Posts Tagged ‘IT project’

« Older Entries

It Turns Out That Top-Down Decisions Are What CIOs Need To Make

Wednesday, February 24th, 2010
Image Credit
To Get An IT Project Done On Time, The CIO Needs To Make Some Decisions

To Get An IT Project Done On Time, The CIO Needs To Make Some Decisions

What’s Wrong With The Way That We Schedule IT Projects?

At the end of the day, an IT department is simply a collection of projects. Some of these projects are short lived (“we’ve got an outage!”) and some are much longer (“let’s install a new ERP solution”). However, it turns out that today’s CIOs have been taking the wrong approach when it comes to scheduling these IT projects and it shows.

All too often once the decision has been made to fund a project, the CIO takes a hands off approach until the project has been completed. What this means in practical terms is that the planning for the project is done by the project team itself. This is where things start to go off-track from the very beginning.

Put yourself for a moment in the shoes of the poor IT planner who has just been handed a large IT project. Sure, you’re excited about the opportunity to manage so much responsibility; however, you also realize that not delivering the project when you say that you will can sink your career. What will you do?

Simple – it’s called “sandbagging” . What you will most likely do will be to add extra time to the project so that when things start to slip, the end date for the project won’t be impacted. Shucks, if you can get away with it you’ll add a lot of extra time to the project so that you just might be able to deliver it early and get the admiration of your bosses for being such a good project manager.

Take this situation and then consider what happens when what the project manger is working on is just one part of a bigger project. Additional time will be added to each of piece of the project and eventually the “time padding” will grow so large that you may have doubled or even tripled the real time that the project is expected to take.

The Power Of Top-Down Planning

The way to solve this is for the CIO to step in and supply some top-down planning. This is where the CIO sets the dates for the project and hands these dates to the project team. Jay Bahel reports that a recent study of 75 large IT projects revealed that the ones that were the most successful were the ones that had their milestone dates set in a top-down fashion by the senior IT leadership.

Why does this type of heavy-handed approach to setting IT project dates work so well? It’s actually pretty simple. By establishing the dates by which work needs to be completed, the CIO is sending a very clear message to the IT team – this is your goal, make it happen. This sets up a sense of urgency within the team and it can go a long way in preventing those internal conflicts that always seem to arise as a team tries to set dates for a project.

The Role Of The Core Team

Yes, yes – I know that things will be different when you become CIO. However, let’s assume for just a moment that even you won’t be able to spend all of your waking hours lording over any single IT project. What can be done to keep things on track and moving towards the milestones that you have laid down?

Creating a so-called “core team” that keeps a watchful eye on an IT project can be a great help in ensuring that the project stays on track. It’s important that this team not be too large – 4-6 senior management leaders should do the trick. The role of this team will be to bring the interests of both IT and the rest of the business to the table in order to manage the project.

The core team is ultimately responsible for making sure that the CIO’s project milestones are met. In order to do this they will have to resolve the conflicts that arise during the project as well as ensuring that the project team is able to interface with the rest of the business in order to complete project tasks.

What All Of This Means For You

Moving to a top-down project planning process will require changes to be made in your IT department. Expect some bruised feelings especially from the project managers – they’ll feel like you are taking some of their power away from them.

Picking the members of the core team that will be watching over the IT project is not something to be done lightly. Not only do they need to bring solid set of skills to the table, but they also need to be able to get along with each other.

Once again, it becomes clear that a CIOs job is not necessarily to actually do things, but rather to make things happen. When it comes to IT projects, the CIO needs to show the rest of the IT department the way by setting timelines and milestones in a top-down fashion…

Do you think that top-down IT planning would help your IT department’s projects to be more successful?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

I believe that one of the reasons that it is so hard for a CIO to get the IT department to align with the rest of the business is that finding the correct opportunities where alignment is possible can be a big challenge. Well I’ve got some good news for you: it looks like such an opportunity is getting ready to show up and it’s called XBRL…

Tags: , , , , , , , , , ,
Posted in IT project | 2 Comments »

It Takes A Strategic Execution Officer To Get Anything Done Around Here

Monday, November 30th, 2009
Image Credit CIOs Have Yet Another Hat To Wear: Mr. Make-Sure-The-Project-Is-A-Success

CIOs Have Yet Another Hat To Wear: Mr. Make-Sure-The-Project-Is-A-Success

We all dream of the day that we will get the nod to become CIO — finally we will have arrived. Or will we have? Take just a moment and think about all of those major projects that you’ve see during your career that started out with a bang and ended up failing and going away with a whimper. When you are CIO, things are going be different and that’s because you won’t just be the CIO, you’ll also be the company’s Strategic Execution Officer.

