Talk of the demise of the chief digital officer role — an executive position designed to help companies drive digital strategy — is surfacing. And not just in media reports. Ask chief digital officers what their ultimate goal is, and you’ll likely hear it’s to put themselves out of a job. That’s because once digital strategy becomes the business strategy, a chief digital cheerleader is no longer necessary.
Regardless of the CDO’s fate, digital initiatives will remain important to the business, said Anna Frazzetto, chief digital technology officer — that’s CDTO — at IT recruiting company Harvey Nash. And, so, while CDOs might not be called CDOs for long, the digital agenda they’ve championed won’t disappear. That’s good news for CIOs who haven’t shied away from the digital business bandwagon and not so good news for CIOs who have. Because here’s how Frazzetto sees the role evolving: “I think there’s going to be a melding of the CIO role and the CDO role,” she said. “It’s going to be called something else, but the underlying current is going to be the digital officer aspect of it.”
Frazzetto, whom I met at last May’s CDO Summit, speaks from personal experience. In her role as CDTO at Harvey Nash, Frazzetto weighs in on internal technology planning, but she also works with customers to help them build a digital strategy. Her current position underscores both her technology experience (she got her start at IBM as a systems engineer) and her communication skills (at a mentor’s behest, she pursued roles on the business side of the house).
The techno-biz blend of skills isn’t unheard of for CDOs. David Yakir, one of the first digital officers, was both a CTO and a CEO before becoming Young & Rubicam Group’s CDO in 2003. And, so, while Frazzetto’s title as a CDTO is unique, her range of experience as a digital officer isn’t. If Frazzetto is right and businesses decide to merge the CDO and CIO positions, chief information officers who aren’t working collaboratively with the business may have a tough time competing for the newly hatched role.
It’s those CIOs’ own doing, she argues. If they’d kept pace with the business, transforming the role as necessary, the CDO position wouldn’t exist. “It’s kind of like UPS and FedEx. They came into existence because the postal system didn’t think about having next-day delivery,” she said.
Talking SMAC, an acronym for social, mobile, analytics and cloud, is so yesterday. Instead, if CIOs want to be fashion forward — technologically speaking — they should start talking artificial intelligence, machine learning and software-defined security, an approach that relies on software rather than hardware to enforce security policies regardless of the user’s — or the application’s — location.
Technologies like these are broadly featured in Gartner’s new “Hype Cycle” report on emerging tech trends. They keep company with the likes of quantum computing, which leverages quantum mechanics to produce a big computational boost, and with the science-fiction sounding smart dust, micro-electromechanical systems that can detect environmental factors like temperature. Far out? Not as far out as one might think, said Gartner analyst Betsy Burton, one of the report’s authors, in a recent webinar. She described the technologies as the foundation of digital business 2.0, building on the big data/cloud/mobile framework and striving to make the line between the digital and physical worlds practically indistinguishable.
“Digital business technologies are moving beyond the initial hype,” Burton said, referring to technologies like wearables, blockchain, 3D printing and the Internet of Things. “And we’re starting to see new disciplines and innovations when it comes to how to support digital business in a more effective way.” She pointed to artificial intelligence a la smart applications, conversational interfaces and virtual personal assistants as an example of a class of technologies that will push the digital business envelope.
Burton and fellow analyst Mike Walker, a co-author of the report, framed the emerging tech hype cycle in IT terms, pointing to three “macro” trends.
- First, CIOs and IT leaders will need to help create more dynamic, seamless experiences for customers (by way of augmented or virtual reality, for example). “It’s about how technologies are blending into our environment,” Walker said.
- Second, experience is only half of the equation; the other half is intelligence, he said. Embedded algorithms and more advanced analytics can deliver the right kind of experience at the right time. “Context is king,” he said.
- Third, the platform is the bridge between human and technology. Platforms will not only enable new business models, but will help companies scale digital business up and out, what Burton described as “the next big challenge for organizations.”
