August 7, 2009  2:05 AM

What’s your beef with the agile development methodology?

Karen Guglielmo Karen Guglielmo Profile: Karen Guglielmo

Companies using the agile rapid development methodology are experiencing benefits including quicker return on investment, greater ability to embrace change, better quality and increased productivity. So why aren’t more enterprise organizations adopting the agile process in today’s economy?

According to a recent PPM and IT governance survey of 300 IT professionals, only 30% of enterprise users are deploying agile or other rapid deployment methodologies.

One reason for the low adoption rate could be lack of executive support. The agile development methodology is not the type of initiative that is supported from the top down at most companies because executives see it as costly and complex. Instead, it usually starts in with the application development team, which has become more service- and client-oriented in this economy and knows that the agile process allows them to better collaborate and more quickly meet the needs of the business. With its success comes recognition and support from the top.

Another possible reason for agile’s low adoption rate could be the economic recession. CIOs and company executives see the agile development methodology as a huge investment in money, training and resources.

However, some companies, like IBM, have used the recession as a perfect time to adopt agile. During this global recession, IBM transitioned 25,000 of its developers to the agile development methodology as a way to increase productivity and cut costs.

So what’s your reason for not using the agile process? Is it cost, executive support or something else? Whatever your excuse, there’s no denying the benefits of adopting an agile process — even in this poor economy.

August 6, 2009  8:48 PM

Investigating public cloud could inspire overdue housecleaning

Christina Torode Christina Torode Profile: Christina Torode

There were a lot of messages that came out of the recent Burton Group Catalyst conference in San Diego surrounding the public cloud.

But one resonated more than others: You need to get a grip on your own assets, meaning what data is stored on what servers and what the real costs of building or deploying and maintaining an application are before you can figure out if cloud computing is a more cost-effective route.

Burton analyst Chris Howard compared the state of enterprise IT to that of Rome: Are we just building and building upon an old architecture? When is it time to start getting rid of some of the old stuff? And how do we decide what should stay and what should go?

Bill Peer, chief enterprise architect at InterContinental Hotels Group, who presented at the show, talked about building an internal cloud. In the process he is moving data from two mainframes predating the 1960s to new servers on a private cloud.

This is a multibillion dollar company making the move to get rid of old systems, and there are probably other enterprises out there sick of maintaining mainframes and code created by people who are no longer with their company.

The list of cloud computing benefits and risks is long and varied depending on who you talk to, but one benefit is clear: It could force CIOs to assess what they need and can do without, and, if anything, build more efficient data centers on their own.

There is a test for figuring out what can go and stay if you are not faint of heart. Howard shared a story of how Ken Anderson, former CIO of Novell, used to go into the company’s data centers at night and randomly turn systems off.

If no one noticed in three weeks, the system stayed off.

August 3, 2009  4:15 PM

CIO weekly wrap-up: Leveraging talent, change management, cloud trends

Rachel Lebeaux Rachel Lebeaux Profile: Rachel Lebeaux

Good afternoon! This past week on, we highlighted tips for leveraging employee talent, looked at ways to avoid IT project failures using change management strategies, and examined whether end users are bypassing IT in pursuing their latest cloud computing initiatives. Read the stories linked below and share your thoughts.

Hit the ground running and make people your priority — In Hit the Ground Running, a book by Jason Jennings, learn how some company executives are leveraging the power of their people for economic success.

Avoiding IT project failures with a change management strategy – CIOs typically aren’t involved in IT project execution, but they do pave the way for success with change management strategies. Here’s how.

Latest cloud computing trend: End users buying IT as a Service – Users want to consume IT as a Service and will bypass IT, or nudge IT into the cloud if necessary, to get there. Plus: How companies are handling chargeback.

July 31, 2009  3:08 PM

A disaster recovery plan meets cloud computing

Linda Tucci Linda Tucci Profile: Linda Tucci

David Shacochis, vice president, research and development at IT provider Savvis Inc., reminded me the other day that there is a big difference between a disaster recovery (DR) plan and business continuity, even though many forget the distinction.

A business continuity plan is your company’s prescription for things that you can expect to go wrong: components will fail, servers will fail, network outages are going to happen, IT professionals make mistakes. Disaster recovery is your plan for the things you can’t anticipate. “If you’re doing this Calvin and Hobbes scenario, where planes are falling from the sky, that is when you’re talking a disaster recovery plan,” Shacochis said.

Savvis, with 29 data centers, likes to boast it is has built the architecture required to give companies business continuity, which in turn gets rolled into its standardized services. “Virtually all our products have a high-availability option that can be added on for pennies on the dollar,” he said. And many customers use those services as their DR site.

But the premise of a DR-in-a-box solution — promised by various providers — is, in his view, untenable.

“We don’t really know what your requirements are, we don’t really know what the nightmare scenario will be, you’re not really implementing anything with us, but trust us, when you pick up the phone we’ll be there, and we’ll get you a data center in a heartbeat,” Shacochis said. “Those sorts of services are not that difficult to sell because there are a lot of people who want to believe that they exist. But they are very difficult to execute on.”

In fact, Savvis has not gone to market with a catchall DR solution yet. “We don’t really believe that the process maturity across so many different customers is there, or the standardization across so many different architectures is there that would allow us to do it,” Shacochis said.

Shacochis, however, believes that there will be a really elegant solution that will ultimately be cheaper than the present multi-tiered DR solutions and better. His idea is that the kind of cloud computing platform that Savvis is building in its labs will enable it — eventually — to offer DR that is standardized, flexible and cost-attractive enough to customers to make it worthwhile. Shacochis envisions a platform that can function as a complete cloud data center.

“All the typical IT resources you get in a physical data center, we’re going to be building in a platform that will allow you to provision not just your compute resources on the network, but to provision actual data center topologies for routing, switching, security, load balancing and failover features, as well as computing, storage and storage lifecycle management resources that are all running in a software-based context that you can control over a portal, and eventually control via a software API,” he said.

The beauty of that model, he says, is that companies could provision their entire cloud application stack, get it up and implemented and then turn it off.

“That really would be a cloud DR model, where the customer is paying a small percentage of what they would ordinarily pay for production, and they would have a highly functional and easy to executive DR plan.”

When will we see this? He thinks it’s a year or two off. Sounds good to me.

July 27, 2009  3:25 PM

CIO weekly wrap-up: ERM, NAC, cloud computing, IT outsourcing in 2009

Rachel Lebeaux Rachel Lebeaux Profile: Rachel Lebeaux

No weather-related complaints from me this week – it’s definitely summer in New England. Though it’s steamy out, I couldn’t be happier!

Here’s the latest content from, where this past week we focused on enterprise risk management, evaluating network access control (NAC), cloud computing and IT outsourcing trends in 2009.

Enterprise risk management quiz for CIOs – ERM is getting increased attention due to concerns about data protection, NAC, cloud computing and compliance. Learn more about ERM and take our quiz.

Evaluating network access control: NAC policy enforcement matters — After thinking through your usage cases for NAC, select the enforcement approach that meets your security requirements, budget and complexity tolerance.

If cloud computing companies form ecosystems, users will benefit – A partner network hosted by one provider, like Amazon’s EC2, can mean cost and performance advantages for customers of those services. Here’s how.

IT outsourcing trends 2009: Latest deals for the recession and beyond – IT outsourcing trends in 2009 are evolving rapidly as the economic recession, IT offshoring scandals and the drive for cost savings change how IT outsourcing contracts are structured. Check out our quick guide to IT outsourcing for more information.

July 23, 2009  8:06 PM

How will IT outsourcing play out in companies’ recovery plans?

Rachel Lebeaux Rachel Lebeaux Profile: Rachel Lebeaux

As IT outsourcing is one of the core areas I cover for, I am, of course, interested in how both offshoring and onshoring will fare in the coming months.

According to some soon-to-be-published analyst research on where IT outsourcing is going in the second half of 2009, although most enterprises have put IT outsourcing more on the back burner recently, the tide is about to change. Among the analysts’ conclusions: Companies’ outsourcing engagements will be more global in nature in a post-recessionary environment and will not involve significant upfront capital expenditure.

Meanwhile, just published a quick guide on IT outsourcing trends in 2009. It covers trends since the end of last year, when the drop in contracts began, and offers advice on how to properly structure your IT outsourcing contract for success in the recession, as well as the Satyam scandal and the rise of insourcing.

So, as the second-half play gets under way, the stock market is surging (just today, the Dow Jones Industrial Index climbed past 9,000) and the number of jobless claims appears to be dropping. There is definitely chatter that maybe, just maybe, we’ve rounded the corner on the worst of this recession.

Would a turnaround now change your outsourcing strategy? Did the Satyam scandal have any impact on how you do business? Are you considering insourcing as an option? Budget season is approaching for many enterprises, so this is an ideal time to examine these strategic questions.

I want to hear from you, our readers. If you’ve got stories or advice to share with your peers, please email me or find me on Twitter at @rlebeaux.

July 20, 2009  2:58 PM

CIO weekly wrap-up: Lean IT, project management governance, PPM

Rachel Lebeaux Rachel Lebeaux Profile: Rachel Lebeaux

Welcome back from the weekend! This past week on, we looked at Lean thinking for IT, considered project management governance and addressed IT portfolio management strategies as part of a larger project and portfolio management program. Read the stories listed below and let us know if you have questions or comments.

FAQ: Lean thinking for IT – Lean thinking is the process of incorporating Lean principles into an enterprise. This FAQ shows how Lean thinking works and how IT is benefiting from this improvement methodology.

Project management governance: How much is enough? – What goes into successful project management governance? The best mix calls for just the right amount of process and a focus on improved project completion rates.

IT portfolio management: Strategy matters more than software, CIOs say – IT portfolio management features aren’t a top priority for users of PPM software, a survey shows, but PPM strategy is.

July 17, 2009  2:44 PM

What is transparency, and how is it relevant to IT?

Karen Guglielmo Karen Guglielmo Profile: Karen Guglielmo

We’ve all heard about Obama’s promise for government transparency, but what about IT transparency?

First, what is transparency? Transparency is basically defined as openness and accountability in all areas of business. Obama’s promise for an “unprecedented” level of government transparency has caused many business organizations to look more closely at their systems and operations to determine how “transparent” they are and ultimately better protect themselves against potential legal ramifications.

Many IT organizations are also taking a closer look at transparency and accountability. By being transparent, IT can streamline processes, be more productive and improve customer service and support.

In a recent conversation with David Flesh, director of product marketing for ITSM at HP, we discussed how IT can drive efficiency and greater transparency to the business. One way of doing this is to leverage the power of the change advisory board. Change advisory boards are made up of IT and business stakeholders who meet regularly to review changes to systems and processes that will affect the business. With representation from all areas of the company, change advisory boards have the power to review and assess all changes taking place and ultimately confirm transparency among them.

Asset management is another area where IT can be more transparent to the business. As companies spend more money on IT, they want to know where all the money is going. Using asset management and IT financial management solutions, IT can again ensure spending transparency to the business.

Project portfolio management (PPM) is another way IT is addressing transparency. For example, one business unit might not have known that security was looking at a project that would involve reviewing confidential employee information. This could lead to legal issues. PPM helps address these issues and provide more transparency by creating a system where all units are aware of projects in the queues and how they affect other business and IT systems.

As Obama has said numerous times, “transparency promotes accountability.” Through formal processes and governance, IT can take a leadership role in delivering transparency to the business.

July 13, 2009  4:06 PM

CIO weekly wrap-up: IT ROI, NAC, cloud computing and email outsourcing

Rachel Lebeaux Rachel Lebeaux Profile: Rachel Lebeaux

Good afternoon! This past week on we ran the coverage gamut, from IT ROI strategies and network access control (NAC) to the real cost of cloud computing and email outsourcing approaches. Check out the stories listed below!

Proven IT ROI strategies in an economic downturn – CIOs who calculate ROI on IT projects are more likely to get executive approval, especially in an economic downturn. Learn how to effectively calculate ROI on new investments in business process management, IT Service Management and enterprise risk management.

Network access control now addresses multiple needs – Users have found multiple uses for NAC, including growing usage for guest networks. Understanding which of NAC’s four main use cases is yours is crucial to selecting the right system.

The real cost of cloud computing services – Cloud computing services reallocate costs and save you money in the short term, but companies should keep in mind what the usage-based model will cost long term.

Enterprises look beyond Gmail, cloud for email outsourcing services – Email outsourcing is taking off in enterprises as CIOs consider managed or hosted email services rather than Gmail or a full cloud-based email approach.

July 9, 2009  6:37 PM

Data protection in the cloud: What’s good enough?

Christina Torode Christina Torode Profile: Christina Torode

CIOs are pretty paranoid when it comes to data protection, and rightly so given they put their job on the line when they recommend a new infrastructure or service approach like cloud computing.

I’ve been told many times now by companies providing cloud computing services that their security measures are good enough if not better than the ones that their customers have in place — end-to-end encryption being the primary pitch.

But does this satisfy SOX compliance or really prevent someone, say an admin of another customer or internal-to-the-service provider, from finding a way to peek at your data?

These questions are nothing new for CIOs that have gone down the outsourcing path, but the implications of data running on a shared infrastructure do tend to make them squeamish.

Here’s a sampling of some questions Sam Gross, vice president of global IT outsourcing at Unisys, is getting since his company entered the cloud computing fray with the Unisys Secure Cloud and its Stealth data protection technology last week.

1. How can you absolutely, positively assure me that a cloud administrator [employed by you] will not in error grant some type of read or write access to the content, facility or service?

2. How can you assure me that none of your cloud administrators will have any visibility to that data and compromise our SOX controls?

3. How can you assure me that you can’t, will not and don’t have mechanisms to electronically transmit my data in the background to another third party?

Unisys Secure Cloud is backed by 800 consultants and Stealth is a technology Unisys developed for the Department of Defense based on bit-splitting technology made by Security First Corp. The technology splits data across multiple packets, across disks, multiple sectors and physical devices so that snoops can’t construct a single byte or single character of data using any single packet. On top of that, AES 256-bit encryption is used.

In answer to those three questions: No. 1, the assignment of read or write access is handled by the client through the client’s own directory and authentication mechanisms and not by Unisys.

No. 2, Gross uses the analogy of the cloud looking like nothing more than a series of pipes with water running through them when the cloud infrastructure is Stealth enabled. “The pipes have water running through them, but [people with malicious intent] can’t tell where the water came from, they don’t know where each drop of water is going and the water is transparent.” In other words it’s SOX compliant because all that is seen is a stream of ones and zeros.

No. 3, data that is in storage on the SAN is also Stealth protected so that even if you are a member of a client-defined community and transmit data, that transmitted data would be, again, a stream of unintelligible ones and zeros to the person on the receiving end.

“The end result is that if people put sniffers online, use Deep Packet Inspection mechanisms or physically remove a disk from a SAN and try to recover data, it’s impossible to assemble that data,” said Richard Marcello, president, Unisys systems and technology. “They won’t be able to recognize the payload or data construct, so therefore it’s cloaked and unrecognizable to the mechanism people use to steal data.”

Time will tell whether Stealth is truly the answer for a lot users, but you have to admit they have a much better explanation than, “Our security is good enough if not better.”

What security measures do you want to see from cloud companies? Let me know at

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: