May 18, 2009  2:57 PM

CIO weekly wrap-up: IT security tools, ways to keep your IT job, BPM

Rachel Lebeaux Rachel Lebeaux Profile: Rachel Lebeaux

We cast our net far and wide at last week, looking at IT security tools, 10 ways to keep your IT job in this recession, how to organize and train your staff for business process management (BPM) project success, and how spend management software and cost transparency tools can help CIOs cut costs. Check out the stories and feel free to leave your comments below!

Avoiding gotchas of security tools and global data privacy laws – Building a global privacy program is no picnic because of the plethora of laws. IT security tools can help — or hurt, if implemented without knowledge of the law.

10 ways to keep your IT job in this recession – IT careers are just as vulnerable as other jobs in this recession, but here are some tips to surviving layoffs and staying employed in the downturn.

How to organize and train your staff for BPM project success – Here’s how organizations are setting up their business process management efforts, from centers of excellence to training that focuses on certain aspects of BPM.

Spend management software, cost transparency tools help CIOs cut costs – Spend management software and cost transparency tools are being used by CIOs in enterprise organizations to identify savings in new areas. Learn how to use these tools.

May 15, 2009  3:02 PM

It’s time for a federal data protection act

EditorAnne Anne McCrory Profile: EditorAnne

When the Massachusetts Senate took action this week to modify the state data privacy act (Standards for the Protection of Personal Information of Residents of the Commonwealth), I didn’t jump for joy the way some people did.

Yes, the original legislation set such a high benchmark that it would place an enormous burden on businesses to comply: encrypting all personally identifiable information, designating one person to oversee a company’s privacy program (a big burden for smaller businesses where there’s not even one person dedicated to security). So I understand the hue and cry about legislators not getting the implications of what they are putting in place because they don’t understand the technology, or IT, or the economics of risk management for the business world. That is all true.

But what is also true is that data protection is changing, and needs to change, in the U.S. Even as the Massachusetts law would defer to federal law in many places, the fact is we don’t yet have a tough federal law on the order of what is commonplace in some other parts of the world. Americans, as capitalists, often roll their eyes at many European conventions (think: six-week vacations, nationalized health care, controls on greenhouse gas emissions) but in fact the U.S. could end up emulating some EU practices because they work. Privacy and data protection should be no different.

As a resident of Massachusetts, I’m disappointed that my state might not end up with the toughest data protection law in the nation. But I hope the feds will soon pick up the ball and take care of that for us. Unlike legislation like SOX, where the sins of the few brought the burden to the many, a federal data protection act would be one for all of us. With nothing less than the integrity of our identities at stake, creating such electronic border controls should involve federal funding just as any aspect of national security does. And on the global stage in the electronic age, this is indeed a national security issue.

Yes, many states have data protection laws on the books now. But that doesn’t satisfy the Europeans, who view our data protection as weak without a federal law. Now’s the time for the feds to step in and give us a united stand.

May 14, 2009  6:02 PM

Looking for procurement cost cutting and governance stories

Rachel Lebeaux Rachel Lebeaux Profile: Rachel Lebeaux

In the course of writing today’s story on spend management software and cost transparency tools, I talked quite a bit with Shane O’Sullivan, group CIO for Skandia Group Cos., about his methods for tightening up operational costs in procurement. O’Sullivan touched on many aspects of his organization’s program, and noted that having a procurement-related governance model in place from early on has been invaluable when it comes to being responsive to marketplace conditions, contract negotiations and the like.

That attitude makes sense to me: has looked at IT governance from a number of angles, and we’ve seen that — especially in a recessionary environment — organizations are finding that establishing protocols with regard to purchasing, hiring and other operational areas is imperative in order to run a lean-but-effective business.

I’m looking to write a longer story about procurement cost-cutting and governance strategies. Are you an enterprise CIO with experience in cost-cutting or governance related to procurement? If so, please email me at

May 11, 2009  3:26 PM

CIO weekly wrap-up: SOA, BPM, BAM tools and our new IT consultant blog

Rachel Lebeaux Rachel Lebeaux Profile: Rachel Lebeaux

Happy Monday! was hard at work this past week studying business process management (BPM), service-oriented architecture (SOA) and business activity monitoring (BAM). We also launched a new IT consultant blog. Read the details below!

A move to cloud computing should involve SOA and BPM – Enterprises preparing for cloud computing should involve SOA and BPM in the process to achieve transformational change.

How CIOs are enabling business activity monitoring with existing tools – Find out how CIOs are providing business users with real-time data without big investments in BAM tools.

BPM guide: Business process management best practices for CIOs – Business process management refers to an approach for improving an organization’s processes. In this all-inclusive guide, find BPM news, best practices and tools for enterprise CIOs.

Ask the IT Consultant blog – We hope all of our regular blog visitors will take the time to visit our new blog, Ask the IT Consultant, where members of the Boston chapter of the Society for Information Management are available to answer your questions.

May 8, 2009  1:50 PM

Is your ISV ready for application virtualization?

Christina Torode Christina Torode Profile: Christina Torode

Some ISVs are behind the curve when it comes to changing their licensing terms to accommodate application virtualization.

Having one installed application that is streamed to many users, as is the model with application virtualization, versus a per-user licensing model, is one curve ball ISVs are mulling.

There is what analyst Mike Cherry with Kirkland, Wash.-based Directions on Microsoft calls a chicken-and-egg game going on: CIOs are waiting for word from their vertical ISVs on whether they’re going to adapt their licensing models for virtualized versions of their applications, and ISVs are waiting on CIOs to tell them to come up with licensing that reflects a virtual environment/application.

There are risks that CIOs can run into if they forge ahead and virtualize an application without first checking to see if the ISV can support that type of deployment. Cherry has seen companies do just that, only to be told by the ISV to put the application back on the physical server because the ISV doesn’t know how to fix the application when something goes wrong in a virtual environment.

And he’s not alone. Ty Schwab, CEO and founder of virtualization consulting firm Blackhawk Technology Consulting LLC in Eugene, Ore., has said that not enough companies are checking to see if the ISV is supporting virtualized versions of their applications, and not all software vendors have a plan for how they’re going to charge for their applications in a virtual environment.

He advises that CIOs test the application to make sure it can be virtualized, then call the software vendors to come up with a plan for how they’re going to charge you for licensing.

In addition to the cost of the software license, keep in mind that you will have to pay for the technology used to create a virtual application, such as SoftGrid, which Microsoft acquired and renamed App-V 4.5. Such software comes with a one-time fee of $2,000 to $5,000 for the application virtualization studio or administration console needed to design, repackage and virtualize applications. On top of that there is an application virtualization licensing cost of around $30 to $150 per application that is virtualized.

Have you already gone through the process of negotiating virtualization licensing terms with your ISV? Do you have any advice for others as they start down that path?

Let me know at

May 7, 2009  3:57 PM

Adding a ‘business downturn’ clause to your telecom contracts

Karen Guglielmo Karen Guglielmo Profile: Karen Guglielmo

Telecom providers will do whatever it takes to keep your business, even in a business downturn. And that’s not just lip service.

Did you know that you can insist on a “business downturn” contract clause in your telecom agreements? Many large corporations are spending in the millions on telecom expenses each year. Even the IT organizations that excel at telecom expense management can’t effectively do so when the business takes a hit. For instance, if your company loses a major account or sells off a subsidiary or business unit, a “business downturn” contract clause allows you to reduce your original commitment level to the telecom provider – in terms of spending, rates and/or contract length.

A “business downturn” contract clause can also cover migration to a new technology that possibly reduces the original amount of services covered by your contract. However, “you will want to eliminate language restricting the clause to business downturns ‘beyond the customer’s control’ or to situations in which the customer cannot meet the commitment ‘despite its best efforts,’” advises telecommunications and IT law firm Levine, Blaszak, Block & Boothby LLP on its website. “Such phrases eviscerate any rights that the clause otherwise grants.”

