Archive for August, 2009

« Older Entries

New Name For CIOs: Strategic Execution Officer

Wednesday, August 26th, 2009
CIOs Need To Learn To Manage Wild IT Projects<p>(c) - 2007</p>

CIOs Need To Learn To Manage Wild IT Projects(c) - 2007

In order to complete in a global economy that is moving faster every day, more and more firms are committing to implementing those really BIG process digitization projects. More often than not the CIO will find himself / herself in charge of not only the implementation of the new software application, but also the overall success of the project. How do you go about doing that?

What Goes Wrong With Big IT Projects

We all know the statistics – most big IT projects are not successful. However, the key question is why? It turns out that all too often the issue is not with the new process automation technology that is being implemented, but rather with the management challenge that comes along with a project like this.

The reason that managing a large transformational IT project is so hard is because the CIO also needs to be finding ways to drive the new business process changes that will be required once the new systems have been installed. It turns out that nobody likes change!

What Doesn’t Work?

It seems as though IT departments have been trying since the beginning of time to find a way to tackle this two-headed IT project beast. One approach has been to give responsibility for the success of the project to an executive governance committee. It turns out that this type of committee does an excellent job of defining the strategy for implementing the changes that will be needed, but does a lousy job of executing it.

Another approach has been to create an IT task force to implement this type of change. They generally do a good job of getting the new application up and running, but they lack the wide-ranging authority to cause other parts of the company to change how they are doing their jobs.

What Does An IT Strategic Execution Officer Do?

If the CIO is willing to step up and tackle leading both sides of a major IT process automation project, just what do they have to do? There are three fundamental tasks that they will need to deal with:

  • The implementation of the process automation application(s).
  • Making sure that the new technology gets adopted by the rest of the company.
  • Making sure that the new processes that the project has implemented start to get used by everyone.

Ultimately, the CIO will be filling the management / leadership gap that exists between coming up with the process automation plan and actually changing the company to use the project once its been implemented.

Final Thoughts

No CIO wants to take on more work – there’s not enough time in the day to get everything done as it is. However, ensuring that big IT projects get implemented correctly and that the company transforms its processes in order to use the new tool is the key to the company’s long term success.

This is a clear example of where a CIO gets to practice for his / her next job: becoming CEO. Nobody else will be as well positioned to implement cross-company changes. CIOs who can pull this off will have found a way to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

The basic job of a CIO is to ensure that a company’s IT infrastructure operates smoothly and allows the company to conduct business. On Monday, August 3, 2009, PayPal’s CIO failed at this most basic of jobs…

Tags: , , , , , , , , , , , , , , , ,
Posted in product managment | 4 Comments »

Halt – Who Goes There? CIOs Need Good Identity Management

Monday, August 24th, 2009
CIOs Need To Solve Their ID Management Crisis<p>(c) 2007</p>

CIOs Need To Solve Their ID Management Crisis(c) 2007

As though keeping all of those servers up, applications running, and end users happy seems like enough to make being CIO a full-time job, now CIOs also have to take on the role of data cop? The answer to this question is “yes”, in all honesty, they really should already be doing it. Most company’s most valuable asset, after their employees, is their corporate data. CIOs need to find a way to make sure that they know who is accessing it and why.

Just What Is Identity Management?

Identity management is how an organization controls access to its information based on an individual’s rights and responsibilities. It turns out that most IT shops have been doing a pretty poor job of this.

All too often most of us rely on our old friends Mr. Username and Mr. Password. How many dictionary based cracking events do we need to see in the movies in order to convince us that this is a very poor way to secure our data?

The right way to start to authenticate identities better is to use a second-factor authentication system such as biometrics, tokens, etc. Additionally, using single sign-on technologies can help you bring disparate systems together and save the end users from having to carry around lists of usernames/passwords.

What’s The Best Way To Do Identity Management?

The first step to creating a workable identity management solution is to establish some policies. These policies need to lay out just who is allowed to access what information. Clearly, if you’re not allowed to use some piece of information as a part of your job, then you shouldn’t have access to it.

One of the biggest pitfalls that is found in IT departments today is the existence of multiple different “silos” of data that end up creating a confusing and mixed up environment for access control. Once again, implementing a single-signon solution can solve this problem.

Final Thoughts

Taking the time to design and implement a good identity management solution is very much like buying insurance for your IT department. You hope that you don’t really need it, but you know that you probably do and it’s the grown-up thing to do.

Taking the time to solve your identity management issues once and for all will allow a CIOs to have found a way to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

More firms are committing to implementing those really BIG process digitization projects. More often than not the CIO will find himself / herself in charge of not only the implementation of the new software application, but also the overall success of the project. How do you go about doing that?

Tags: , , , , , , , , , , , , , , ,
Posted in security | No Comments »

Application Whitelisting Only Works Sometimes – CIOs Need To Know The Facts

Wednesday, August 19th, 2009
Application Whitelisting Offers CIOs Another Way To Protect Their Networks

Application Whitelisting Offers CIOs Another Way To Protect Their Networks

It’s a battle out there: hackers and organized crime groups vs. your company. Whereas you have to worry about keeping the company successful and lowering costs, all they have to worry about is finding ways to break into your network. Doesn’t seem very fair, does it? There is some good news for CIOs: application whitelisting has arrived.

What is Whitelisting?

The problem with trying to protect your company’s network is that the bad guys are always trying new and innovative things. In order to block them, you have to stay on top of what the latest attach vector is and install defenses against it throughout your network. This can be a real time waster – it’s critical to do, but it contributes nothing to the company’s bottom line.

Whitelisting applications takes a 180-degree different approach to securing your network. Instead of trying to identify and block all of the bad malware variants that are trying to get into your network, whitelisting focuses on identifying all of the applications that SHOULD be allowed to access your network.

This of course means that you need to block everything that is not whitelisted. The theory is that all that malware that shows up will find the door to your network slammed shut on them.

Whitelisting Is Not For Everyone

In some enterprise IT environments, whitelisting is the wrong way to go. In these environments, using application whitelisting can actually drive up operational costs so high that things quickly get out of hand. Ill-suited IT environments are those in which workers need to be constantly installing new and changed applications on the fly in order to complete their tasks.

Where Whitelisting Works Well

That being said, there are IT environments in which application whitelisting works very well. These environments tend to be very static with very few application changes. A great example of this is call centers.

Another example where whitelisting has worked well is in the retail sector where cash register environments are very static and only need to be updated ever six months. Some companies have discovered that they have been able to do away with anti-virus protection (and the associated cost of maintaining it) on those machines.

Final Thoughts

The fight to secure the company’s network from the forces that would do bad things to it is never-ending for CIOs. However, this is not what CIOs should be spending their time on – there is not a bottom line benefit.

Whitelisting of applications provides yet another way to secure the firm’s network by taking a novel approach to security – don’t worry about identifying the bad guys, just worry about identifying the good guys.

Whitelisting won’t work for every environment, but in certain static IT environments it can work wonders. CIOs who can identify the right IT environments in which to use application whitelisting will have found a way to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

Most company’s most valuable asset, after their employees, is their corporate data. CIOs need to find a way to make sure that they know who is accessing it and why.

Tags: , , , , , , , , , , , , ,
Posted in security | 3 Comments »

Data Protection Secrets: CIOs Know That It Starts At The Endpoint

Monday, August 17th, 2009

CIOs Know That Managing Endpoints Is The Key To Securing Company Data <br> <div xmlns:cc="http://creativecommons.org/ns#" about="http://www.flickr.com/photos/john/47544223/"><a rel="cc:attributionURL" href=
Just imagine this scenario: you’ve just been made CIO of your firm when all of a sudden one of your competitors suffers a massive data loss because of outside hackers. Your CEO storms into your brand-new office and demands to know what you are doing to secure your firm’s data. What would you say?

The Old Way Of Doing Things

Good CIOs realize that a firm’s IT infrastructure can’t just be thought of “those boxes”. Instead, an IT infrastructure consists of three layers of devices: core servers and perhaps mainframes, a set of network connectivity devices such as routers and hubs, and then endpoints – the PCs and laptops that you and I use every day.

IT Networks Consist Of 3 Separate Levels Of Equipment

IT Networks Consist Of 3 Separate Levels Of Equipment

Since there are more endpoints than any other type of equipment in most corporate networks, CIOs realize that this is where must of their company data loss efforts must be focused.

In the past, securing network endpoints often meant that all one had to do was to load up some anti-virus software on every laptop and you could check this off of your CIO to-do list. Sorry – that no longer works.

Welcome To The Real World

As we enter the brave new world of policy management, we are seeing a shift to policy-based enforcement being used to control company data that is being used on enterprise network endpoints.

Using policy-base management of endpoints allows multiple areas to be managed. These areas include:

  • Configuration
  • Patch
  • Access
  • Application
  • Anti-virus

The Case For Using Policy-Based Management of Endpoints

Let’s face it – we are all have too much to do and too little time in which to get it all done. Establishing corporate IT polices allows a set of rules to be laid down that tell everyone what is and is not permitted. When you extend these polices to cover how you manage the endpoints of the company’s network, then all of a sudden you’ve made your life that much easier.

Policies allow you to prioritize the company information that you want to protect. Once you identify this information, you’ll then be able to realize just how much of it is being stored on the endpoints!

This new understanding then allows you to set up a systems security approach to making your PCs and laptops safe. By doing this you’ll be able to ensure that your network endpoints are now secure places to house that valuable corporate data.

Final Thoughts

There’s no way that any one person in an IT department can make sure that all of your PCs and laptops are secure all the time – even if you are the CIO. Yesterday’s piecemeal approach of placing an anti-virus application on each PC and then considering the job done was a poor solution.

Using a system’s approach and establishing company policies for how management of endpoints should be done sets up a much simpler way of ensuring that all endpoints are secure. CIOs that do this will have found a way to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

It’s a battle out there: hackers and organized crime groups vs. your company. Whereas you have to worry about keeping the company successful and lowering costs, all they have to worry about is finding ways to break into your network. Doesn’t seem very fair, does it? There is some good news for CIOs: application whitelisting has arrived.

Tags: , , , , , , , , , , , , , ,
Posted in security | No Comments »

Bye-Bye Baby Boomers: Should A CIO Be Worried?

Wednesday, August 12th, 2009
The Baby Boomers Are Getting Ready To Leave IT...

The Baby Boomers Are Getting Ready To Leave IT...

The very first baby boomer was born on January 1st, 1946. Soon after that a LOT more baby boomers were born. This generation of workers is just now reaching retirement age en-mass. With the possibility of having a large group of experienced workers leave the workforce all at once, should CIOs be worried?

Defining The Problem

Every IT department has staff turn-over issues. We all hate to lose experienced IT professionals. What makes the pending retirement of the baby boomers such a big deal is that if they all leave at the same time, CIOs will be left with a knowledge gap.

The number of people entering retirement age (ages 65-74) will increase by 80% between 2006-2016. Something that compounds this problem is that the employees in the prime of their careers (ages 25-54) will only increase by roughly 2.4%. This sure looks like CIOs are going to be facing a big issue

A Dose Of Reality

Before you get too alarmed, realize that not everyone is panicking at this point in time. It turns out that the U.S. workforce will be growing (in absolute numbers) over the next few decades. At the same time, in IT productivity improvements have resulted in the elimination of the need for many types of IT workers.

It’s entirely possible that the big issue that CIOs are going to be facing going forward will not be the lack of workers, but rather the lack of workers with the right types of talents. Experts believe that companies have not been making the investments in their workers that are needed to create the needed workers of tomorrow.

What’s A CIO To Do?

Staffing planning is something that CIOs should be doing anyway. With the arrival of the baby boomer’s retirement age this task has now become even more critical. What should a CIO be doing? Tasks include:

  • Projecting the labor supply that you will be needing
  • Determine the cost/benefit of retaining specific people.

Instead of spending too much time looking at the average age of your overall IT department, CIOs should be doing some deeper diving. CIOs should run reports to get the average age within a set of specific IT roles or geographic areas.

Final Thoughts

The challenge of large-scale retirements by baby boomers should cause every CIO a moment of pause. However, with more investigation they may find, like Dow Chemical did, that many baby boomers put off having children until later and only now are facing steep college bills. This means that there probably won’t be any mass exodus. However, CIOs need to start to start spending time preparing for the future.

Taking the time to research the ages of their IT staff who are handling different tasks and creating staffing plans for dealing with these challenges is a critical CIO task. CIOs who take the initiative and start planning for the future will help their companies to grow quicker, move faster, and do more.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

Just imagine this scenario: you’ve just been made CIO of your firm when all of a sudden one of your competitors suffers a massive data loss because of outside hackers. Your CEO storms into your brand-new office and demands to know what you are doing to secure your firm’s data. What would you say?

Tags: , , , , , , , ,
Posted in staffing | 7 Comments »

« Older Entries