Archive for October, 2009

« Older Entries

Pay Up!: How CIOs Get Departments To Pay For Their Share Of IT

Wednesday, October 28th, 2009
Image Credit 1-800-Flowers Found A Way To Make Everyone Pay

1-800-Flowers Found A Way To Make Everyone Pay

Everybody wants their IT services for free. When you become the CIO, you’ve got to find an answer to the ugly question of just who’s going to pay you for all of those fancy IT services that your department can provide.

Sometimes there’s a single IT budget for the entire company that everyone draws from. But who gets what? Does everyone get the same amount? Do successful departments get more IT services than other departments? If they don’t, then will they start to set up their own IT department? Looks like another problem that you’re going to have to solve when you are the CIO…

Budget, Budget, Who’s Got The IT Budget?

In most of the civilized world clean drinking water is freely available all the time. Since it’s always available and we don’t really pay very much for it, we use it like there is no tomorrow.

Who cares about leaky faucets? Run the yard sprinklers, fill the pool, etc. – there’s really no cost to being wasteful with the stuff. This is all fine and good until something happens. When there is a sudden scarcity of water, all of a sudden we become much more aware of just how valuable it is.

I live in Florida and when a hurricane (or the threat of one) looms, bottled water is what everyone starts to stock up on. We can go without electricity for days, but not water.

The services provided by IT are the same way – if nobody has to pay for the helpdesk, or the onsite support, or the printer paper, then we all use them like they were free – which they basically are. As a CIO you’ve got a money problem. The internal customers that you serve are going to want you to do more and more for them while at the same time they are going to expect to not have to pay for any of it. Sounds like you’ve got a problem on your hands.

Flower Power

Tim Moran has taken a look at how the company 1-800-Flowers.com has dealt with this very problem. In the case of 1-800-Flowers, they had created a problem by buying other companies who came along with their own IT departments. They centralized the IT services; however, they were left with 14 separate brands and businesses.

Each of these separate businesses uses IT services; however, they didn’t have to pay for them – the IT funding came out of a central budget. This meant that everyone felt free to request as many laptops, Blackberrys, and cell phones as their little hearts desired because they were all, effectively, free to them. You can imagine the CIO headaches that this was causing – there was no financial IT alignment.

Pay To Play Saves The Day

There is a lot of talk about how CIOs need to find ways to innovate within their departments. Over at 1-800-Flowers CIO Steve Bozzo showed some innovation when he decided to solve this problem by starting to charge each of the company’s brands for the IT services that they were using.

It turns out that this isn’t really all that hard to do. There are plenty of good software programs out there that allow you to do this type of item-by-item billing using the Internet to provide online access to the bills. The real challenge is loading all of the data into the system in the first place.

There will be tricky decisions in many areas. Where servers are being used to support applications that are used by multiple departments you are going to have to find ways to divide up the expenses between all parties involved. Bozzo went about transitioning to this new way of doing business in a clever fashion.

Once the internal billing system was set up, he immediately started sending the business heads so-called “mock bills” that showed them what their IT bill would have been if the chargeback process was actually being used. This, of course, caused some shocked business executives to have some hasty discussions with IT.

The new IT billing system went “live” at the start of 1-800-Flowers new fiscal year. Having seen the mock bills and having had time to reduce their IT expenses somewhat allowed each of the business units to request the proper funding for their portion of the annual IT budget. No solution is perfect, but this approach allowed 1-800-Flowers to get a handle on their IT spending.

What This All Means For You

1-800-Flowers is now able to allocate every dollar in their IT budget to a business unit. This includes their entire infrastructure management from servers, security, voice services, to network services.

What this has allowed the company to do is to finally get true insight into just exactly where all of the money that they are spending on IT is going. Although it may not be in your CIO job description, when you become CIO providing this kind of transparency into your IT budget would be a good idea.

Once you are able to convince your firm’s senior management that you are indeed spending wisely the money that they’ve allocated to you, then they’ll be more likely to provide you with additional funding to work on those new projects that you really want to work on.