For the uninitiated, Gartner hype cycles track the maturation of a wide swath of technologies from market noise to mainstream adoption. For this year’s emerging tech hype cycle, the consultancy looked at more than 2,000 technologies and pinpointed the 30-plus it believes CIOs and IT leaders should familiarize themselves with to help build out their IT roadmap.
“It’s important to understand that the timeline we’re looking at here is between a five- and 10-year horizon,” Walker said. In other words, the technologies featured in this report aren’t necessarily ripe for implementation (brain-computer interface, anyone?) but instead house the potential for a company’s next competitive advantage — at least in Gartner’s eyes.
Robotic process automation software is having a moment, this despite there being a good deal of confusion about what the term refers to.
The robotic process automation (RPA) that’s hot today does not refer to the industrial robots that automated manufacturing plants. It’s also different from cognitive robotic process automation — technologies using so-called neural networks like those that animate IBM Watson and Google Deep Mind, which depend upon very large data sets to mimic human decision making.
The robotic process automation that’s getting a lot of buzz today refers to software that can help automate mainly back office work that is rules-driven, repetitive and involves overlapping systems: think tasks that search, gather, collate and update data.
“It’s what they call ‘swivel chair’ work — clicking on multiple systems, getting data from one source and putting it into another, where people are actually stuck four or five hours a day just doing this boring, manual nonsense,” said Allan Surtees, head of IT at Gazprom Energy in Manchester, U.K., a gas and electricity supplier to businesses in the U.K., France and the Netherlands.
Surtees began working with RPA software developed by Blue Prism more than five years ago at his previous job with Q2 UK, a Telefonica company, so when he joined Gazprom in 2014, he was primed. During his first three months there, as he talked with business partners about the IT function, homing in on problems they needed solved, he also met with users.
“I observed straightaway that a lot of them were doing work … with data that gets manually copied and pasted from one system to another. I saw immediately there was an opportunity for RPA,” he said, adding that RPA at Gazprom is not about eliminating jobs. His first project involves a “very simple process” that automates how meter readings are verified, freeing up the employee tasked with that chore for work that will bring in revenue, he said.
RPA best practices still ‘in infancy’
Surtees’ approach to RPA — talking to the business, observing manual work and targeting processes, or parts of processes where automation adds value — is essential for RPA success and not easy to do. Matching RPA to the right process is “still an art form,” said Craig LeClair, principal analyst at Forrester Research, specializing in enterprise architecture.
Indeed, best practices for RPA are still in their infancy, LeClair said. The result is that RPA projects are being implemented without a solid framework that covers change management, identifies gaps in the process that affect compliance, supports customer experience and prepares for cognitive RPA.
Here are a few of his guidelines highlighted in a Forrester report on RPA best practices published in May.
Identify data entry and review tasks that cross multiple systems. LeClair cites a mortgage origination process that involved three separate employee groups interacting with and requiring training on 15 systems. The implementation of RPA robots, which review captured data, eliminated one entire group and cut down the systems employees needed to be trained on to only seven.
Be prepared to dive into process minutia. Programming a software robot requires knowing exactly where to grab a particular field on a screen and which events will trigger an action. Plus, if a screen changes orientation or a user skips a field, it will throw off the bot.
Design RPA processes with expert employees who know the steps better than anyone. One caveat: When it comes to testing RPA, it may be better to use “the worst and dullest” rather than the process experts, as the experts are the most likely to be offended by the automation of tasks they have mastered to perfection.
Keep compliance and legal teams in the loop. RPA is good at generating reports needed for compliance, and combined with analytics, RPA can cut down on compliance reporting. But using bots to perform human work also introduces a new category of risk.
Cloud service agreements — which spell out the obligations and responsibilities a cloud provider and a customer must adhere to — are documents organizations with IT operations in the public cloud are familiar with. They’re also most likely familiar with terms that don’t necessarily match the commitments to performance and security they require. And with contractual language that changes with the cloud provider.
Still, organizations that want the cost-savings and flexibility that cloud computing promises have little choice. There are still few official cloud standards governing the industry, so cloud contracts from different providers are difficult to compare side by side – and they can be riddled with pitfalls for uninformed customers.
That’s all due to change, albeit gradually, according to the Cloud Standards Customer Council. The user advocacy group gave a live webinar Thursday presenting its updated guide “Public Cloud Service Agreements: What to Expect and What to Negotiate Version 2.0.”
One of the speakers in the webinar, John Bruylant, founder of cloud services broker TheCloudTurbo, said there are a number of cloud industry developments regarding cloud service agreements, including the International Organization for Standardization’s ISO 19086 and the Slalom project. Both aim at standardizing language used in cloud service contracts, terms of the agreements and the metrics cloud providers use to track services.
Another speaker, Mike Edwards, who works on cloud standards at IBM, said the portion of ISO 19086 laying out terminology standards on commitments to customers made by cloud service providers will be released in the next two months.
“Hopefully, that will help bring some consistency to different cloud service agreements and make it easier for customers to understand what they’re getting,” Edwards said.
The Cloud Standards Customer Council’s Claude Baudoin presents a list of pointers on understanding and evaluating cloud service agreements in this SearchCIO tip.
Fortunately, organizations today aren’t using those technologies for mobile devices, he said.
“The good thing is that most enterprises started off with mobility as a brand-new thing,” said Zumerle, co-author of the updated report “How Digital Business Reshapes Mobile Security.” So they bought new mobile security systems to manage and secure their employees’ devices.
The most common one organizations use today to enforce mobile security policies is enterprise mobility management (EMM), which monitors mobile devices and controls employee access to applications. Zumerle said the vast majority of Gartner client organizations use an EMM tool.
A minority of organizations, “for a number of internal reasons — usability, technical reasons — do not want to manage devices,” Zumerle said. “It’s a slightly different approach. Instead of trusting the device, they are trusting parts of the architecture.”
Organizations that choose to “unmanage” devices may pack their email contacts, calendars and business applications into a mobile container and “make sure that container stays safe from any sorts of attacks.”
The personal applications employees use would be outside the container; the advantage is they are isolated from the company-sanctioned business apps, Zumerle said.
Or organizations can set up an enterprise app store. There, employees can browse and download approved applications. Some basic detection programs would be run on the devices workers download apps to — to check whether the devices were “jailbroken,” or had software restrictions removed, or otherwise compromised.
“You would have those sorts of things, but you wouldn’t impose a device-wide enterprise policy,” Zumerle said.
Just the basics
A third category of organizations don’t have proper mobile security systems — but they do impose the most basic security on devices used by their workers. They may use Exchange ActiveSync, a Microsoft protocol that lets users access email and contacts from their employer’s Exchange server. It can be used to impose security on mobile devices, but it’s bare-bones.
“You basically can force a very basic policy onto the device in terms of passcodes encryption and so on,” Zumerle said. “There’s a portion of the industry right now that are still at that stage, where they’re using that basic protocol for some basic management of the device.”
It happened at the end of a panel discussion on how the digitization of work (of the world!) is changing the CIO profession, and it was over in a flash. But the reaction — a burst of applause — to a question fielded by veteran IT executive Stephen Gold reflected the pressure CIOs are feeling about their jobs.
Gold is CIO at CVS Health, the $180 billion corner drugstore chain turned pharmacy innovation company, as it calls itself. Over the past four years the Woonsocket, R.I. health care provider has relentlessly pursued a “customer centric” digital strategy, Gold told the audience at this year’s MIT Sloan CIO Symposium.
The overhaul began with creating a “consistent digital image” for the customers and patients of its lines of business — CVS Pharmacy, CVS Specialty, the MinuteClinic, Caremark — each of which had its own website, mobile applications and development team. But that was just the “tip of the iceberg,” Gold said. The adaptation of legacy IT systems to a digital marketplace at a company the size of CVS is such an enormous task. Indeed, the quest gave rise to the hiring in 2013 of a chief digital officer (CDO), Brian Tilzer, and in 2015 the formation of a digital innovation lab in Boston.
“You read the press — there is talk about the demise of the CIO, the rise of the CDO, but I don’t see it that way. I don’t see it as a threat,” he said of CDO hire, noting that he strategizes with Tilzer all the time. “I view it as an opportunity. I was exchanging emails with him at 6 o’clock this morning on a trip we’re taking to San Francisco.”
Here was a CIO confident enough to voice what others in the room must have been thinking when they heard chief digital officer.
Training for the CIO profession
The MIT panel included JetBlue Airway’s CIO Eash Sundaram and chief commercial officer Marty St. George. Shawn Banerji, managing director of the technology division at executive search firm Russell Reynolds, moderated the panel, which focused on how CIOs are adapting their organizations for digital times. Sundaram, for example, serves as chair of JetBlue’s new venture capital arm in Silicon Valley, which seeks out startup technology — personalization, geolocation, virtual reality — that can be used to enhance the travel experience.
At the end of the session, Gold took a question from an audience member who identified himself as a former CIO and professor in the business school at Northeastern University. What should the IT curriculum cover to prepare a new generation for the rigors of the CIO profession? Should we be training students in computer science or be teaching something else? “It sounds like the traditional MIS curriculum doesn’t fit anymore,” the professor said.
“In my opinion, I would say it is an and, not an or. I still believe the chief information officer has to be a computer scientist or has to be an electrical engineer,” Gold began. “You wouldn’t have a chief medical officer that was not an MD,” he added, his voice rising, “you wouldn’t have a chief accounting officer that’s not a CPA.” That’s when the applause broke out, first a single hard clap then a burst of applause and an affirmative shout out from the crowd — hear, hear!
It’s not that CIOs need to write code, Gold said, although he still can, he noted.
“But you have to understand the architecture of how these systems get built and maintained,” Gold said. “You have to continue to teach the fundamentals and on top of that teach them what it means to be a business-focused CIO.”
“Our philosophy is we are a customer service company that happens to fly planes,” Eash Sundaram, CIO and executive vice president of innovation at JetBlue Airways, told a lunchroom of CIOs at this year’s MIT Sloan CIO Symposium. “Technology is the backbone of our customer service.”
Many companies like to tout customer service as the key to their success. And many companies, no matter the industry sector, view technology as core to the quality of their customer service. How else could they sell to a digital customer if technology, specifically information technology, were not a pillar of their business models?
So perhaps it shouldn’t be surprising that the JetBlue CIO, in addition to his IT and innovation roles, is also chair of JetBlue Technology Ventures, the airline’s Silicon Valley venture capital arm, which seeks out technology startups that enhance customer experience.
But the career twist — CIO as venture capital investor — was a new one on me in what may be the fastest-evolving role in the C-suite. And it apparently sounded novel enough to the CIOs and other IT corporate types sitting near me: We perked up when Sundaram, on a panel about the CIO role in digital transformation, started talking about the venture investment firm, formed in February and located 2,931 miles west of the airline’s Long Island headquarters in Redwood City, Calif.
“We have a small team out there with its own funding and a president who reports to me,” Sundaram said, referring to the multitalented Bonny Simi, pilot, three-time Olympian and Stanford grad.
JetBlue’s investment aim is to find and develop businesses that “sit at the intersection of technology, travel and hospitality,” in particular, early-stage startups specializing in personalization, geolocation, messaging, and virtual reality and other new technologies that bridge and enhance a JetBlue customer’s digital and physical travel experience.
“It’s a nice model for us to bring innovation back to the mother ship. In some cases, the investments we are making will be consumer products on Day 1, and in some cases five to 10 years out. We think this is going to be an important vehicle for expanding what Jet Blue does,” Sundaram said.
JetBlue CIO and digital transformation
While CIO-as-venture-capital-investor might be a rarity, Sundaram is representative of the latest iteration of the CIO role, said Shawn Banerji, managing director of the technology division at executive search firm Russell Reynolds and the moderator of the MIT Sloan CIO panel.
Five years ago, with the advent of cloud, most companies in search of top-notch IT talent put a premium on the “operational CIO,” Banerji said — someone who could build a robust, secure, scalable, functional utility across the enterprise.
“That’s a tough job. It requires great business aptitude; it takes relationship skills, great program project management skills, people leadership — all those sorts of things,” he said. About two years ago, CIO search criteria started to change.
“We saw the adaption of the role into the transformational CIO as businesses wanted to change from legacy ways of doing things into a more digital way of interacting with customers. They expected the CIO to adapt and play that role in that transformation,” Banerji said.
The technical aptitude and business skills required for this role are not exactly aligned with those required of the operational CIO, he added. Transformational CIOs like Sundaram, in addition to building robust IT operations for a digital customer, are also driving new products — and making money for their companies.
Many of those sought-after operational CIOs, while superb at their jobs, do not have the capabilities to become digital leaders. “It’s a different kind of profile,” Banerji said.
Technology is marching at a breakneck speed and organizations are relying on innovation to keep pace with the changing ecosystem. The big four technologies that are driving business innovation — social, mobile, big data analytics and cloud, referred to as “third platform” technologies by IDC and as the acronym SMAC by others — are changing enterprise IT and the way businesses and customers communicate with each other, requiring businesses to evolve their strategies in order to thrive.
And CIOs play an important partnering role when it comes to innovation, said Fred Magee, adjunct research advisor at IDC.
In an IDC study titled Creating Innovation Strategies — Learning to Think beyond Enterprise Boundaries, Magee details a framework to help IT leaders who are using IDC’s Leading in 3D approach in creating multi-tiered innovation strategies within an organization.
Magee sees the L3D model – designed to help IT leaders create an IT strategy that aids their organization’s digital transformation — as the implementation end of innovation.
“The point of creating an innovation strategies framework is to create a context within which business leaders and CIOs can understand how the world is changing digitally and where they need to make investments and change their business models, IT infrastructure and their processes to adapt to that changing world, from large transcendent changes to small incremental ones,” Magee said.
IDC makes clear that innovation is not a one-size-fits-all process. The innovation strategies framework is designed to help organizations realize the kinds of innovation they need in relation to their business strategy, he said. The framework has three tiers of innovation: Disruptive, adaptive and incremental.
“If you think of disruptive innovation as driving innovation toward the market, adaptive is recognizing that the market is changing already … and incremental is driving innovation one step at a time,” he added.
The three tiers of innovation may seem separate, but they are not, he said. Even organizations that are disruptive by design will operationalize their disruptions sometime, he added.
CIOs can connect the dots between organizational priorities and technological possibilities.
“[The] CIO is really going to be more of an innovation partner and is going to be in a position to identify the best means for using digital technologies to support the digital transformation of the business that the executive, marketing and sales leadership and perhaps the board have identified as being critical to the business’ future,” Magee said.
To identify the right types of innovation, it is important to recognize external drivers like customers and market changes and identify the company’s leadership style — visionary or cautious — and whether it is willing to launch a significant innovation, he said. Determining a company’s business goals — whether it is trying to achieve competitive supremacy or competitive equality — comes next, followed by the execution phase, he added.
“When you start to define the ideas that actually make sense to your business, then you say, ‘OK, this is a manageable, moderate amount of innovation that might be possible to do on a continuous basis because we understand the investment profile for this kind of investment and now we have to execute it.’ That’s where L3D comes into play,” Magee said.
L3D is a process for turning ideas into deliverables, Magee said. It is about first identifying what needs to happen, then taking it through a process of innovation, integration and incorporation, he added.
The innovation strategies framework has four stages: analysis, ideation, L3D delivery and evaluation.
“Using this innovation strategies framework, hopefully you will have engaged your stakeholders, business leadership, in a process of identifying the right places to innovate and also a process for making a business case for it,” Magee said.
The EU-U.S Privacy Shield data transfer pact is now in effect, and U.S. cloud providers, e-commerce retailers and other companies that want to collect customer data from their European Union counterparts can start signing up to use the laws Aug. 1.
The framework, which replaces the Safe Harbor agreement dissolved in October 2015, has stronger security protections for EU citizens whose personal information will be shipped across the Atlantic. U.S. companies on the receiving end have to self-certify, promising to uphold data privacy principles such as “notice” — which requires companies to let customers know what will happen to their data. But in complying with Privacy Shield principles, companies can also use the new pact to improve their reputations as customer-centric organizations, said Enza Iannopollo, an analyst for Forrester Research.
“If I am required by the regulation to put in place a process to address access requests for the data of my customers, how do we do that?” Iannopollo said. “Am I giving them the right explanation, and when I do that, when I communicate with them, am I showing the right level of sensitivity and the right level of understanding?”
If the answer to those questions is yes, that’s good news, Iannopollo said. Customers will give high marks to companies that explain their privacy policies on their websites in ways they can easily understand. If companies give the job to their legal teams, and those teams churn out dense legalese, customers may feel discouraged and underappreciated.
“You’re losing a big opportunity, which is using that content to show once more to your customer, ‘I care about you,'” Iannopollo said. “‘I’m easy to do business with, and I’m putting you charge and this is the control that you have over your data.'”
Ensuring customers’ security and privacy, she said, can be a “differentiating factor.” Consumers will happily continue to give their business to customer-centric organizations they feel respect them and their privacy — and even pay more for their products and services.
“Compliance is where you start, but then you can push privacy really all the way to a business growth strategy,” Iannopollo said.
Before organizations needed to protect the business data their workers access on smartphones and tablets, they had to — and still do — protect the data employees use on laptops and PCs. So why not use those same endpoint security tools to protect mobile devices?
Two main things: the way people use mobile devices and the way mobile devices are built, said Gartner analyst Dionisio Zumerle, co-author of the recently updated report “How Digital Business Reshapes Mobile Security.”
“The traditional management models just don’t fit mobile,” Zumerle said. “You have the way that people use their mobile devices — that promiscuous way, if you will — that they use mobile devices with personal and business.”
Users are “promiscuous” on mobile devices, Zumerle said, because they’ll just as soon as use a reporting tool to prepare a business presentation on their smartphones or tablets, for example, as they will post a picture of an Independence Day picnic with their families on Facebook. Mobile devices make it easy not to discriminate.
That doesn’t happen as much with laptops or PCs, Zumerle said, “maybe because people don’t consider a laptop that personal.” Or it could be because most of the personal activity that is done on laptops — email, scrolling through Twitter or Instagram, or shopping on Amazon — happens in browsers.
Lack of oversight
Another reason traditional tools don’t work can be traced to the architectural differences between traditional devices and mobile devices. For example, laptops and PCs have been built to do things like track user activity. And if anything untoward is going on, they can be locked down.
“With certain agents on the device, you can pretty much see a lot of what’s going on, on the device and a lot of what the user is doing is with the device, with the enterprise data on the device,” Zumerle said. “And that’s something that you cannot do on mobile devices for technical reasons.”
What most companies today are using to manage and protect mobile devices, a panoply of enterprise mobility management tools, do allow organizations to see some, but not all, of what a user is doing on a mobile device. And there are newer tools, such as cloud access security brokers, that will send a warning to someone trying to, say, access a free file sync-and-share service such as Dropbox. So someone trying to move two gigabytes of data from a mobile device won’t be in stealth mode.
“Still, it’s difficult to see what data was that two gigs of data,” Zumerle said. “Just pictures from my birthday party? Or was it real enterprise data from customers?”
Dionisio Zumerle discusses the trends that are shaping mobile security today and how to get started on a strategy in this SearchCIO interview.