Posts Tagged ‘IT’

« Older Entries

Just How Good Is Your Company At That IT Stuff?

Wednesday, August 31st, 2011
Image Credit What's Your Company's IT Grade?

What's Your Company's IT Grade?

You would think that since all of these computers, networks, and software things have been around for so long that most companies would be just about even in how they make use of them, right? A recent study reveals that this is not the case: some of us are using IT to move the company forward and some of us are slipping behind because of IT. Want to know more?

It’s All About The Data

One of the primary tasks that every company assigns to their IT department is the collection and processing of data. In a survey that was conducted by McKinsey & Co. and the MIT Center for Digital Business it was revealed that CIOs are generally doing a good job on the first part of this task and not so good on the second part.

What the study revealed was that of the 330 U.S. companies that they talked to, the ones who were able to collect the data, process it, and then make use of the results showed the highest profitability and productivity. Although you would think that every company would be doing this these days, the survey showed that many companies don’t view themselves as being driven by data.

Process, Process, Process

I can see you thinking to yourself, “well that data stuff can be tricky, the CIOs should at least have the basics down pat”. Once again, you’d be wrong.

The survey showed that the areas inside the company where there have been countless case studies showing the benefits of doing a good job of applying IT such as HR, procurement, etc. would surely be taken care of. Somewhat surprisingly this is not the case. The majority of the companies that participated in the survey reported that they had done an inconsistent job of applying IT technology in these areas.

One of the reasons that this is the case may relate back to the simple fact that most companies reported that they did not have a good IT governance methodologies in place. This means that they don’t do a good job of prioritizing what IT projects get funded and implemented. I think that we can all agree on this conclusion!

Finally, one area that should be a no-brainer for IT is the implementation of best-practices. However, once again companies reported that these have not been widely adapted by most firms.

If there is any good news to be had in these findings it’s that as CIO it should be very easy for you to be viewed as being successful. There is so much basic work that still needs to be done at most companies that just by focusing on these types of projects you can cause the company to become more successful.

What All Of This Means For You

As CIO it is your job to harness the power of IT in order to move the company forward. The MIT study shows that not all of us are being successful in doing this.

Where there seem to be gaps in how CIOs are using IT solutions to help the company do more are in the areas of making use of data and processes. Just collecting the data that a company generates is a good first step; however, CIOs need to create and apply the right tools that will allow the company to process the data and use the results. Implementing best practice processes will allow the company to streamline its operations and move ahead of the competition.

The great thing about IT is that the tools of IT, the computers, networks, and software are all available to everyone. What you need to do in order to succeed as a CIO is find ways to use these tools to make your company good at IT.

- Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™

Question For You: What’s the best way for a CIO to convince your company to implement best practices?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.
P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!

What We’ll Be Talking About Next Time

Isn’t a global recession just great? For CIOs it has been: it pretty much got rid of one of their biggest headaches – having their star talent leave. Now that things are improving, a new challenge is starting to show up for CIOs: how to turn their Generation X workers into the IT leaders that the company is going to need for tomorrow…

Tags: , , , , , , , ,
Posted in IT | No Comments »

New Name For CIOs: Strategic Execution Officer

Wednesday, August 26th, 2009
CIOs Need To Learn To Manage Wild IT Projects<p>(c) - 2007</p>

CIOs Need To Learn To Manage Wild IT Projects(c) - 2007

In order to complete in a global economy that is moving faster every day, more and more firms are committing to implementing those really BIG process digitization projects. More often than not the CIO will find himself / herself in charge of not only the implementation of the new software application, but also the overall success of the project. How do you go about doing that?

What Goes Wrong With Big IT Projects

We all know the statistics – most big IT projects are not successful. However, the key question is why? It turns out that all too often the issue is not with the new process automation technology that is being implemented, but rather with the management challenge that comes along with a project like this.

The reason that managing a large transformational IT project is so hard is because the CIO also needs to be finding ways to drive the new business process changes that will be required once the new systems have been installed. It turns out that nobody likes change!

What Doesn’t Work?

It seems as though IT departments have been trying since the beginning of time to find a way to tackle this two-headed IT project beast. One approach has been to give responsibility for the success of the project to an executive governance committee. It turns out that this type of committee does an excellent job of defining the strategy for implementing the changes that will be needed, but does a lousy job of executing it.

Another approach has been to create an IT task force to implement this type of change. They generally do a good job of getting the new application up and running, but they lack the wide-ranging authority to cause other parts of the company to change how they are doing their jobs.