Do you think that there is any downside to providing so much insight into where the IT dollars are going?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

It turns out that a company’s #1 salesperson is their CIO. They may not go on sales calls, have an assigned quota, or even be up-to-date on the company’s latest product pricing plans, but at the end of the day the CIO is the one who drives (or drives away) the most sales.

Tags: , , , , , , , , , , , , , , , , , , , ,
Posted in finance | 2 Comments »

The Machines May Be Virtual, But The Security Problem Is Real

Monday, October 26th, 2009

Photo CreditVirtual Machines Pose Real Security Threats

Virtual Machines Pose Real Security Threats

When you become CIO, you already know that IT security is going to be one of your biggest and least rewarding challenges. If you do a great job at it, then nobody will ever know and you’ll get no credit for it. If you do a poor job, then everyone will know and you’ll get all the blame. That just goes with the CIO job.

In the future, CIOs are going to have a whole new set of security issues that come along with the popularity of virtual machines. The rules for how best to secure these boxes that really aren’t boxes have not been established yet. What can you do to make yourself ready to take on this new challenge?

Just What Is A Virtual Machine?

Before we dive in and start talking about security, let’s make sure that we’re all onboard when it comes to just exactly what a virtual machine is. Awhile back, some very smart folks (a lot of who happened to work at a company called Vmware) realized that most companies were deploying one application per server in their data centers. One for email, one for web hosting, etc.

It turns out that as servers got more powerful, this was incredibly ineffective – most of the server’s processing power was not being used. The smart people created what they called a virtual machine (or VM) – software that sat on the server between the actual server hardware and the operating system that was running on the server. You can sorta think of it as a lower level operating system

Once this VM was in place, they discovered that they could run multiple operating systems (and then of course multiple applications on top of those operating systems) on each individual server. When they did this everything was isolated – if one operating system crashed, it didn’t interfere with the other operating systems / applications running on the same box.

As you can well imagine, this has turned out to be an incredibly popular way to reduce the number of servers that have to be deployed and maintained within a data center. However, it has also opened the door to some nasty security problems…

The Problem With Virtualization Security

Oh sure, you THINK that you know how to secure a data center – lock down all of the network ports going in and out, and then take steps to make sure that you know which staff are allowed to enter and leave. Oh oh, when your servers stop being real physical boxes and start to become virtual images, now you’ve going to have a whole new set of problems to deal with.

Cameron Sturdevant has been looking into just how we can go about securing the brave new future of virtual machines and he’s uncovered ten new issues that you are going to have to be able to deal with:

  1. Moving Too Fast: since virtual machines can be set up and put into operation much quicker than a real server can, you’re going to have to set up some sort of review process in order to keep things under control.
  2. Redefine Your Boundaries: it used to be simple to be able to keep the important things inside the data center and the threats outside when everything needed a physical box. Now that things are going virtual, these boundaries are getting more murky and you will have to spend the time to redraw them.
  3. Killed By Quantity: since it’s so easy to set up a new virtual machine, you’re going to be facing an explosion of them. This means that you’re going to have to establish a policy to determine when a new virtual machine needs to be deployed and when it needs to be turned off.
  4. Moving Day Is Everyday: since virtual machines can easily move from box to box, you’re going to have to lay down the law in order to make sure that the new server has the appropriate security policies in place in order to support the applications that will be running on it.
  5. Not The Same As The Old Boss: both the tools and the policies that used to work in the world of “real” servers won’t necessarily work in the new world of virtual servers. You’re going to have to find / make new ones.
  6. Virtual Tools: in order to police your virtual machines, you are going to want your security tools to run on virtual machines also – makes sense, doesn’t it?
  7. Cutting Costs: how many CPU cycles your virtual security tools take up will be a huge deal very quickly. The rule of thumb is for them to take less than 2-3% of the CPU’s cycles.
  8. Policy Update Time: not only will you need fancy new tools, but you are also going to need to update your staff on just how one goes about securing virtual boxes. Can you say special training?
  9. Where To Focus?: the experts suggest that you spend your time securing both the virtual machine and its applications and don’t worry so much about the underlying virtual machines. The thinking is that virtual machines are by design isolated from everything else so they are more secure.
  10. Get Some Relief: look for virtual machine management tools that will allow your staff to automate the processes of configuring and deploying virtual machines as much as possible in order to minimize security slipups.

Final Thoughts

Like it or not, when you become CIO you’re going to be living in a virtual world. All of the clever security tools and policies that we’ve created in an attempt to secure the world of physical servers that we now live in are not going to work in the future.

Your challenge will be to find ways to secure the virtual data center while at the same time keeping your IT staff’s workload at a manageable level. The good news is that this can be done, the bad news is that you’re going to be in uncharted territory. Good luck future CIO…!

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

Everybody wants their IT services for free. When you become the CIO, you’ve got to find an answer to the ugly question of just who’s going to pay you for all of those fancy IT services that your department can provide.

Tags: , , , , , , , , ,
Posted in security | No Comments »

Message From The CIO: Send More Women!

Wednesday, October 21st, 2009
Photo CreditCIOs Know That IT Departments Need More Women To Be Successful

CIOs Know That IT Departments Need More Women To Be Successful

Ok all you CIOs wannabes, guess what one of your first problems is going to be once you assume control of the IT department? No, not that innovation thing. Nor will it be finding new ways to cut costs. Somewhat amazingly considering that we are living in the enlightened 21st Century — you will need to find more women.

Your gender doesn’t matter to me – when you are CIO you’re going to have the same staffing problem no matter which restroom you currently use. A bunch of researchers (LeAnne Coder, et. al.) have taken a look at the number of women working in IT and frankly, it’s not looking good (or hadn’t you noticed?). Way back in 1983 women made up 43% of the IT workforce. Since then the number of folks working in IT has doubled, but the number of women in the field has fallen to 26%. Hey CIO, you’ve got a problem!

Why Is This An Issue?

Remember that diversity thing that everyone is always harping about? When you have an IT department that is made up of primarily men, you’ve failed on the diversity front.

IT problems require creative thinking in order to be solved. This creativity stems from having IT professionals on your staff who come from different backgrounds and who have a wide range of experiences. This won’t happen nearly often enough if you just have a bunch of guys working in your department. CIOs need more women.

Where Did All Of The Women Go?

This lack of women in IT issue is not new – it’s been a problem almost since the start of the profession. However, it’s reaching a critical point now and when you become CIO you’re going to have to find a way to solve it. However, before you can do that, you’re going to have to understand why we have a problem in the first place.

It turns out that not all jobs are created equal. For that matter, not all workers have equal interests in what kind of jobs that they want to do. A clever psychological test called the Strong Interest Inventory (SII) has revealed that there are six types of job personalities out there:

  • Realistic: likes working with tools or machines in an explicit or ordered way
  • Investigative: requires creative investigation of issues
  • Artistic: ambiguous, free, non-systematic manipulation of materials to create art or products
  • Social: likes jobs that require you to lead or interact with others
  • Enterprising: wants to work with others to achieve specific business goals
  • Conventional: does explicit, ordered manipulation of data

People choose a career field that best matches their type of job personality. Guess what? Most of today’s IT workers (men) seek Realistic and Investigative types of jobs – the majority of women seem to seek all of the other types.

What Are You Going To Do In Order To Fix This Problem?

When you become CIO you are going to have to find a way to solve this understaffing of women in IT problem. Just having a more booths at job fairs or telling your HR staff to “hire more women” is not going to solve the problem.

At the heart of this problem is the simple fact that most IT jobs are not attractive to most women. This means that no matter how hard you try, you’re not going to be able to get enough qualified women candidates (unless there’s a global recession and even then they won’t stick around once things get better).

As CIO there are two things that you are going to have to do in order find a solution: advertising and redefining. The outside world has little if any understanding of just what IT professionals do – we work in a world of mystery. You’ve got to get the word out and make sure that everyone in the company knows just what an IT job consists of.

Studies have shown that the majority of women working in IT today “fell” into the profession – they were working in a different career and accidentally discovered that they had the talents and interest to work in IT. This means that by telling other working women about IT jobs, you’ve got a good chance that you’ll be able to attract them to come work for you – no more having to rely on college career fairs to attract women candidates.

Finally, you’re going to need to redefine the existing jobs in your IT department in order to make them more attractive to women. This will go a long way in attracting more of them. Adding artistic or social characteristics to an otherwise realistic / investigative IT job would open it up to a more diverse set of potential women candidates.

Final Thoughts

The lack of women in IT is not a problem that just showed up overnight and so it’s not going to go away tomorrow. However, when you become CIO this is an issue that you’re going to have to tackle.

Lifting the veil of secrecy that currently surrounds what an IT job consists of to the rest of the company is a great first step. Following this up by recasting the IT jobs in your department to include characteristics that will make them more attractive to women is the necessary next step. Not only can you solve this problem, as the CIO you must solve it.

Does anyone else in your company have a good idea just what goes on in the IT department?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

In the future, CIOs are going to have a whole new set of security issues that come along with the popularity of virtual machines. The rules for how best to secure these boxes that really aren’t boxes have not been established yet. What can you do to make yourself ready to take on this new challenge?

Tags: , , , , , , , , , , ,
Posted in staffing | 2 Comments »

Poisonous Snakes, Sharp Knives, And Angry Natives: How Much Risk Can You Handle?

Monday, October 19th, 2009
CIOs Know That Security Threats Can Strike At Any Time

CIOs Know That Security Threats Can Strike At Any Time

Ok CIO wannabe, we’re right in the middle of a global financial crisis and your IT budget has gotten slashed so much it looks like Freddie Krueger has come back and had his way with it. What are you going to do about your spending on security programs: cut ‘em, hold the line, or spend more. Whoops – that was a trick question: all of the answers will get you in trouble.

What The Other Guys Are Doing

Before making any big spending decision, any self-respecting CIO will do what all leaders do – try to find out what the other guys are doing in the hopes that you can just copy them. Well, in this case you’ll be getting mixed signals.

A survey done by Information Week magazine revealed that 19% of CIOs are cutting their security spending. On top of that, only 27% of the surveyed CIOs are planning on increasing their security budgets – that leaves roughly 50% doing the same old thing.

Its starting to look as though the final remaining sacred cow of IT budgets, spending on securing the enterprise’s IT assets, has finally fallen under the budget trimming axe. This is an excellent opportunity to learn how to be a better CIO: cut too little and the company goes under, cut too much and the company may get sued when your defenses are breached.

What’s Worse: Poisonous Snakes or Sharp Knives?

Here’s another part of your CIO quiz: when your security budget comes under fire and you know that you’re not going to be able to save the whole platoon, who do you pick to live and who do you let die? Tough call eh? That Information Week CIO survey revealed that most CIOs have decided that any security program that deals with compliance in some way, shape, or form needs to be saved.

In the end, CIOs are finally starting to realize that an effective corporate IT security policy consists of just two things:

  • Managing Risk
  • Protecting Data

Don’t Forget About The Angry Natives -
How CIOs Prioritize

If the job was easy, then anyone could be a CIO. The CIOs who get it, those who understand what effective IT security is really trying to do, know that the first thing that they have to do is to determine the company’s overall appetite for risk. If the company has an appetite for a lot of risk, then the CIO can trim the IT security budget to the bone. Otherwise, cut with care!

Successful CIOs realize that the right way to go about setting up an IT security program is to start by realizing that you can’t protect everything to the same level and so you need to identify what IT assets are the most valuable to the company. Once you know this, you need to take the next step and estimate the likelihood that those assets might be lost.

Only after you have both of these pieces of information can a CIO have the IT team start to create security programs and put systems of controls in place to protect what needs to be protected. Although compliance programs are on everyone’s minds in these tough economic times, CIOs need to keep in mind that such programs are not always in line with security best practices.

Final Thoughts

If you want to have any hope of ever being a successful CIO, you’ve got to learn to be able to make the tough calls when it comes to funding corporate IT security programs. Although putting measures in place in order to make sure that the company remains complaint with regulations is good, it’s not nearly enough.

Taking the time to properly value your corporate IT assets and identifying what kinds of risks this data faces is the critical first step that too many CIOs skip over. Take the time to do this correctly and you’ll be well positioned to deal with poisonous snakes, sharp knives, and angry natives. Now if we could just find some way to deal with those pesky rampaging elephants…

What do you think should be a CIO’s #1 security concern: remaining in compliance or dealing with the security threat that comes from outside?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

Ok all you CIOs wannabes, guess what one of your first problems is going to be once you assume control of the IT department? No, not that innovation thing. Nor will it be finding new ways to cut costs. Somewhat amazingly considering that we are living in the enlightened 21st Century — you will need to find more women

http://www.theaccidentalsuccessfulcio.com/wp-admin/

Tags: , , , , , , , , , , , ,
Posted in security | 1 Comment »

Lab Rats Invade A CIO’s World

Wednesday, October 14th, 2009
What Is A CIO To Do With An R&D Lab?

What Is A CIO To Do With An R&D Lab?

I work in the telecommunications field a lot and the gold standard of corporate R&D labs has always been Bell Labs. These guys have created amazing things that we all take for granted today: transistors, fiber optics, etc.

Since most firms have no idea about what to do with their corporate research facilities, responsibility for the labs often falls under the control of the CIO (because most firms don’t know what to do with IT either). Great. So what’s a CIO to do when he/she is responsible for a corporate R&D lab?

The Times They Are A Changing

So why did companies set up their research labs in the first place? Simple, they needed a source of innovation that they could harness in order to become more successful. Unfortunately, the Internet came along and the wheels have fallen off this truck.

In the old days (the early 90’s), researchers used social networks to exchange information and drive their research forward. No, not Facebook or Twitter – we’re talking about the early 90’s here. They used the REAL social networks that formed when researchers went to conferences or met in the lunchroom.

The arrival of the Internet has turned this world upside down. If you can connect with anyone over the Internet, then why would you even bother to have a corporate R&D lab?

It turns out that there is still a reason for corporate R&D lab, it’s just that they are going to be much smaller and the value of even having an R&D lab will go down.

CIO’s And The New Era Of R&D

Steve Lohr over at the New York Times has been talking with folks in the corporate R&D world to find out what the future of R&D Labs is going to look like.

Pull the cover off an R&D lab and you’ll discover a machine that can turn ideas into products. In the future, the ideas that a business can turn into a product (which is what a business is in business to do) won’t come from a lab, instead they will be coming from all over. Wow, what a mess.

In the future companies aren’t going to be able to afford to have the old style R&D labs. These labs were paid for by corporate profits. Once again, that dang Internet thing has come along and leveled the playing field and those corporate profits are now under pressure from everywhere. Now that they are gone, there’s no way to pay for old-style R&D.

The new way (practiced  by HP, GE, and IBM) is for CIOs to transform what a corporate R&D lab does. The new role for an R&D lab is for it to act as a communications hub between researchers who can all be located at remote locations.

The sources of new ideas can be universities, start-ups, other businesses, and even government labs. Researchers will have to start acting like human Googles and start sucking up all of the information that they need to create products that their firms can sell.

Final Thoughts

CIOs who find themselves in charge of a company’s R&D labs have a delicate challenge on their hands. No matter how successful the labs have been in the past, the past is the past and what worked then will no longer work. CIOs need to move aggressively to transform how R&D research is done.

Realizing the Internet changes everything, CIOs will have to create an R&D “hub and spoke” logical design where the corporate R&D team funnels communications between multiple parties in order to move innovation along. Ultimately, when enough information has been gathered to allow a product to be created, then a CIO will know that his / her R&D lab is doing what it needs to do.

My question to you is do you think that today’s CIOs have the skill that is need to pull this kind of R&D lab transformation off?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

Ok CIO wannabe, we’re right in the middle of a global financial crisis and your IT budget has gotten slashed so much it looks like Freddie Krueger has come back and had his way with it. What are you going to do about your spending on security programs: cut ‘em, hold the line, or spend more. Whoops – that was a trick question: all of the answers will get you in trouble…

Tags: , , , , , , , , , ,
Posted in innovation | No Comments »

« Older Entries