for CIOs in 2009 – Talking with our enterprise CIOs, we found that many of them spent more time on tactical decisions over IT strategic planning in 2009 — which ended up being a good strategy to drive business value during the Great Recession. Read our interviews and get our survey data here.
Our SearchCIO.com IT salary and careers survey did a little probing this year around one of those fraught CIO career questions: How much time do you devote to IT strategic planning as opposed to tactical decisions? We also asked whether the recession had an impact on that ratio.
Not surprisingly, the worst financial crisis since the Great Depression made its impression. Tactical decisions outweighed IT strategic planning for CIOs in 2009 — a lot more, for some.
The Doe Run Co.’s Sharon Gietl, for example, went from spending 40% to 60% of her time on strategy to devoting 80% to 90% on tactics in 2009. Gietl said her IT strategy can be summed up as “moving the business forward.” Last year, she was figuring out whom and what to cut to help keep the company afloat.
The salient fact in my follow-up interview with Gietl, however, was that everybody else at Doe Run was doing the same. Ron Washington, CIO at Ergon, a petroleum products company, told us he met the greater demands for operational duties by working longer hours, just like — you guessed it — everybody else on his team. CIOs did what they had to do help their companies survive 2009.
CIO goal: 80% on strategy?
In my survey follow-up, I also asked analysts and career experts if the shift to tactics in 2009 signals a step backward for the CIO career. The answer, for the most part, was no. Extraordinary times call for extraordinary measures. In normal times, if there is such a thing anymore, the ratio between tactics and strategy will depend on the maturity of the company, said consultant Bruce Barnes, offering an analogy to the automobile. Steering is up front, with the driver’s focus on the future destination and the many possible impediments to reaching it. The tactical application of the energy to get you there — making the wheels turn forward — is in the back of the car. The less mature or operationally efficient an organization, the more time the CIO will have to spend on that tactical drive train, and the slower the trip to reach his or her strategic goals, Barnes said.
Of course, the elephant in the room — the fraught part of the question — is whether there is a right balance between IT strategic planning and short-term tactical decisions for those CIOs determined to drive business value.
Barnes gave it a shot: “The CIO’s goal needs to be getting to the point where about 80% of his/her time is being spent steering and watching/planning the road ahead … as well as enjoying the ride.”
I’d like to hear what you consider the ideal balance between IT strategy and tactics in your job and why — and, oh yes, if you’re enjoying the ride.
Google’s decision this week to stop cooperating with Chinese government censors — and, quite likely, pull its business efforts out of China completely — has lit up the tech sphere, with people around the world debating the human-rights and free-speech elements of the Google-in-China decision. Remember, this is a company branded with the unusual slogan, “Don’t be evil,” and some of its users saw Google’s cooperation with Chinese censors as just that.
Given my recent work covering outsourcing and offshoring plans among enterprise IT organizations, the international element of this brouhaha speaks to the idea of U.S.-based businesses investing in business operations abroad, the due diligence that takes place in assessing IT outsourcing locales, and whether the business should be prepared to accede to the mores of its new base.
Relationship building is a key aspect of outsourcing arrangements. There are often language barriers, time-zone differences and cultural variances to consider, but these are sometimes forgotten as companies draw up outsourcing SLAs and haggle over IT pricing models. Whoever in your organization oversees IT outsourcing arrangements — whether it’s the CIO, procurement or another business executive — needs to know what the company is getting into when it strikes a business deal with a foreign partner.
In the past year, I compared the pros and cons of IT outsourcing in Asia and Latin America, including some of the sociopolitical considerations to take into account. Take these as guidelines, but remember it’s your responsibility to undertake due diligence and understand the inherent risks and rewards of individual offshoring vendors, to avoid getting caught in Google’s current predicament.
I want to say one word to you. Just one word. Are you listening? (No, not plastics.)
I’ve been checking in with CIOs and analysts, following up on our annual IT salary and career survey to get the real-time read on IT budgets and IT hiring for 2010 and heard a variation on the jobless recovery theme: Elasticity.
Actually, the word came from Jack Santos, a former CIO and research fellow at Burton Group Inc. (soon to be Gartner Inc.). Santos was focused mainly on the sharpened interest from his clients in elastic computing models like cloud services for email and cloud platforms for software development. The notion of investing millions of dollars from IT budgets in up-front capital for solutions that might not show a benefit until much later — or, worse, become irrelevant in a volatile economy — doesn’t sit well with CFOs these days .
“If the company suddenly sees an increase or significant decrease in business, you’re stuck with those sunk costs,” Santos said. Better to “pay by the drink.”
But paying by the drink is not just a big theme for computing, as the Great Recession continues to grate on budgets. The topic of elasticity also came up over and over on the subject of IT hiring in 2010. Many of the CIOs I talked to — both those who had suffered deep cuts to staff and those who did not — indicated they’re using the pay-by-the drink model for humans, too. If business picks up and some of those delayed projects are put into motion, they plan to fill in with consultants or staffing services.
That doesn’t surprise Jerry Luftman, who directs the information systems program at the Howe School of Technology Management at Stevens Institute of Technology. “It looks like spending on internal staff will go down, but spending on outsourcing will go up,” he said, referring to findings from the SIM IT survey of CIOs he conducts annually for the Society for Information Management.
And, Luftman added, if companies do hire, many of them will choose the “rent-to-buy” route, offered by those IT outsourcing vendors, rather than go out and recruit people on their own.
Is your enterprise organization incorporating elasticity into its IT hiring or budgeting?
IT and business alignment is a challenge with which CIOs struggle daily, and it’s bound to remain that way, with recent data showing that IT managers are predicting smaller budgets for 2010.
So what do you do when business department heads demand to know why IT requests made several months before are not in place by now?
You could take a page out of CIO Chris Brady’s playbook. All IT requests from business departments at Dealer Services Corp., a Carmel, Ind.-based financer of car dealerships, are funneled to Brady, who in turn enters them in a weekly report that is shared companywide. The requests are rated by IT and business managers, with those deemed more critical to the business placed higher in the queue, she said.
This process allows department heads and users to see where their requests stand and how the requests rank in comparison with others made that week. Department heads meet with IT weekly to discuss, or argue, about why their particular requests are lower or higher than others on the list.
“IT always suffers from the perception that requests go into this giant black hole, that there isn’t a firm timeline for projects and response times aren’t good enough,” Brady said. “We faced that more so this past year than others [because of the economy], but the report shows the departments that we have 2,300 [IT] requests right now, and here’s where your five stand.”
A weekly report is also sent out, listing all requests that have been resolved and added compared with the previous week.
Of course, this comes from a CIO who encourages all employees to email her directly with suggestions on any matter, and what it comes down to is a belief in transparency. Perhaps until IT shares information — such as how many requests it gets per week or a timeline of when it thinks staff will get to a given project — the business may continue to view IT as a black hole.
Email me at email@example.com to let me know if you’re trying to make IT more transparent or other ways you are tackling IT and business alignment.
I’m going to try something a little different here from now on. In addition to summing up the latest from content from SearchCIO.com on IT salaries, security, lesson for 2010 and more, I’m going to include some links to what people in IT are talking about this week. Feel free to chime in with your own thoughts and let me know what you think of this new format.
I never used to be a gadget geek, but I’m coming around. See what our sister site, SearchTelecom.com, has to say about the Google Nexus One smartphone and its effect on business models. Meanwhile, the Globe and Mail says that Google says its next version will be geared at enterprise smartphone users and might have a physical keyboard.
Speaking of gadget geekdom, I’m not in the market for a new computer, yet I’m salivating over descriptions of the rumored Apple tablet. Please, Apple, make this happen!
People are still buzzing over the Consumer Electronics Show in Las Vegas last week. You can follow #CES on Twitter for the continuing dialogue.
Finally, here’s what SearchCIO.com reported on last week:
Information security budget closest thing to recessionproof in 2010 — Information security budgets in enterprise IT organizations will remain robust in 2010 compared with other IT spending areas. Learn more about budgeting for IT security.
CIOs: Planning, no frills make disaster recovery plans recessionproof — In a year when economic risk overshadowed potential disasters, CIOs who launched DR plans considered costs from every angle. Here are some tips that can help you sell DR in 2010.
IT salary survey: How CIO, IT salaries vary by industry — The results of our annual IT salary survey are in, and IT execs in some industries clearly earn more than others. Which industry do you think comes out on top?
IT best practices in 2009: Lessons learned for 2010 — IT efficiency was driven by the economic recession in 2009, and enterprise CIOs will carry the lessons they learned into 2010. Get their IT best practices in this guide.
Instead of spending years developing an enterprise business intelligence strategy to consolidate BI tools and come to a corporate-wide agreement on key performance indicators, some enterprises are finding that an iterative approach at the departmental and business unit level is more effective.
For instance, a division of a global equipment provider to the pharmaceutical and bioscience industry turned to a SaaS BI provider to gather revenue and supplier metrics. This division wants a specific set of data and a relatively quick turnaround.
The company has many BI tools in place, but the division went with SaaS BI provider Oco Inc., because “Enterprise BI is too tough to tackle” said Mike Beckerle, Oco’s CTO.
Coming to a corporate-wide decision on the definition for one metric alone can be daunting.
Take a common enterprise business intelligence metric, customer profitability. On an enterprise scale, the definition of a customer will vary depending on which business unit you’re talking to, as will the metrics for deciding what should be measured to determine a customer’s profitability: How much does it cost to satisfy and support this customer, versus what they pay us in return, for example. That is one of many questions that can determine if a customer relationship is paying off.
Some argue that enterprise-wide definitions and metrics are unattainable. Not only because everyone has to come to agreement on what data should be measured, how it should be measured and who it should be measured by, but also because business goals and markets shift constantly, making a defined metric obsolete pretty quickly.
This is not to say that data should not be centralized or common BI goals are not being created across an enterprise, but I’m wondering if business units and departments are finding it easier and more productive to go it on their own. And if so, what ramifications will this have on an enterprise’s ability to discover cross-departmental patterns and achieve the ultimate goal of predictive analytics?
Let us know what BI path you’re on. Email me at firstname.lastname@example.org.
Welcome back from the holidays! I hope everybody had the chance to take some time off in the past week to spend with their families and loved ones. Now, it’s back to the grind! Here’s the latest content from SearchCIO.com:
Server virtualization and cloud computing carry savings into 2010 — Learn how a CIO saved more than $300,000 through server virtualization and cloud computing.
ITIL best practices and lessons for the new year — The value of implementing ITIL best practices is clear to IT, but not always to the business. Find out how some ITIL users increased ITIL adoption in 2009 and get tips for 2010.