What Does An IT Strategic Execution Officer Do?

If the CIO is willing to step up and tackle leading both sides of a major IT process automation project, just what do they have to do? There are three fundamental tasks that they will need to deal with:

  • The implementation of the process automation application(s).
  • Making sure that the new technology gets adopted by the rest of the company.
  • Making sure that the new processes that the project has implemented start to get used by everyone.

Ultimately, the CIO will be filling the management / leadership gap that exists between coming up with the process automation plan and actually changing the company to use the project once its been implemented.

Final Thoughts

No CIO wants to take on more work – there’s not enough time in the day to get everything done as it is. However, ensuring that big IT projects get implemented correctly and that the company transforms its processes in order to use the new tool is the key to the company’s long term success.

This is a clear example of where a CIO gets to practice for his / her next job: becoming CEO. Nobody else will be as well positioned to implement cross-company changes. CIOs who can pull this off will have found a way to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

The basic job of a CIO is to ensure that a company’s IT infrastructure operates smoothly and allows the company to conduct business. On Monday, August 3, 2009, PayPal’s CIO failed at this most basic of jobs…

Tags: , , , , , , , , , , , , , , , ,
Posted in product managment | 4 Comments »

Halt – Who Goes There? CIOs Need Good Identity Management

Monday, August 24th, 2009
CIOs Need To Solve Their ID Management Crisis<p>(c) 2007</p>

CIOs Need To Solve Their ID Management Crisis(c) 2007

As though keeping all of those servers up, applications running, and end users happy seems like enough to make being CIO a full-time job, now CIOs also have to take on the role of data cop? The answer to this question is “yes”, in all honesty, they really should already be doing it. Most company’s most valuable asset, after their employees, is their corporate data. CIOs need to find a way to make sure that they know who is accessing it and why.

Just What Is Identity Management?

Identity management is how an organization controls access to its information based on an individual’s rights and responsibilities. It turns out that most IT shops have been doing a pretty poor job of this.

All too often most of us rely on our old friends Mr. Username and Mr. Password. How many dictionary based cracking events do we need to see in the movies in order to convince us that this is a very poor way to secure our data?

The right way to start to authenticate identities better is to use a second-factor authentication system such as biometrics, tokens, etc. Additionally, using single sign-on technologies can help you bring disparate systems together and save the end users from having to carry around lists of usernames/passwords.

What’s The Best Way To Do Identity Management?

The first step to creating a workable identity management solution is to establish some policies. These policies need to lay out just who is allowed to access what information. Clearly, if you’re not allowed to use some piece of information as a part of your job, then you shouldn’t have access to it.

One of the biggest pitfalls that is found in IT departments today is the existence of multiple different “silos” of data that end up creating a confusing and mixed up environment for access control. Once again, implementing a single-signon solution can solve this problem.

Final Thoughts

Taking the time to design and implement a good identity management solution is very much like buying insurance for your IT department. You hope that you don’t really need it, but you know that you probably do and it’s the grown-up thing to do.

Taking the time to solve your identity management issues once and for all will allow a CIOs to have found a way to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

More firms are committing to implementing those really BIG process digitization projects. More often than not the CIO will find himself / herself in charge of not only the implementation of the new software application, but also the overall success of the project. How do you go about doing that?

Tags: , , , , , , , , , , , , , , ,
Posted in security | No Comments »

Application Whitelisting Only Works Sometimes – CIOs Need To Know The Facts

Wednesday, August 19th, 2009
Application Whitelisting Offers CIOs Another Way To Protect Their Networks

Application Whitelisting Offers CIOs Another Way To Protect Their Networks

It’s a battle out there: hackers and organized crime groups vs. your company. Whereas you have to worry about keeping the company successful and lowering costs, all they have to worry about is finding ways to break into your network. Doesn’t seem very fair, does it? There is some good news for CIOs: application whitelisting has arrived.

What is Whitelisting?

The problem with trying to protect your company’s network is that the bad guys are always trying new and innovative things. In order to block them, you have to stay on top of what the latest attach vector is and install defenses against it throughout your network. This can be a real time waster – it’s critical to do, but it contributes nothing to the company’s bottom line.

Whitelisting applications takes a 180-degree different approach to securing your network. Instead of trying to identify and block all of the bad malware variants that are trying to get into your network, whitelisting focuses on identifying all of the applications that SHOULD be allowed to access your network.

This of course means that you need to block everything that is not whitelisted. The theory is that all that malware that shows up will find the door to your network slammed shut on them.

Whitelisting Is Not For Everyone

In some enterprise IT environments, whitelisting is the wrong way to go. In these environments, using application whitelisting can actually drive up operational costs so high that things quickly get out of hand. Ill-suited IT environments are those in which workers need to be constantly installing new and changed applications on the fly in order to complete their tasks.

Where Whitelisting Works Well

That being said, there are IT environments in which application whitelisting works very well. These environments tend to be very static with very few application changes. A great example of this is call centers.

Another example where whitelisting has worked well is in the retail sector where cash register environments are very static and only need to be updated ever six months. Some companies have discovered that they have been able to do away with anti-virus protection (and the associated cost of maintaining it) on those machines.

Final Thoughts

The fight to secure the company’s network from the forces that would do bad things to it is never-ending for CIOs. However, this is not what CIOs should be spending their time on – there is not a bottom line benefit.

Whitelisting of applications provides yet another way to secure the firm’s network by taking a novel approach to security – don’t worry about identifying the bad guys, just worry about identifying the good guys.

Whitelisting won’t work for every environment, but in certain static IT environments it can work wonders. CIOs who can identify the right IT environments in which to use application whitelisting will have found a way to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

Most company’s most valuable asset, after their employees, is their corporate data. CIOs need to find a way to make sure that they know who is accessing it and why.

Tags: , , , , , , , , , , , , ,
Posted in security | 3 Comments »

Data Protection Secrets: CIOs Know That It Starts At The Endpoint

Monday, August 17th, 2009

CIOs Know That Managing Endpoints Is The Key To Securing Company Data <br> <div xmlns:cc="http://creativecommons.org/ns#" about="http://www.flickr.com/photos/john/47544223/"><a rel="cc:attributionURL" href=
Just imagine this scenario: you’ve just been made CIO of your firm when all of a sudden one of your competitors suffers a massive data loss because of outside hackers. Your CEO storms into your brand-new office and demands to know what you are doing to secure your firm’s data. What would you say?

The Old Way Of Doing Things

Good CIOs realize that a firm’s IT infrastructure can’t just be thought of “those boxes”. Instead, an IT infrastructure consists of three layers of devices: core servers and perhaps mainframes, a set of network connectivity devices such as routers and hubs, and then endpoints – the PCs and laptops that you and I use every day.

IT Networks Consist Of 3 Separate Levels Of Equipment

IT Networks Consist Of 3 Separate Levels Of Equipment

Since there are more endpoints than any other type of equipment in most corporate networks, CIOs realize that this is where must of their company data loss efforts must be focused.

In the past, securing network endpoints often meant that all one had to do was to load up some anti-virus software on every laptop and you could check this off of your CIO to-do list. Sorry – that no longer works.

Welcome To The Real World

As we enter the brave new world of policy management, we are seeing a shift to policy-based enforcement being used to control company data that is being used on enterprise network endpoints.

Using policy-base management of endpoints allows multiple areas to be managed. These areas include:

  • Configuration
  • Patch
  • Access
  • Application
  • Anti-virus

The Case For Using Policy-Based Management of Endpoints

Let’s face it – we are all have too much to do and too little time in which to get it all done. Establishing corporate IT polices allows a set of rules to be laid down that tell everyone what is and is not permitted. When you extend these polices to cover how you manage the endpoints of the company’s network, then all of a sudden you’ve made your life that much easier.

Policies allow you to prioritize the company information that you want to protect. Once you identify this information, you’ll then be able to realize just how much of it is being stored on the endpoints!

This new understanding then allows you to set up a systems security approach to making your PCs and laptops safe. By doing this you’ll be able to ensure that your network endpoints are now secure places to house that valuable corporate data.

Final Thoughts

There’s no way that any one person in an IT department can make sure that all of your PCs and laptops are secure all the time – even if you are the CIO. Yesterday’s piecemeal approach of placing an anti-virus application on each PC and then considering the job done was a poor solution.

Using a system’s approach and establishing company policies for how management of endpoints should be done sets up a much simpler way of ensuring that all endpoints are secure. CIOs that do this will have found a way to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

It’s a battle out there: hackers and organized crime groups vs. your company. Whereas you have to worry about keeping the company successful and lowering costs, all they have to worry about is finding ways to break into your network. Doesn’t seem very fair, does it? There is some good news for CIOs: application whitelisting has arrived.

Tags: , , , , , , , , , , , , , ,
Posted in security | No Comments »

« Older Entries