April 22, 2009  7:13 PM

Oracle buys Sun: When strategic vendors go bye-bye

mschlack Mark Schlack Profile: mschlack

This decade has seen a lot of consolidation among both software and hardware vendors. Sun bought StorageTek, Sun bought MySQL. Oracle bought Sun, Oracle bought BEA (one of many midsized middleware companies to be acquired). EMC bought VMware and about 40 other software companies. Symantec bought Veritas. Microsoft bought Great Plains. The list goes on, and that poses some challenges for CIOs looking to ensure continuity and keep your architectures fed in this environment.

Consolidation is, of course, nothing new. Fifteen years ago, you might have been a DEC VAX/Alpha shop running RDBMS and Informix, with all sorts of now extinct middleware.

But today’s context is different. We’ve long left behind “Nobody ever got fired for buying from IBM” for a much more uncertain and free-wheeling sourcing scene. CIOs have gradually imposed order on the situation through standards committees. At some companies, standard means things like Java, XML and 10 Gb Ethernet. At other companies, it means Dell, Microsoft and Cisco. At most, I suspect, software and architecture standards are a mix of protocols, open standards and vendors.

During this period of the rise of standards committees, CIOs have also had to confront a different problem: the dreaded “too many vendors” dilemma. “One is too few, three are too many” is conventional wisdom these days. Nice for hardware, not always possible for software.

The Sun acquisition could bring hope or despair into many CIOs’ lives, depending on how it plays out. Java, Solaris, SPARC boxes — these are significant building blocks for many shops. Some CIOs may cheer the continuing expansion of Oracle into some more niches in the upper end of computing; others may cringe at the thought.

But how many CIOs, I wonder, are rethinking the whole concept of “strategic vendor” in light of this deal and the sense that more are to come as the tech industry deals with the down economy? How are you seeing this? Are you looking for comprehensive vendors that can supply it all because they’re safe or for specialized vendors that each dominate a category (think EMC)? Or are you looking to commit to standards that are widely implemented by many vendors and to buy implementations that offer a good tradeoff between standard and “enhanced” features?

Another legitimate question posed by the dissolution of such a rock of many IT architectures as Sun is whether it’s time to apply new thinking to choosing strategic vendors — techniques like risk analysis or perhaps an even newer paradigm.

Legend has it that Wild Bill Hickok always sat in the back corner of the saloon so he could observe everyone who came and went. Good advice these days, although it didn’t quite work out for Wild Bill.

April 20, 2009  2:57 PM

CIO weekly wrap-up: Revised PPM standards, SOA success stories

Rachel Lebeaux Rachel Lebeaux Profile: Rachel Lebeaux

It’s Boston Marathon day here in my fair city, so I hope some of you will be watching! If you need to take a break, read up on our latest content from on revised portfolio and project management standards, SOA success stories and business process management, and IT and business alignment:

Revised project and portfolio management standards get critical review – The Project Management Institute’s revised standards for project and portfolio management aren’t complete, Gartner says. Find out why PMI disagrees.

SOA success stories involve business process management – SOA and Web services work great for application integration, but the real payoff comes when you rework business processes. Still, there are challenges.

The department previously known as IT – In Business/IT Fusion: How to move beyond alignment and transform IT in your organization, author Peter Hinssen suggests it’s time for change to the way we approach IT and business alignment: It’s time for fusion. Learn more in this chapter download.

April 16, 2009  8:04 PM

Cloud computing: You pay your money, you make your choices

mschlack Mark Schlack Profile: mschlack

MIT’s Kirsch Auditorium was standing room only last night for a forum on cloud computing, part of the university’s Innovation Series for entrepreneurs, investors and patent attorneys. But there was a liberal sprinkling of technology types as well in the audience, including some upper-level IT folks trying to get an early read on what cloud might offer them.

The forum’s avowed purpose was to give a sense of what’s real now in the cloud and so it focused on the Amazon Web Services ecosystem. Several speakers spoke of “hundreds” of providers of value-added layers to the basic Amazon services, much in the form of middleware. When you peel back the layers of the onion, in many cases what you are renting has a high open source content. If enterprises have been slow to widely deploy free or freeish open source software internally, will they be quick to pay for it in the cloud just because someone has done the initial heavy lifting of configuration?

Other vendors have more novel models. Take Allurent, for example. They’ve distilled down many of the more desired features of e-commerce websites into a set of modules that run in the Amazon cloud. They do some design customization, but seemingly a lot of the time-and-money uncertainty inherent in the handoff from graphic design to software design that plagues so many Web projects has already been boiled out of the designs.

There’s also an accompanying content management system that your marketing department can use to manage sales, promotions, etc. The pages are hosted on Amazon but appear as part of your site and integrate with your e-commerce back end. My point isn’t to do a commercial for Allurent, but to point out that the cloud model creates some new ways of doing things that may well be an improvement over current ways.

Next week, VMware will shine a spotlight on the private and private/public hybrid cloud notions. This conference was more about the platform and application services that you will likely find coalescing in the cloud in the near future. If cloud flops, it won’t be for a lack of choices.

April 13, 2009  2:33 PM

CIO weekly wrap-up: Private cloud, DR strategy, IT and the recession

Rachel Lebeaux Rachel Lebeaux Profile: Rachel Lebeaux

Welcome back from the weekend! Start your week off right by reading the latest stories on the private cloud at Marian College, how to integrate server virtualization into the private cloud, disaster recovery strategy at MetLife and best practices for managing IT and the recession.

Private cloud replaces antiquated IT infrastructure for $300K per year — For the price of a SAN, Marian College is building a private cloud to create a flexible IT architecture and help transform the liberal arts school into a university.

Disaster recovery strategy shift reduces data loss, recovery time – Under pressure to improve RTO and minimize mainframe data loss, IT veterans at MetLife devised a strategy that put tape out to pasture.

Tips for integrating server virtualization in a private cloud – Integrating server virtualization technology in a private cloud can offer benefits including flexibility, cost savings and consolidation — if implemented and managed correctly.

Best practices for managing IT and the recession – IT and the recession will be inextricably linked for the months ahead. Here’s how to adjust your IT strategy and lead your IT organization while managing budgets, risk and more.

April 10, 2009  2:39 PM

The Bourne Identity: A CISO sheds light on risk management mind-set

Linda Tucci Linda Tucci Profile: Linda Tucci

Bonk CISO Larry Whiteside on the head, and like Jason Bourne he will wake up thinking about security in 12 different languages.

“For me, security and risk management is a mind-set. When I go into a restaurant with my wife and kids, I automatically see where the exits are,” says Whiteside. And how the waitress handles the credit card. How far the credit card machine is to another table. The location of the security cameras, the station of the guard.

“I am always thinking about the security scenario, not to take advantage of it, but to be aware,” Whiteside says.

Whiteside is chief information security officer for Visiting Nurse Service of New York (VNSNY), the country’s largest not-for-profit home health care provider. Some 130,000 patient medical records and pieces of credit card data fall under VNSNY’s watch. The organization must comply with the Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry Data Security Standard and the Sarbanes-Oxley Act (SOX).

Whiteside practices what is called a risk management approach to security compliance. I interviewed him this week for a story I’m doing on the topic. While his organization has many regulatory obligations, “the way I approach compliance is through risk. We do not focus on just ensuring we are compliant,” Whiteside says, stating the first principle of risk-based management to information security.

“When I look at new applications or systems or architectures, I am looking at the risks to our business and the risk to our information. Those are the things that are important, not does it meet a line item associated with HIPAA and SOX,” Whiteside says.

A risk management mind-set is always looking for patterns — not items on a regulatory checklist — that pose a threat to the asset one is responsible for protecting. So when somebody comes to him with a security problem, even if he knows nothing about the particular system or application, he can formulate a set of questions.

Incidentally, most CISOs live in a security mind-set, he says, whether they’re hard-core techies or recruits from the business side. “The methodology they follow by day at work is the methodology they live outside of work,” he says. At conferences, when CISOs unwind afterward with a drink, they invariably play a Where’s Waldo? version of security gaffes, competing to see who can spot the most security lapses. “It’s kind of weird if you are outside the circle.”

The mind-set can have its limitations, as in “If you are a hammer, the whole world looks like a nail,” adage.

Indeed, when he is taken by surprise, it is typically by something that happens on the business side.

“You can’t believe that business would make that decision. You have that mind-set and forget people don’t think that way,” says Whiteside, who nonetheless never forgets what needs to happen next.

“But the fact is they went down that path, and you have to make it right. CISOs are support personnel. That is the reality. We are on the same side of the business as the help desk, and that is all we are. Until it can be determined how a CISO can make the company money, we will always be there to support.”

April 6, 2009  3:34 PM

CIO weekly wrap-up: IT outsourcing, virtualization/private cloud guide

Rachel Lebeaux Rachel Lebeaux Profile: Rachel Lebeaux

Happy Monday! Well, not so happy in Boston – we just learned that the Red Sox season opener has been postponed due to rain! At least there’s a little NCAA men’s basketball game to watch tonight.

Until then, find some time to take a peek at the latest content from on IT outsourcing contracts, a forecasted IT spending decline, architecture mistakes in disaster recovery planning and virtualization and the private cloud:

CIOs adjust terms of IT outsourcing contracts to get lower prices – Competition is getting fiercer for your outsourcing buck. As companies with IT outsourcing contracts look to take advantage of price drops, they’re finding renegotiations may include reduced service levels. In this story, Gartner and others weigh in.

Gartner’s revised IT spending forecast: Decline exceeds that of 2001 – (This story came out last Wednesday, and if only it could have been an April Fool’s joke.) Gartner has revised its 2009 IT spending forecast downward, with hardware purchases the hardest hit. What else is on the back burner?

Avoid these architecture mistakes in your disaster recovery planning – In building out a disaster recovery strategy, many IT executives make these common mistakes. Want to save yourself some trouble? Here’s how to work around potential problems.

Virtualization and the private cloud: A guide for enterprise CIOs – Our latest guide looks at the trends, best practices and critical criteria for building a true strategy around virtualization and the private cloud.

April 3, 2009  1:45 PM

What’s behind declining prices for application hosting services

Rachel Lebeaux Rachel Lebeaux Profile: Rachel Lebeaux

While writing my story this week on CIOs looking to renegotiate IT outsourcing contracts to take advantage of cost savings, I found the drop in pricing for application hosting services particularly interesting.

As my story said, analyst firm Gartner Inc. predicts that the cost of outsourcing IT infrastructure will decrease 5% to 20% during the next two years, both domestically and abroad (with particular pressure on Indian outsourcers thanks to, among other factors, the Satyam scandal). The potential average outsourcing price reductions in 2009/2010 broke down as follows:

IT infrastructure outsourcing services and the average outsourcing price reductions:
Data center services – 5% to 15%
Desktop/help desk services – 5% to 10%
Network services – 10% to 15%
Application hosting services – 10% to 20%

Why might application hosting decline more than other areas? Gartner’s Richard Matlus explained:

“We think the reason that percentage is a bit higher is because people are going to be looking at SaaS as a solution,” Matlus said. “We’ll see more of those access-ready services delivered.”

Matlus went on to say that enterprise organizations’ decision to invest more deeply in Software as a Service, as well as virtualization and automation, will drive the price of application hosting lower, as IT outsourcing companies scramble to retain customers — even if it means dropping their prices. This is an area in which we can expect to continue to see big growth in 2009 and 2010.

Are you a CIO or IT executive renegotiating an outsourcing contract? Or seeking change your approach to application hosting? I’d love to hear your story.

March 30, 2009  3:23 PM

CIO weekly wrap-up: Private cloud, ID management, security compliance

Rachel Lebeaux Rachel Lebeaux Profile: Rachel Lebeaux

Welcome back from the weekend! Here are the latest stories from, dealing with the private cloud, identity and access management, and some very newsy security standards for compliance for federal funds.

Beyond server virtualization: The private cloud – Turning server virtualization and the cloud computing concept into a private cloud is more than semantics. Our expert details how it differs from a virtual server farm and more.

The challenges and benefits of a private cloud – A private cloud may leverage server virtualization to drive business flexibility, but many of its management challenges (both people and boxes) are as yet untested.

CIO turns to identity and access management to solve business problem – Growth and turnover made user provisioning a huge task for business owners and the IT organization at Brookdale Senior Living, before the company launched a major effort to classify users and deploy an identity and access management system.

Security standards to help manage compliance for those federal funds – The disbursement of federal funds will open up risks and come with stricter requirements — a CIO group offers a checklist that can help IT executives at any organization stay in compliance.

March 25, 2009  8:43 PM

IBM layoffs: India Business Machines Corp.?

Linda Tucci Linda Tucci Profile: Linda Tucci

The news today from The Wall Street Journal that IBM is expected to cut a large number of U.S. workers in its global services unit and move that work to IBM employees in India reminded me that IBM, in addition to its possible takeover of Sun Microsystems Corp., is also rumored to be a buyer for Satyam Computer Services Ltd., the struggling Indian IT provider undone by the financial fraud perpetrated by former chairman B. Ramalinga Raju.

The WSJ piece said the planned IBM layoffs show that even profitable companies continue to cut costs— “some of them by taking advantage of cheaper Asian labor.”

It can’t be long, with or without a purchase of Satyam, that someone suggests the I in IBM stands for India. But that, it seems, would be selling IBM short.

In a round of layoffs made earlier this year (an estimated 2,800 by some reports), IBM lived up to its International moniker. The company offered laid-off employees in good standing and willing to work under local conditions and terms the opportunity to go work offshore at one of IBM’s centers — not only in India, but also in Nigeria, Russia, Argentina, Brazil, China, the Czech Republic, Hungary, Mexico, Poland, Romania, Slovakia, Slovenia, South Africa, Turkey and United Arab Emirates. Not surprisingly, Project Match sparked a strong rebuke from labor unions slamming the Armonk, N.Y., provider for not only offshoring jobs to low-cost countries but now wanting employees to offshore themselves.

It will be interesting to see if IBM makes the same offer to laid-off employees this time around.

March 23, 2009  3:19 PM

CIO weekly wrap-up: Risk management, SaaS and SOA, disaster recovery

Rachel Lebeaux Rachel Lebeaux Profile: Rachel Lebeaux

Greetings, bloggers! Take some time away from your NCAA brackets and delve into the latest from on risk management, SaaS and SOA, and disaster recovery plans for branch offices:

Balanced Scorecard founder: In recession, think risk management – Risk management is among the key performance indicators to measure for strategic success, says Robert Kaplan, co-developer of the Balanced Scorecard methodology.

SaaS and SOA quiz for enterprise CIOs – How much do you know about Software as a Service (SaaS) and service-oriented architecture (SOA) solutions? Take this quiz and find out.

A disaster recovery plan for branch offices: Five layers of redundancy – This CIO’s disaster recovery plan for branch offices (or hospitals, rather) seems to have it all covered — including the business mission.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: