Posts Tagged ‘IT’

« Older Entries
Newer Entries »

Faux Market Secrets: How CIOs Capture Innovation

Monday, July 13th, 2009
CIOs Can Use Faux Markets To Identify Innovative Ideas

CIOs Can Use Faux Markets To Identify Innovative Ideas

So picture this: you’re a CIO and you desperately want to be seen by the rest of the C-level executives as something more than a simple cost center. What to do? If only there was some way that you could tap into all of that incredible creative energy that we all know lives in the IT department.

If you could harness that energy and apply it to innovative projects, you’d be a company hero. Guess what? The power of Faux Markets is exactly what you need to do this…

What Is A Faux Market?

You know that things are getting fancy when we start using French words! A Faux Market is simply a term that refers to using simulated market forces to make a decision. Perhaps an example would show what I mean. A good case study would be GE Research.

Back in 2005 GE Research had a problem. They had too many product ideas that had been submitted and only $50,000 to spend on investigating them. Clearly they need to make some hard decisions as to which ones they would persure.

The way they picked which projects to work on was by using a faux market. They had their 85 employees spend three weeks buying and selling any one of 62 proposed projects. At the end of the three weeks, GE ended up with a  prioritized list of the top projects that its employees thought had the most value. The project that won was an machine intelligence algorithm that a researcher had proposed but which had not yet traveled through the normal management bureaucracy.

Why Use Faux Markets?

All too often IT departments have a bewildering array of possible projects, technologies, or directions that the department can choose. Sometimes senior management will huddle and make a decision, sometimes no decision gets made. Faux markets offer an alternative.

A faux market tool allows a firm to quickly sort though large numbers of projects or proposals in order to attempt find those that will provide the most bang for the buck. Firms believe that this approach offers them the best chance of finding the next blockbuster product or solution.

Not A Silver Bullet

Faux markets can be a big help; however, as with everything else they do have their drawbacks. One such drawback is the that the voting process does not provide much insight - there may be no penalty for backing a bad idea. Just because a proposal is popular does not necessarily guarantee commercial success.

Final Thoughts

Using faux market tools to quickly sort though a large stack of ideas can provide IT departments with a way to identify innovative ideas no matter where they come from. However, a group vote alone isn’t enough in most cases.

A two step process where voting is initially used to narrow a large list down into a more manageable list of less than 100 candidates is a good first step. The next step can be to use a prediction market allow employees to buy and sell the candidates in order to see which ones go up in value. This will reveal the true winning ideas and you will have found a way to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Questions For You

How do you process new idea suggestions today? Do you have employees vote on things in order to sort them out? Are these just popularity contests or do they take market factors into consideration? Do you think that faux markets could help you capture more innovative ideas? Leave me a comment and let me know what you are thinking.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

As a CIO, you’ve got some challenges facing you. You’re managing a diverse and potentially distributed work force of highly skilled and talented IT professionals. You need to find a way to keep them challenged, and yet at the same time enable them to find ways to work together. Have you considered Alternate Reality Games?

Tags: , , , , , , , , , , , , ,
Posted in business opportunity | No Comments »

Security Policies Are What CIOs Know Make Good Security Solutions

Wednesday, July 8th, 2009
CIO's Realize That A Good Security Program Requires A Good Set Of Policies

CIO's Realize That A Good Security Program Requires A Good Set Of Policies

What does it take to do a really good job of securing your company’s systems and data? Is it just a matter of picking and implementing the right software or hardware solution? Is there a consulting firm that you can pay millions to who will come in and take care of this problem once and for all? Bad news – the answer is no.

How Policies Make A Security Program Work

Securing a firm’s systems and data is a daunting task. The first step to successful doing this is to develop a risk management program that captures and describes all of the various internal and external risks that your firm is currently facing. Next comes the prioritization which allows you to determine which of these risks is most likely to affect your firm – all risks are not created equal.

Once you have prioritized the risks that your firm is facing, the CIO needs to step in and make sure that a program of actionable policies is created in order to secure your systems. All too often, this is the step that gets skipped and no matter how much technology you throw at the security problem, if you don’t have a good set of polices you’ll never be able to secure your systems.

Polices Secure Your Systems From Day-To-Day

What too many CIOs tend to forget is that the key to any company’s security program is the human element and you manage this by having a clearly understood set of policies in place. Creating the policies is a first step, making sure that everyone knows about the policies and is living them are the next steps.

Kevin Mitnick is a reformed computer hacker who tours the country talking to businesses about the importance of securing their systems. I had an opportunity to hear him talk recently and it was amazing to hear how he acquired the information that he needed to break into company computer systems.

Kevin used a technique called “social engineering“ in which he would basically call up someone and ask them for sensitive system information. No matter if the firms had a corporate security policy in effect, Kevin was basically able to get the people that he called to violate it. No, they weren’t angry with their company, they were just trying too hard to be helpful. That’s what can happen if you don’t have security policies that are well known by everyone.

Final Thoughts

Doing a risk analysis and prioritizing the results is easy for IT professionals to do. However, creating policies that need to be followed by humans and then actually convincing their coworkers to follow the policies can be a real challenge.

A CIO can ensure that security policies will be successful by publicly stating his / her support for the policies and then by following them. Everyone will know if the CIO takes the polices seriously and by showing that you do, you will have found a way to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Questions For You

Does your firm currently have security policies in-place? Have these policies been communicated to everyone? Do they understand them? How can you tell if they are following them? Are you following them? Does anyone know that you are following them? Leave me a comment and let me know what you are thinking.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

So picture this: you’re a CIO and you desperately want to be seen by the rest of the C-level executives as something more than a simple cost center. What to do? If only there was some way that you could tap into all of that incredible creative energy that we all know lives in the IT department…

Tags: , , , , , , , , , ,
Posted in security | 2 Comments »

Vulnerability Management: The CIO’s Other Job

Monday, July 6th, 2009

CIOs Will Get The Blame If They Don't Do A Good Job Of Vulnerability Management

The role of a CIO is to find ways to apply IT to enable the rest of the company to grow quicker, move faster, and do more. As part of this task a CIO needs to take steps to ensure that nothing happens that would prevent this from happening. This side of the job is not nearly as glamorous; however, it is at least as critical. What can a CIO do to ensure that

nothing bad happens

to a firm’s IT systems?

The Job Of Vulnerability Management

The first step in ensuring that a firm’s IT systems continue to allow the company to move forward is to come to terms with the real world. This means that CIOs need to acknowledge that the world can be

an ugly place

and there will always be outsiders

who want to do harm to your firm

. The person in the firm who will be most interested in what is being done to defend against attacks on IT systems will be the

CFO

. When discussing vulnerability management with the CFO, the CIO needs to explain that at its heart it’s really just the principles involved in

risk management

combined with

practical logic

and an understanding of

business value

for the firm.

How To Do Vulnerability Management

Although a CIO won’t actually perform the process of Vulnerability Management, he /she is responsible for ensuring that the program is

set up correctly

. This means that the three key components of a Vulnerability Management program need to be put in place:

  • Data Collection Needs To Be Integrated: Attacks on your IT systems rarely show up all at once. Instead, there is a sequence of minor events that occur as your defenses are probed looking for weaknesses. Having all of your data on system configurations, patch status, and access management polices in one place is a critical part of providing you with the ability to identify issues and respond proactively.
  • Prioritize Based On Business Value: Look, we are all busy and have too little time and budget to begin with. If you understand the value of each IT system, then you can allocate resources appropriately. Not all events require a full blown response – low value systems can be monitored further. Defenses for such can be augmented on your schedule as opposed to on an emergency schedule.
  • Improve, Improve, Improve: Vulnerability management is not something that can be done once and then forgotten about. The world is constantly changing and your program will need to be constantly being refined to adapt to new threats.

Final Thoughts

A CIO can do a great job of empowering the rest of the company to accomplish wonderful things; however, if the firm’s IT systems are compromised then all of the good that he/she has done will be

forgotten in a flash

. A well executed vulnerability management program provides a way to defend the firm against a cruel world. CIOs who follow the three steps that we’ve discussed will have

found a way

to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Questions For You

Does your firm currently have a vulnerability management program? Have you taken the time to assign a business value to each of your IT assets or does everything have the same value? Do you constantly refine your vulnerability management program based on changes in you IT systems and the direction of your business? Leave me a comment and let me know what you are thinking.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

What does it take to do a really good job of securing your company’s systems and data? Is it just a matter of picking and implementing the right software or hardware solution? Is there a consulting firm that you can pay millions to who will come in and take care of this problem once and for all? Bad news – the answer is no

Tags: , , , , , , ,
Posted in security | 2 Comments »

Protecting Company Data Is How CIOs Can Make Friends With CFOs

Wednesday, July 1st, 2009

Securing A Company's Data Provides CIOs With An Opportunity To Work With The CFOData Security. There I said it. It sorta lays there like a big lump of coal and everyone in the company stands around looking at it wondering who’s responsibility it is to do something about it. Nobody, including CIOs really wants to touch it for one very simple reason: it’s a losing proposition.

How To Make Friends With Your CFO

Data security, despite being big, heavy, and ugly, always seems to end up in the CIOs lap. Since you really can’t do anything to prevent this, it sure looks like this is  a great opportunity to try to turn a liability into an asset. Ericka Chickowski over at Baseline magazine has taken a look at this issue and come up with some interesting ways to help CIOs work more closely with CFOs. It all starts with compliance. Now compliance is just about as exciting as security; however, firms are willing to spend the big bucks on making sure that they are compliant because they know that there are potentially some big financial penalties if they don’t. It is the clever CIO that sits down with his / her CFO and explains that the company’s data security program can be thought of as an extension of its compliance program. What this means is that you don’t really need a separate program and your costs should be much lower. What CFO wouldn’t be interested in hearing that?

Get Your Priorities In Order

One of the things that the CIO can learn from the compliance side of the house is that a critical first step is to make sure that you prioritize the company data that you are going to be protecting. All data is not created equal! What’s interesting here is that the importance of any single piece of information is based on two things: its value to the company and its role in keeping the company compliant. If your firm was a hospital, then clearly an electronic patient record would fall into the “top priority” bucket .

Act On Your Priorities – Not Necessarily Your Compliance

The level of protection that the IT department needs to surround a given piece of information with will depend on the result of this prioritization. I hope that you realize that this is just a fancy way of saying that there is some company data that you DON’T have to protect (or at least not very much). Just about now you’d expect me to say that you should always go all out to protect ALL of your company data that is involved in a compliance program. But I’m not going to do that. Chickowski points out that not all regulations are created equal. In fact,  some have fairly weak “teeth”. These are all things that the CIO and the CFO need to understand as they create a data protection plan / compliance program for the company. Spend those limited budget bucks to make sure that the important data is secure and then do what you can for the rest

Final Thoughts

Within the company, the CFO ALWAYS wields more power than the CIO – money talks. Folding a company’s data security program into its compliance program is a great way for a CIO to work closely with the CFO and end up saving the firm money (always a good thing) and ensuring that it is both compliant and its data is secure. In addition to providing a CIO with a reason to talk to the CFO that doesn’t involve begging for more money, an agreement about securing the company’s data can allow CIOs to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Questions For You

Does your company have separate compliance and data security programs? Does your CIO talk with the CFO about how best to secure the firm’s data? Do you prioritize your data or is it all treated as being at the same level of importance? Leave me a comment and let me know what you are thinking. Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

The role of a CIO is to find ways to apply IT to enable the rest of the company to grow quicker, move faster, and do more. As part of this task a CIO needs to take steps to ensure that nothing happens that would prevent this from happening. This side of the job is not nearly as glamorous; however, it is at least as critical. What can a CIO do to ensure that nothing bad happens to a firm’s IT systems?

Tags: , , , , , , , , , , ,
Posted in security | 1 Comment »

Satyam Scandal: CIOs Need To Talk With Their CFOs

Monday, June 29th, 2009
Fraud At Satyam Means That How CIOs Do Outsourcing Needs To Be Rethought

Fraud At Satyam Means That How CIOs Do Outsourcing Needs To Be Rethought

Didn’t we solve that whole outsourcing thing years ago? Specifically aren’t the IT and the Finance departments on the same page when it comes to not only IF we should outsource some of the IT work, but also HOW it should be outsourced? If this is true, than what does the Satyam scandal mean for your IT / Finance relationship?

The Satyam Scandal

Just in case there is anyone out there who doesn’t know what happened at Satyam, perhaps a quick review is in order. Satyam Computer Services is based in India, has a work force of 53,000 and operations in 66 countries. They were very successful and served more than a third of the U.S. Fortune 500 companies.

Back in January the then CEO of Satyam, Ramalinga Raju, revealed that he and his CFO had been conducting a massive fraud – they significantly inflated its earnings and assets for years. Basically they were losing money hand over foot. In January they revealed that 50.4 billion rupees, or $1.04 billion, of the 53.6 billion rupees in cash and bank loans the company listed as assets for its second quarter, which ended in September, were nonexistent. Poof!

Impact Of The Fraud

What this means for firms that do outsourcing business with Satyam is that the firm might fold any day (perhaps you are one of these firms!). All of a sudden, outsourcing contracts that had appeared to be solid now seem to be not so solid. Most firms that outsource their work don’t necessarily have a good contingency plan for what to do if their outsourcing partner is suddenly unable to perform the work.

What Needs To Be Done

The Satyma scandal should serve as a wake-up call to CIOs everywhere. Oursourcing can never be done the same as it’s been done in the past. Here’s what needs to change:

  • Finance Needs To Play A Role: the IT department is responsible for making sure that the outsourcing company has the needed technical skills, but the Finance department needs to play a bigger role to make sure that the outsourcing firm can stay in business over time.
  • More Baskets For Your Eggs: it’s time to start to diversify your outsourcing activities in order to lower your risk profile. Detailed technical work needs to be moved around every so often so that not just one vendor knows how to do the work.
  • Update Your Contracts: create shorter contracts that are more flexible. Make sure that you are not tied to a given outsourcer for too long just in case things start to go wrong – you might want to move your work to another outsourcer quickly.

Final Thoughts

India has now had their version of Enron / Worldcom. Hopefully it will serve as a wakeup call for all CIOs who outsource their work that greater due diligence needs to be done even as the world continues to move faster. By working more closely with Finance, CIOs can apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Questions For You

When you selected an outsourcer, did you do a detailed financial due diligence on them? Was your finance department involved? Has your finance department remained involved in evaluating the health of your outsourcer(s)? Do you have a contingency plan in place that you could us if your outsourcer went out of business? Leave me a comment and let me know what you are thinking.

Click here to get automatic updates when
The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

Data Security. There I said it. It sorta lays there like a big lump of coal and everyone in the company stands around looking at it wondering who’s responsibility it is to do something about it.

Nobody, including CIOs really wants to touch it for one very simple reason: it’s a losing proposition

Tags: , , , , , , , , , , , , ,
Posted in outsource | No Comments »

« Older Entries
Newer Entries »