What Have I Signed Up For?

Business processes are like pit-bulls: they really don’t like change and if you try to change them, they are probably going to bit you really, really hard. This is one of the reasons that so many major company initiatives fail — nobody really wants to go to the effort to change.

What’s been missing for far too long has been a Strategic Execution Officer and since so many of today’s major projects involve the IT side of the house, who better to assume this role than the CIO?

In your future role as your company’s CIO / Strategic Execution Officer you will not only be responsible for making sure that the new IT systems go in on time, but also that the company’s processes and the behaviors of the staff are changed so that the new way of doing business actually gets implemented.

Sound challenging? It does to me. That’s why we need to reach out to researchers Dr. Jeanne Ross and Dr. Peter Weill who have taken the time to look into what four things a Strategic Execution Officer needs to do. Let’s see what they recommend.

Create & Manage IT Systems Used For Strategic Initiatives

A CIO will tend to look at a given project and search for ways to get it successfully implemented. A Strategic Execution Officer realizes that in order for the company to be successful, the core processes that allow the company to operate smoothly and efficiently need to be digitized.

This means not just one IT project, but potentially several need to be done in such a way that they support the company as it is today and as it will be tomorrow. Key components of this type of solution include a single well-managed database, a standardized development system that allows the creation of different applications to easily talk to each other, and a solid communications network so that workers can access the data and applications that they need from just about anywhere.

Become A Leader In How The Company Does IT Governance

The CIO / Strategic Execution Officer is the one person in the company who is best situated to see it all. This means that you are going to have to take an active role in the company’s IT governance process.

You are going to have to be able to make some hard calls when it comes to identifying what the company’s IT priorities are. On top of this, you will have to be able to communicate to others in the firm what the different trade-offs are to each decision.

Make Business Units Actually Use Digitized Business Processes

Time to play Mr. Tough-Guy here. As Strategic Execution Officer you are going to have to show up and make each of the company’s business units start to use the new digitized business processes once the implementation is done. This is not going to be easy to do.

We all know how this plays out: a project goes in and then half of the company finds a way to get their jobs done without using the new system because they don’t want to be bothered to learn how the new system works. You must not allow this to happen. If you have to take away the systems that are allowing them to work around the new system, then so be it.

Create Both Structures And Initiatives That Make The Company Change

Making the entire IT organization ultimately report to the Strategic Execution Officer solves the problem of how to motive the IT staff to follow through on a company-wide change. In firms that have multiple CIOs, this is one way to quickly solve a lot of common structural problems.

Getting the business unit leaders to sign up and agree to use the results of a multi-year IT project can be tricky. Identifying and removing real and perceived obstacles is one way to go about doing this. Another is taking the time to talk with each business unit leader in order to make sure that they understand why the change is happening and how they will benefit from it.

What All Of This Means For You

Becoming the CIO of your firm will be a major accomplishment in your IT career. However, far too many of us have become CIOs only to eventually fail at implementing some major company-wide project.

The reason that so many of these projects fail is because the company lacked a Strategic Execution Officer to see the project through from start to finish. This is a role that you are going to have to be willing to step up and play.

As the Strategic Execution Officer you will be responsible for coordinating projects that span the entire company. Your ability to be successful at doing this won’t rest so much on your technical skills as they will rest on you ability to motivate the business unit heads to participate in both the project and its final results. Good luck!

What will a Strategic Execution Officer’s biggest challenge be at your company?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

Just imagine the day that you become CIO: you’ll be able to shed all of those past associations and friendships that have gotten you to this exalted position and finally you’ll be able to focus on what really matters: forging strong links with your company’s senior management. Well, sure, if you don’t really need to get anything done…

Tags: , , , , , ,
Posted in strategy | No Comments »

Application Whitelisting Only Works Sometimes – CIOs Need To Know The Facts

Wednesday, August 19th, 2009
Application Whitelisting Offers CIOs Another Way To Protect Their Networks

Application Whitelisting Offers CIOs Another Way To Protect Their Networks

It’s a battle out there: hackers and organized crime groups vs. your company. Whereas you have to worry about keeping the company successful and lowering costs, all they have to worry about is finding ways to break into your network. Doesn’t seem very fair, does it? There is some good news for CIOs: application whitelisting has arrived.

What is Whitelisting?

The problem with trying to protect your company’s network is that the bad guys are always trying new and innovative things. In order to block them, you have to stay on top of what the latest attach vector is and install defenses against it throughout your network. This can be a real time waster – it’s critical to do, but it contributes nothing to the company’s bottom line.

Whitelisting applications takes a 180-degree different approach to securing your network. Instead of trying to identify and block all of the bad malware variants that are trying to get into your network, whitelisting focuses on identifying all of the applications that SHOULD be allowed to access your network.

This of course means that you need to block everything that is not whitelisted. The theory is that all that malware that shows up will find the door to your network slammed shut on them.

Whitelisting Is Not For Everyone

In some enterprise IT environments, whitelisting is the wrong way to go. In these environments, using application whitelisting can actually drive up operational costs so high that things quickly get out of hand. Ill-suited IT environments are those in which workers need to be constantly installing new and changed applications on the fly in order to complete their tasks.

Where Whitelisting Works Well

That being said, there are IT environments in which application whitelisting works very well. These environments tend to be very static with very few application changes. A great example of this is call centers.

Another example where whitelisting has worked well is in the retail sector where cash register environments are very static and only need to be updated ever six months. Some companies have discovered that they have been able to do away with anti-virus protection (and the associated cost of maintaining it) on those machines.

Final Thoughts

The fight to secure the company’s network from the forces that would do bad things to it is never-ending for CIOs. However, this is not what CIOs should be spending their time on – there is not a bottom line benefit.

Whitelisting of applications provides yet another way to secure the firm’s network by taking a novel approach to security – don’t worry about identifying the bad guys, just worry about identifying the good guys.

Whitelisting won’t work for every environment, but in certain static IT environments it can work wonders. CIOs who can identify the right IT environments in which to use application whitelisting will have found a way to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

Most company’s most valuable asset, after their employees, is their corporate data. CIOs need to find a way to make sure that they know who is accessing it and why.

Tags: , , , , , , , , , , , , ,
Posted in security | 3 Comments »

Data Protection Secrets: CIOs Know That It Starts At The Endpoint

Monday, August 17th, 2009

CIOs Know That Managing Endpoints Is The Key To Securing Company Data <br> <div xmlns:cc="http://creativecommons.org/ns#" about="http://www.flickr.com/photos/john/47544223/"><a rel="cc:attributionURL" href=
Just imagine this scenario: you’ve just been made CIO of your firm when all of a sudden one of your competitors suffers a massive data loss because of outside hackers. Your CEO storms into your brand-new office and demands to know what you are doing to secure your firm’s data. What would you say?

The Old Way Of Doing Things

Good CIOs realize that a firm’s IT infrastructure can’t just be thought of “those boxes”. Instead, an IT infrastructure consists of three layers of devices: core servers and perhaps mainframes, a set of network connectivity devices such as routers and hubs, and then endpoints – the PCs and laptops that you and I use every day.

IT Networks Consist Of 3 Separate Levels Of Equipment

IT Networks Consist Of 3 Separate Levels Of Equipment

Since there are more endpoints than any other type of equipment in most corporate networks, CIOs realize that this is where must of their company data loss efforts must be focused.

In the past, securing network endpoints often meant that all one had to do was to load up some anti-virus software on every laptop and you could check this off of your CIO to-do list. Sorry – that no longer works.

Welcome To The Real World

As we enter the brave new world of policy management, we are seeing a shift to policy-based enforcement being used to control company data that is being used on enterprise network endpoints.

Using policy-base management of endpoints allows multiple areas to be managed. These areas include:

  • Configuration
  • Patch
  • Access
  • Application
  • Anti-virus

The Case For Using Policy-Based Management of Endpoints

Let’s face it – we are all have too much to do and too little time in which to get it all done. Establishing corporate IT polices allows a set of rules to be laid down that tell everyone what is and is not permitted. When you extend these polices to cover how you manage the endpoints of the company’s network, then all of a sudden you’ve made your life that much easier.

Policies allow you to prioritize the company information that you want to protect. Once you identify this information, you’ll then be able to realize just how much of it is being stored on the endpoints!

This new understanding then allows you to set up a systems security approach to making your PCs and laptops safe. By doing this you’ll be able to ensure that your network endpoints are now secure places to house that valuable corporate data.

Final Thoughts

There’s no way that any one person in an IT department can make sure that all of your PCs and laptops are secure all the time – even if you are the CIO. Yesterday’s piecemeal approach of placing an anti-virus application on each PC and then considering the job done was a poor solution.

Using a system’s approach and establishing company policies for how management of endpoints should be done sets up a much simpler way of ensuring that all endpoints are secure. CIOs that do this will have found a way to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

It’s a battle out there: hackers and organized crime groups vs. your company. Whereas you have to worry about keeping the company successful and lowering costs, all they have to worry about is finding ways to break into your network. Doesn’t seem very fair, does it? There is some good news for CIOs: application whitelisting has arrived.

Tags: , , , , , , , , , , , , , ,
Posted in security | No Comments »

Security Policies Are What CIOs Know Make Good Security Solutions

Wednesday, July 8th, 2009
CIO's Realize That A Good Security Program Requires A Good Set Of Policies

CIO's Realize That A Good Security Program Requires A Good Set Of Policies

What does it take to do a really good job of securing your company’s systems and data? Is it just a matter of picking and implementing the right software or hardware solution? Is there a consulting firm that you can pay millions to who will come in and take care of this problem once and for all? Bad news – the answer is no.

How Policies Make A Security Program Work

Securing a firm’s systems and data is a daunting task. The first step to successful doing this is to develop a risk management program that captures and describes all of the various internal and external risks that your firm is currently facing. Next comes the prioritization which allows you to determine which of these risks is most likely to affect your firm – all risks are not created equal.

Once you have prioritized the risks that your firm is facing, the CIO needs to step in and make sure that a program of actionable policies is created in order to secure your systems. All too often, this is the step that gets skipped and no matter how much technology you throw at the security problem, if you don’t have a good set of polices you’ll never be able to secure your systems.

Polices Secure Your Systems From Day-To-Day

What too many CIOs tend to forget is that the key to any company’s security program is the human element and you manage this by having a clearly understood set of policies in place. Creating the policies is a first step, making sure that everyone knows about the policies and is living them are the next steps.

Kevin Mitnick is a reformed computer hacker who tours the country talking to businesses about the importance of securing their systems. I had an opportunity to hear him talk recently and it was amazing to hear how he acquired the information that he needed to break into company computer systems.

Kevin used a technique called “social engineering“ in which he would basically call up someone and ask them for sensitive system information. No matter if the firms had a corporate security policy in effect, Kevin was basically able to get the people that he called to violate it. No, they weren’t angry with their company, they were just trying too hard to be helpful. That’s what can happen if you don’t have security policies that are well known by everyone.

Final Thoughts

Doing a risk analysis and prioritizing the results is easy for IT professionals to do. However, creating policies that need to be followed by humans and then actually convincing their coworkers to follow the policies can be a real challenge.

A CIO can ensure that security policies will be successful by publicly stating his / her support for the policies and then by following them. Everyone will know if the CIO takes the polices seriously and by showing that you do, you will have found a way to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Questions For You

Does your firm currently have security policies in-place? Have these policies been communicated to everyone? Do they understand them? How can you tell if they are following them? Are you following them? Does anyone know that you are following them? Leave me a comment and let me know what you are thinking.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

So picture this: you’re a CIO and you desperately want to be seen by the rest of the C-level executives as something more than a simple cost center. What to do? If only there was some way that you could tap into all of that incredible creative energy that we all know lives in the IT department…

Tags: , , , , , , , , , ,
Posted in security | 1 Comment »

« Older Entries