Just last month, TNCI, a national voice and data communications reseller, competitive level exchange carrier and VoIP network provider, announced that it was offering a “business downturn flexibility” contract clause to new and existing customers using its telecom services. The new contract clause is “designed as a method for renegotiating service agreements due to a change in the customer’s business situation as a result of the recession,” according to a statement by company officials.
TNCI isn’t the first to do this and definitely won’t be the last. Telecom providers are feeling the heat of this weakened economy and are doing whatever is necessary to work with IT organizations on managing their telecom spending and services.

Telecom providers ultimately want to keep your business. It’s easier for them to keep a remaining large customer than invest in a new one. “If Verizon has a customer with 1,000 analog lines, it is easier to lower their rates or work with them on their contract, than install 1000 lines for a new customer,” said Michael McCauley, PMP of TelPlus Communications, a managed telecommunications solutions provider. “It’s always much easier to negotiate from a point of strength.”

Whether your telecom spending is managed through IT or an outsourced service provider, adding a “business downturn” clause to your contracts is a smart business decision in bad times.

May 4, 2009  3:33 PM

CIO weekly wrap-up: Challenges of a state CIO, BPM, SOA and ROI

Rachel Lebeaux Rachel Lebeaux Profile: Rachel Lebeaux

This past week, was all over business process management, from BPM and service-oriented architecture (SOA) and how they work together to how to find fast ROI using BPM. We also podcasted an interview with the Massachusetts state CIO, who offered helpful lessons for any enterprise CIO grappling with new technologies, compliance, budgets and more. Check it all out below, and scroll down for the latest from the blog.

The challenges of a state CIO – In this podcast, Anne Margulies, state CIO of the commonwealth of Massachusetts, discusses the challenges of investing in new technology, while keeping an IT infrastructure running smoothly.

How BPM and SOA work together for business process improvement – Enterprises should marry their BPM and SOA efforts if they really want reuse — and true business process improvement.

BPM software: How to find fast ROI on smaller projects – BPM software can lead to fast ROI when companies use it properly, experts and users say. Learn how Level 3 Communications launched its own BPM platform and how you can do the same.

May 1, 2009  1:21 PM

CIOs increasingly at nexus of risk management and compliance efforts

Linda Tucci Linda Tucci Profile: Linda Tucci

At a conference session on risk management and compliance, CIO Carolyn Damon let it be known that it is not uncommon for CIOs to be spending 40% of their time conferring with legal counsel. And, no, she was not talking about CIOs at law firms, but CIOs in regulated industries.

Damon is CIO of GE Capital Americas-Capital Financial Inc. — and proof that in the risk-riddled Great Recession, the office of the CIO is extending far beyond the four walls of the data center.

Yesterday, at the Gartner conference on risk and compliance in Chicago, Damon was play-acting the role of the CIO at the fictitious WinterNuke Co., an energy conglomerate under fire from environmentalists, regulators, shareholders, ordinary citizens, you name it. The constellation of mismanaged risks behind all the bad publicity included a failed SOX audit related to a botched acquisition; plans to build a nuclear plant in a seaside resort area; and a fired overseas employee claiming the speculative trades he made that lost millions were in fact sanctioned by upper management. (The fake scenario is a compilation of problems experienced by Gartner clients this year.) As keeper of the corporate data, the make-believe CIO was at the center of the legal maelstrom. The truth is that many real-life CIOs are there, too, or soon will be, she said.

“It is an interesting fact of where we are going from an IT perspective. Understanding the regulations that are out there, understanding business language, as well as understanding technology and then marrying the three, is fast becoming the role of the IT leader in organizations out there,” Damon said.

In those fake CNN reports on WinterNuke, there was no mention of IT per se, “and yet technology touches every one of the areas” under fire, Damon said.

A critical component of the real CIO’s job is to know exactly what the IT controls are for those areas and to “feather them against the regulations” that affect those areas, she said. The other part of the job is communicating the business benefits of that model to your counterparts in the legal as well as financial departments. “The more you can communicate with your legal partner what that method does and how it manages the risks they are concerned about, the more you have a partner,” she said, adding that the same goes for the CFO, with the added data point of how many dollars can be saved by implementing the IT model. “It’s about one executive at a time.”

By the way, among the many wrinkles in the fictitious case under review is the location of the rogue trader in Europe, where the data privacy laws might stymie the company’s investigation. That would not have been a problem at GE because her company “has been proactive” and gotten preconsent from overseas employees. Knowing the countries that you’re doing business in is critical. Spend time with the attorneys, Damon said, and if they don’t know the data privacy laws, the record retention requirements or the data movement protocol in the various geographies, the CIO should be able to lay it out.

That said, it is not the CIO who owns the risk management program for the company, Damon stressed. “Somebody has to have the overall plan.”

April 28, 2009  8:21 PM

IT investment in a recession doubles returns, expert says

Rachel Lebeaux Rachel Lebeaux Profile: Rachel Lebeaux

Here’s a take on IT spending that most IT executives will be happy to hear: Companies that make IT investments in a recession will see the financial dividends for years.

“It’s double coupon days for IT investment,” Howard Rubin, MIT CISR research associate and professor emeritus at Hunter College of The City University of New York, recently told IT and business professionals at the Society for Information Management monthly Boston meeting.

If a company invests $10 million now in IT, Rubin said, then another company that waits until better economic times to make that investment will likely spend twice as much to catch up with the business that made the initial investment in a timely manner.

“Competitors won’t be able to afford to catch up,” Rubin said.

The thrust of Rubin’s talk – that IT investment still matters, even in a recession – hinged on the notion that spending on IT vastly enhances a company’s business performance, and the gap between you and the competition goes straight to your financial bottom line.

Each dollar of new IT investment between 2003 and 2004 led to a gross profit increase of $1.47 in 2006, Rubin said, while a 26% increase in cumulative absolute technology spending in the U.S. in 2006 helped drive 114% in absolute gross profit. In other words, IT pays for itself and more.

Of course, in today’s recession, technology spending is colliding with economic conditions, Rubin said. The current high fixed cost of IT in most companies is preventing change, and conventional IT cost-cutting models – outsourcing, offshoring, laying off workers, squeezing vendors, reducing portfolios — have “hit the wall” under pressures to spend less.

“You can take advantage of this time by optimizing what you’re doing,” Rubin said.
This could involve tapping into technologies such as Gmail, or shifting more costs to vendors via new supply chain management models.

But time is of the essence, because your competitors will catch up if you give them the opening. If you can make external partners understand your new scale, he said, you should see rapid IT transformation that benefits the business’ bottom line. And isn’t creating dividends – both now and down the line — what we’re all looking to accomplish, especially in a recession?

April 27, 2009  3:22 PM

CIO weekly wrap-up: Virtualization, VMware cloud and SOA governance

Rachel Lebeaux Rachel Lebeaux Profile: Rachel Lebeaux

It was a virtualization-heavy week for, as we covered VMware’s new cloud operating system, virtualization management tools and SOA governance, and tested our readers’ knowledge of virtualization and the private cloud. Check it all out below

Cloud computing initiatives show wide range as VMware touts cloud OS – VMware’s new cloud operating system, vSphere, brings new capabilities, though some big cloud projects will use Microsoft’s virtualization technology.

Virtualization management tools: Ready for prime time? – Virtualization management tools help enterprise CIOs address virtual server sprawl, workload balancing and other issues. Learn about costs and options in this podcast.

SOA governance: How and why to build it into your SOA initiative – Service-oriented architecture governance prevents duplication of services and wins business buy-in. Here’s how to start or improve your governance effort.

Virtualization and the private cloud: A quiz for enterprise CIOs – What do you know about virtualization and the private cloud? Take this quiz to find out.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: