September 25, 2009  3:48 PM

Cost-saving moves push security off list of top CIO management issues

Linda Tucci Linda Tucci Profile: Linda Tucci

SIM’s annual survey is out, and perennial CIO issues — IT security and business continuity/disaster recovery — have plummeted on the lists of both CIO management and technology priorities. What’s going on? I asked Jerry Luftman, executive director of graduate information systems and programs at Stevens Institute of Technology and SIM vice president for academic affairs, emeritus.

“This is a special year, given the economic conundrum,” Luftman said. “If you take a look at the top CIO management concerns, the first two are business productivity and cost reduction and the second is pervasive business IT alignment.”

During typical economic doldrums, IT cost reduction has topped the list of CIO management concerns. This year it is No. 5 — evidence, says Luftman, that CIOs are spending more time working with the business on leveraging IT to cut overall costs than on slashing IT budgets.

Is it possible that IT is no longer viewed as the profligate offspring of the corporate family but — gasp! — fiscally shrewd? A cost fixer? Certainly, CIOs feel compelled to step in, according to the SIM survey.

If CIOs are not concerned about cutting IT costs (already down to the bone, many CIOs have been telling us), they are also not blowing any dough on IT hardware and software.

As for security — scary as it is — CIOs have clearly put it on the backburner of CIO management and technology concerns. Antivirus protection, the No. 1 technology investment in 2008, has dropped off the list.

“When you look at IT budget allocation, the thing that has taken the biggest hit is IT infrastructure stuff, the hardware and software, and security is right there,” Luftman says.

Moreover, security, the only technology to make last year’s list of top CIO management concerns, is no longer on the headache list. Disaster recovery and continuity planning, the No. 3 technology investment in 2008, fell to No. 6.

Seems it’s not prudent to try to sell insurance for something bad that might happen when the business is struggling to survive what is happening — a very real economic disaster.

Emotional fatigue, or SOP

The question, says Luftman, is if the decline of security and antivirus protection as a top priority represents a “continuous change.” “Will it come back again when the economy turns around and we need to refocus our interest on infrastructure stuff?”

And his view? “Security was hot last year. Over time, as we either help address it or we emotionally feel that we have done as much as we can do, it will go away from the top list. The question is, how much time will it take to drop off the radar, or become accepted as standard operating procedure, is hard to tell.”

We’ll be delving into the results over the coming days for more insights. Meantime, here are the 2009 rankings:

2009 IT Management Concerns

  1. Business productivity and cost reduction
  2. IT and business alignment
  3. Business agility and speed to market
  4. Business process re-engineering
  5. IT cost reduction
  6. IT reliability and efficiency
  7. IT strategic planning
  8. Revenue-generating IT innovations
  9. Security and privacy
  10. CIO leadership role

Top Six Applications and Technology Investments

On the following list, priority No. 4 jumped out at us as a newbie on the list. Customer corporate portals give customers direct access to the information they seek without going through an intermediary. Luftman explains the reason behind the jump: “These are things that can help improve business productivity and reduce costs, the No.1 CIO management concern.”

  1. Business intelligence
  2. Server virtualization
  3. ERP systems
  4. Customer corporate portals
  5. Enterprise application integration
  6. Continuity planning/disaster recovery

September 24, 2009  8:11 PM

How Google and Yahoo improved data center energy efficiency

mschlack Mark Schlack Profile: mschlack

Running large data centers is expensive and getting worse. No one knows that more than Google and Yahoo. At a panel on green data centers at MIT’s Emerging Technologies Conference this week, Yahoo’s senior director of data center engineering and operations, Scott Noteboom, described how Yahoo has grown its server plant by 12 times since 2005. Google’s head of data center research and development, Chris Malone, explained that Google has had to come up with its own server designs to accommodate the ultra-high densities of their data centers. Both have a maniacal focus on improving data center energy efficiency.

Yet both firms are doing things that ordinary enterprises can learn from:

1. Reconsider your business continuity plan. Yahoo is eliminating UPSes and backup generators. Instead, they are architecting each data center as a backup to the others. That eliminates UPSes as a significant power loss. They’ve had to install software that restarts servers in a controlled fashion after power resumes, however. Google took a different tack: eliminating larger UPSes in favor of small battery backups on each server motherboard. Either way, both data center approaches yield significantly greater energy efficiency.

2. Consider the weather when you site a data center. Yahoo is no longer building raised-floor data centers. By locating in more moderate climes, they’re able to utilize prebuilt warehouse-type buildings that use extensive ground-level air intake of cooler ambient air and roof-level exhaust of hot air.

3. Raise the temperature and humidity. Modern servers can run warmer and moister than you might think. A lot of conventional wisdom about server environments stems from the mainframe days, when you didn’t want punch cards wilting.

4. The big win in facilities power reduction in the data center is in cooling. Malone points out that typical chiller systems are only 60% efficient; Google has gotten to 90% by switching to evaporative cooling. Focusing on electrical transmission issues is good but yields much less improvement.

Google and Yahoo make extensive use of virtualization to improve capacity utilization and reduce the overall load. Noteboom and Malone stressed that senior IT managers need to make these issues part of the discussion with system architects, project managers and developers. All too often, those folks start from the premise of buying a certain kind of server for a certain kind of app, rather than asking how existing capacity could be deployed to meet that need.

And the result of all those efforts at Google and Yahoo? Dramatic improvements in power efficiency. The typical metric for this is power utilization efficiency, which means the ratio of total power consumed by the data center to total power consumed by just the servers themselves. Most contemporary data centers are in the 2.0-2.5 range – for every watt of power that a server uses to compute, they burn more than a watt in transmission loss, battery loss and cooling. Google is at 1.19 and Yahoo is targeting 1.03 in its next-gen data centers. In other words, if you’re typical, you’re spending twice what they are on power per server.

September 21, 2009  4:19 PM

CIO weekly wrap-up: Service portfolio management, ITSM, email scandal

Rachel Lebeaux Rachel Lebeaux Profile: Rachel Lebeaux

Good afternoon! This past week, looked at the importance of service portfolio management and culture management as part of ITSM and ITIL implementations. We also took a look at an email scandal that’s threatening to rock Boston’s mayoral race and serves to remind CIOs of the importance of an email retention policy or archiving system. Check out the stories linked below!

Service portfolio management: Helping IT get back to business — More mature IT shops are adopting ITIL v3’s service portfolio management approach to better manage the service lifecycle and provide business-centric services to the organization.

Culture management critical to ITSM and ITIL implementation — The goal of any IT Service Management program is not purchasing the tool or implementing the processes. Instead, it’s about creating an organizational culture that will positively embrace these new best practices.

For CIOs, email deletion scandal shows need for email retention policy — The email deletion scandal brewing in Boston is fair warning to CIOs to get their email policies in order.

September 18, 2009  3:07 PM

Three ways to reach out to women in IT: Mentor, advocate, encourage

EditorAnne Anne McCrory Profile: EditorAnne

A dinner this week on women in IT focused on midlevel women in technology and their challenges in getting ahead, given their frequently high family responsibilities and their own perceptions (realities?) of what advancing really demands. The program, featuring Telle Whitney, president and CEO of the Anita Borg Institute for Women and Technology and sponsored by CA, featured research on 1,795 women who work for technology companies in Silicon Valley, but sounded out themes that would resonate with any woman in IT regarding workplace realities and work/life balance.

The institute’s mission is “changing the world for women in technology one woman at a time.” You might also say that overcoming this gender gap means improving IT, corporate America and entrepreneurship one person at a time, since allowing success breeds more of it. Here are some of the ways we can all make that happen:

Be a mentor. Women need mentors, and often those mentors are men, who are three times more likely to be in a leadership position, according to Whitney. A story we did on high-powered women in IT also showed that nearly all of them had male mentors at some time in their career. No mentoring program at your organization? Start one. It needn’t (and shouldn’t) be gender-specific; the point is to get senior people involved in mentoring promising midcareer professionals.

Advocate for a family-friendly company culture. Some companies allow job shares or a split workday so parents can be home when school’s out or there are soccer games. My company, for instance, is very big on flextime, and we have a very generous maternity leave (12 paid weeks of time off). You can bet I work with a lot of smart folks who are also young parents.

Encourage our daughters, nieces and granddaughters to consider the sciences. Just one in four college or graduate science students today is a woman.

Then once they pursue the studies, help them get the skills they need for the workplace. One attendee suggested giving them the book Women Don’t Ask. And in that vein, let’s all tell someone today what we need to succeed, or reach out to a younger colleague with an offer of support. We can make change happen too, one person at a time.

September 14, 2009  4:15 PM

CIO weekly wrap-up: Swine flu preparedness, business continuity, ITIL

Rachel Lebeaux Rachel Lebeaux Profile: Rachel Lebeaux

I just returned from an amazing week in Costa Rica and have the tan (really, the sunburn) to prove it. Maybe surfing at the sunniest time of day wasn’t the smartest move? Anyway, I’m re-discovering how difficult it is to get back into the swing of things at work post-vacation, so this lineup of our latest work is as much for my benefit as it is for yours!

Over the past two weeks, has examined ITIL project leadership, swine flu preparedness, business continuity, IT disaster recovery outsourcing, IT strategies in a bad economy and more. Please check out the pieces linked below and let us know what you think!

Effective ITIL project leadership: Plan-Do-Check-Act – Successful ITIL project leaders are using the Plan-Do-Check-Act cycle to ensure their teams stay motivated, follow the same processes and contribute innovative ideas.

Uniting ITSM, PPM process methodologies yields IT management benefits – ITSM and PPM are typically separate disciplines, but integrating them can increase visibility, help with budgeting and more. Learn more about this dynamic duo.

Tips for business continuity and contingency planning for swine flu – IT business continuity plans for swine flu outbreaks focus on people and remote access issues. Here are experts’ tips on what to include.

IT disaster recovery outsourcing: A planning guide for enterprise CIOs – Planning for IT disaster recovery outsourcing requires CIOs to assess their DR needs, make the case for funding and select technologies. Learn more in our latest CIO briefing.

Talking swine flu and Conficker with the CIO of the CDC – In this Q&A, the CIO at the Centers for Disease Control and Prevention (CDC) discusses how preparations for H1N1 and other human viruses compare with the computer variety and more.

Tips from the CDC’s CIO on H1N1 flu preparedness – Get a CIO checklist for H1N1.

CIO advice: IT strategies in a bad economy – CIOs should consider re-evaluating their IT strategies in this economy. Get advice on addressing ROI, innovating and achieving project success in this podcast.

Swine flu preparedness: Business continuity during an H1N1 outbreak – Swine flu preparedness will top enterprise CIO agendas this fall as offices create business continuity plans in case of widespread absenteeism. Learn more in this H1N1 flu guide.

Health care security, HIPAA compliance on deck for CIOs in Obama era – HIPAA enforcement has long been lax, but that’s changing with stiffer HIPAA security and privacy rules and incentives to move to electronic health records.

September 11, 2009  2:18 PM

Looking for low-cost business processes? Check out GE WorkOut and FTD

Karen Guglielmo Karen Guglielmo Profile: Karen Guglielmo

Some companies are developing their own business process methodologies — such as GE WorkOut and fast track decision making (FTD) — to cost-effectively streamline processes and address the rapid changes in the market. But why? Aren’t the proven Six Sigmas, Lean and other business process methodologies of the world doing the job?

IBM’s 2009 Global CIO Study, released this week, revealed that more than half of the 25,000 CIOs surveyed said they plan to implement low-cost business processes this coming year. I started to wonder which low-cost business processes they were talking about and why they were suddenly on the rise. I did some research and came across two business process methodologies that could be considered “low-cost” — the GE Workout business process and fast track decision making.

The GE WorkOut business process isn’t new. GE developed it in the late 1980s as a way to help its own organizations and others become more lean, efficient and responsive to changes in the market. The GE WorkOut process works by bringing together a cross-functional team to solve a business challenge in 90 days. Taking on an issue identified by senior leadership, the team creates a plan with actionable items that must be implemented within the 90 days.

Companies using the GE WorkOut process — including L.L. Bean, Frito-Lay, IBM and Metropolitan Life Insurance — are doing so to streamline and simplify processes, eliminate non-value-added work and speed up the decision making process, according to C.A. Schifman and Co., a training and consulting firm. The process also allows companies to break down silos and improve employee morale.

The fast track decision making approach, meanwhile, is a rapid problem-solving method developed by the North Shore-LIJ Health System in 2002. The organization developed the process to deal with change and allow the right people to make decisions based on their areas of expertise. The LIJ was continuously struggling with change issues from corporate initiatives such as merging 18 individual hospitals into one health care system. The FTD process works by allowing teams of people closest to the process in need of improvement to develop and implement appropriate solutions. The process includes team involvement and in-meeting decision authority.

These two methodologies sound a little like “light” Six Sigma and Lean to me. They allow companies to build their own process methodologies at a low cost and customize them to their own business culture. So if you’re looking to use a low-cost framework and find Lean and Six Sigma intimidating or expensive, these two might work better for you.

September 3, 2009  8:02 PM

Gmail outage raises issue of control

Christina Torode Christina Torode Profile: Christina Torode

While talking to an IT director about Google’s Gmail outage yesterday, I realized that it wasn’t so much the outage itself that bothered him (his organization does not use Gmail), but the sense of not being in control of a cloud computing environment.

Billy Rials, IT director for Rankin County in Mississippi, wants his throat to be the only one that public officials come after when something goes wrong.

He’s responsible for the IT that runs seven cities and knows his data center environments inside and out. He said the environment is no utopia, but he believes they are getting closer every day by adding more and more virtualization technologies for servers and desktops.

“What do I say when an official calls me and ask what’s wrong: ‘I don’t know, something is going on with the cloud provider’?” he said. “It should be my responsibility, and bringing someone in from the outside … I have no control or the authority that I think I should have.”

Then there’s the fear factor of other people you don’t know having access to the infrastructure that runs your stuff. At least in your own data center you know that Joe was the last one to work on server X, so if something goes wrong you ask Joe.

There’s a sense that your environment gets lost in the cloud. At shows I’ve heard people asking how they can find their data, servers, you name it, in a cloud computing environment.

These are people who are trying to keep track of virtual machines in their own environment. The thought of the complexities added by trying to track down what’s going on with an application on a virtual machine in someone else’s environment is a road they don’t want to go down.

There are those fully embracing cloud computing, of course. They consider it to be no different from the risks they faced with outsourcing or colocation. The ROI or cost savings is worth the risk of an occasional outage, and even giving up a little control. And after all, how often do your email servers go down within your own four walls?

Let us know what you think — email me at

August 31, 2009  2:50 PM

CIO weekly wrap-up: IT disaster recovery value, technologies, budgets

Rachel Lebeaux Rachel Lebeaux Profile: Rachel Lebeaux

Good morning! delved deep into IT disaster recovery this past week, looking into strategies for making the case for the value of disaster recovery, how technologies are changing IT disaster recovery outsourcing and how the recession is squeezing IT disaster recovery budgets. We also included part 2 of our look at IT outsourcing around the globe, focusing this time on the pros and cons of IT outsourcing in Latin and South America. Please review the stories below and let us know what you think!

Seven tips to make the value case for disaster recovery – How do you make the case in your company to invest in disaster recovery? Here are seven tips from leading providers that tell you how.

Technology is changing IT disaster recovery outsourcing – New technologies such as virtualization, disk backup and cloud are radically changing IT disaster recovery services.

Recession squeezing IT disaster recovery budgets – The recession is forcing CIOs to focus on risk assessments, processes and business resiliency to trim IT disaster recovery services. The result, say providers, is better decisions.

IT outsourcing pros and cons for Latin, South America – IT outsourcing pros and cons for Latin and South America range from time zone alignment and geographic proximity to a lack of vendors and language barriers. Learn more in this story (and also check out our story on the pros and cons of IT outsourcing in Asia).

August 28, 2009  3:42 PM

IT and business alignment: Wrong choice of words?

Karen Guglielmo Karen Guglielmo Profile: Karen Guglielmo

If there’s one thing we’ve learned in IT over the past few years, it’s that if you say that something will help with “IT and business alignment,” you’re pretty much guaranteed it’ll get some attention. And IT and business alignment continues to top CIO agendas as a priority year after year. So WHY would anyone question the meaning of such a harmonious and universal phrase?

That’s just what David Ratcliffe, president of Pink Elephant consulting, did in a blog posting this week. According to Radcliffe, IT and business alignment is not where it’s at anymore. Instead, it’s about IT and business integration.

Ratcliffe explains that, “if IT is ‘aligned’ with the business that means it’s separate and is trying to line up. IT is not a separate entity from the business, it’s PART of the business.”

I understand Ratcliffe’s’s point. IT does need to become an integral part of the business. And maybe it is time to update the “IT and business alignment” term and mindset. But alignment is still where it’s at. Now it’s a matter of what specifically needs to be aligned. 

Up until now, IT and business alignment was mainly about governance. Companies were setting up formal internal structures for IT and the business to effectively work together toward common goals.

But alignment today should be more about processes and metrics. IT still needs to align with the business on common goals, but it also needs to align on the types of processes and metrics it uses. The IT organization needs to start using metrics that show how technology is positively affecting the business.

The same goes for processes. There are business processes and service delivery processes. Both are run separately but have the same goal of improving the business. By using similar metrics and processes, IT and the business can better communicate and reach common goals.

In the end, alignment is still king. It’s just a matter of taking alignment to the next level.

August 28, 2009  2:43 PM

IT services outsourcing: Do you have an ‘India-plus-one’ strategy?

Rachel Lebeaux Rachel Lebeaux Profile: Rachel Lebeaux

For quite awhile, many U.S. companies have focused their IT services outsourcing strategies on India due to its market share, low cost of labor and robust vendor market. But now, some companies are seeking the best of both worlds: Traditional IT services offshoring coupled with a nearshore location.

My piece this week on IT services outsourcing in Latin and South America focused in on three of the larger countries in those regions in this industry: Mexico, Brazil and Argentina. For those who might have missed it, part 1 in this series dealt with IT services outsourcing in Asia.

As I investigate these locations, what I’m hearing is that many U.S.-based companies are seeking an “India-plus-one” strategy, whereby they supplement offshore operations in India (or perhaps China, another IT services outsourcing leader) with a vendor in a nearshore location, allowing them to derive the advantages of time zone alignment, geographic proximity, and any other perks that the particular offshore locations offers. To ensure that they don’t get left behind, some Indian IT services outsourcing companies have opened their own facilities in nearshore locations to complement their Indian operations.

For instance, I had a conversation this week with Paul Madarasz, general manager of the eastern region business unit at Aliso Viejo, Calif.-based IT services firm UST Global. Although the company has a lot of IT services operations based in India, Madarasz said the company is opening an IT services delivery center in Chile, outside of the capital of Santiago, that will focus on UST’s “bread and butter”: Application development, support and maintenance.

“We chose Chile for a lot of different reasons,” Madarasz said. “A lot of our clients would love to see an ‘India-plus-one’ strategy. They feel they’re fairly well saturated in India and would like another location.”

Other pluses include the Chilean government’s commitment to the IT sector and an educational system to support it, favorable immigration laws for bringing workers in and out of the country, and a communications infrastructure that would be robust enough to handle a high-intensity operation.
“We felt the business climate there was probably the best for us to be in,” Madarasz said.

So what are your thoughts on an “India-plus-one” strategy? Are you considering IT services outsourcing in different locations than in past years? And what parts of the world are you interested in reading about to guide your IT services outsourcing strategy?

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: