Posted on

Innovate in the Cloud

inspiration from the clouds
inspiration from the clouds

One of the hallmarks of the digital world is the ability to innovate. People can convert a good idea into a saleable product with much less investment than 10 years ago. There are all sorts of digital tools being made available in the cloud either for free, or very inexpensively, in every area from knitting to customer relationship management.

Our new generation of digitally enabled workers, see the opportunities from these tools and want to apply them in the business context. Individuals with a passion to improve the quality and quantity of their work will put in the extra discretionary effort to utilize cloud solutions in the workplace. Unfortunately if they ask the IT Department how they can do this, the answer is often “NO!”

In my CIO roles, I was constantly challenged with finding ways to enable these digital evangelists to innovate. Unfortunately we really did not understand the information that might be shared using these tools. It could be as benign as a list of building defects, or as sensitive as the plans for a military base. There are real risks from putting unknown information in the cloud with minimal opportunities for contractual redress if it is shared or stolen.

So how can an IT Department enable cloud innovation and manage the risks? I have a few suggestions:

1. Categorize information. Make sure that the organization has a single categorization of sensitivity (e.g. unclassified, restricted, confidential, and secret). The ideal way to implement this is through an enterprise content management system, but make sure you get an intuitive system that your Grandmother would be comfortable with.

2. Educate the managers. Most managers deal with business risks on a day to day basis. If they are informed of the risks inherent with the cloud, they should be able to balance that against business value, and assume accountability. This is not about frightening managers with worst case scenarios but about realistically assessing and documenting the risk in the enterprise risk framework.

3. Simple business cases. Staff who want to trial cloud based solutions should be encouraged to document the outcomes that they hope to achieve. They should undertake a post implementation review and evaluate whether solution should be maintained, scaled up or discontinued.

The paradigm required to successfully innovate in the cloud is a co-operative relationship between stakeholders. Businesses are using technology to evolve outside the purview of IT, and this isn’t going to stop. There will always be information and systems that require the robust processes of an IT Department. Where this overhead is not justified, the business should be given every opportunity to hop on the digital bus through easily accessible cloud solutions.

Does anyone out there think they have control over innovation in the cloud?

Posted on

Awesome Bill

Bill Gates on Q & A
go Bill

I watched with great fascination the visit of Bill Gates to Australia this week. His session on Q&A was excellent with great questions from a diverse audience. He was also good at the Press Club lunch, although the questions from the press were decidedly average (proving that no journalist can go a lunch and desist from drinking a full bottle of wine).

Bill was spot on the money with his message – that properly targeted resources can make a real difference to the tough problems in the world. He showed us the outcomes, highlighting the reduction in infant mortality as a key indicator of success. He also highlighted the influence that the Bill and Melinda Gates foundation has had in driving towards that success.

This set me to thinking why a “software geek” should be so effective when countless billions of aid money from other sources has done less. I think there are a few imperatives that he has learned as a CEO of Microsoft that stand him in good stead for the task:

1. Outcome driven. There was very clear purpose in the work that Bill presented. The purpose could be expressed simply (eradicate Polio) and no matter how complex the issues, all initiatives could be measured against this target.

2. Information Technology. Bill knows that IT is really about the information and not the technology. You have to gather good information, work out what the problem / opportunity is, postulate a solution, implement and measure, react to the outcomes with new programs or improvements to existing programs. Technology allows you to do this at scale, but information and analysis point you in the right direction.

3. Governance. Bill understands how powerful a force governance is. As the world’s richest man, he must be tempted to decide unilaterally, but evidently that is not his style. His position on GM foods was telling – don’t stop the science, but put in place governance structures for countries to decide whether the risk outweighs the benefit.

I contrast this with my experience as CIO for the International Red Cross. I was besieged by donors wanting to put technology in the hands of the poor. The purpose was to provide wings so the poor could fly! I would emphasise that technology costs resources to operate and unless the value proposition is clear it withers (as happened to innumerable high tech aid projects). Where resources are needed is in the systems and data that can be used to improve livelihoods.

Well done Bill for squeezing $80M from Julia for his cause celeb, and well done for inspiring us to keep trying to make the world a better place. I have just one request – please don’t die before you eradicate polio!

Posted on

How much should we spend on IT?

Budget evolution
Budget evolution

Times are tough, as everyone playing in the consulting game would know. The March quarter Westpac pulse survey shows business is generally getting more optimistic, but this has not translated into increased sales and revenue. Organizations have streamlined and cut back on costs over the last 3 years and the IT department has participated generously in this (with another 10% cut in overall expenditure last year).

Is it still reasonable for executives to ask whether there are further cost savings available? The answer is of course yes and no. To illustrate I have taken a graph published by MIT’s CISR – a fantastic resource for IT research. The graph represents the IT spend graphed against technology maturity. In this case they measure maturity in the effectiveness of an enterprise architecture.

The baseline is 100% for an IT Department in an immature organization. This is typified by different services being offered to different parts of the business and dispersed infrastructure. If you are in this position you are definitely spending too much on IT.

A solid effort on standardizing hardware and software, consolidating infrastructure and improving procurement will deliver a 15% saving. The next 10% comes from standardizing and simplifying business processes onto core enterprise systems.

The surprising outcome is where businesses go next. Once the IT monster has been tamed inside the IT department and the business, organizations become more comfortable about investing in IT. They actually increase their IT spend as it delivers real business value and the IT budget ends up 20% higher than when they started.

So where do you think your organization is on the maturity curve?

Posted on

Don’t get comfortable, the internet of things is coming

Flat out
Flat out

The role of a chief information officer in a large company has its challenges. They have to intermediate between the messy world of business and the even messier world of IT. Their focus is on the risks, costs and opportunities of today and they have few resources to prepare for the future.

I would argue that the next big challenge in IT is something that most CIOs are not ready for. This is the integration of information technology (IT) with operational technology (OT). It is a question of how we manage the internet of things – devices communicating over the internet without human interaction.

To give a personal example, as CIO I supported the operation of a newly purchased ore crushing machine (OT) at a remote mine site. The machine needed to run optimization software that was hosted on the vendor’s computers. This meant connecting the machine through our corporate network (IT) to the vendor. The vendor had no security accreditation and did not offer the security tools that we insisted on from our regular IT suppliers.

The machine had been purchased and the investment in a second communications link was substantial. In the end we accepted an increased security risk, given the costs of mitigation.

There are 3 big challenges with the internet of things:

  1. Security. As soon as we connect devices to the internet, there is massively increased opportunity for malicious attack. Hackers from anywhere in the world may obtain access, as highlighted by Mandiant. Many suppliers of OT do not have the resources to invest in properly secured systems.It is just a matter of time before serious mechanical or safety incidents occur. The Stuxnet virus destroyed hardware used to enrich uranium in Iran, but also infected over 200 Australian based devices. The Australian Government Computer Emergency Response Team found that 35% of attacks were non-targeted and indiscriminate.
  2. Integration. As the complexity of internet of things devices increases, so does the ability to store and utilize data. This data needs to be exchanged efficiently with corporate IT systems, however there are few standards.One example I came across recently was from an engraving firm. They had a web site through which customers could place their orders. To get the details into the connected engraving machine required them to rekey all the data, leading to errors and wasted time.
  3. Purchasing. The people buying OT hardware and software have a focus on the performance of the system. They are often less expert at understanding the license conditions and costs of ongoing support. It is not uncommon to see the same corporate license purchased more than once in an organization.

Some organizations are taking the bull by the horns. At the Australian Broadcasting Corporation, they have put the engineering services for recording and digital editing under the CIO. The critical infrastructure providers such as the utilities and airports have invested in professional approaches to OT. For many however, this is another problem just waiting to happen.

Do you have any plans for the internet of things?

Posted on

Is technology too expensive?

Leap of faith
Leap of faith

Successful business leaders ensure that the scarce resources available to them are best used. They focus on all aspects of spending and ask is it absolutely necessary? Is there a cheaper way of doing this? Can we squeeze out more for the same cost?

Given the challenges of the last few years, most of the low hanging fruit has already been harvested. The competitive pressure has not come off and CEOs are looking to balance an increased demand for services with a reduced ability to attract income. There are 3 main options to achieve this:

1. Transformational change. Radically changing the operating model through acquisition, amalgamation or strategic repositioning is an option. James Carlopio from the World Future Society suggests that these efforts fail 50-80% of the time.

2. Intermediation. This is where the relationships between suppliers and consumers is modified and may be as simple as consolidating suppliers to achieve discounts. This strategy can sometimes be affected with little of the risk associated with business change.

3. Incremental. Typically this involves turning the handle on business processes to make them more effective, reducing cost and improving quality. Technology is likely to be a core component and the biggest risks are around organizational change.

As a CIO I have been involved in a number of successful incremental change projects. One example was the introduction of a logistics management application in a large not for profit organization.

The new application had many technology challenges causing delays and frustration amongst the users. The business processes were standardized and simplified, which made some users feel disempowered. Fortunately there was a clear vision from senior management on what they wanted to achieve. The turning point came when a major disaster struck, requiring a highly complex logistics operation.

The simplified processes improved productivity of staff who were working 18 hours per day. The on line nature of the application meant that geographically dispersed stakeholders collaborated effectively. The biggest impact came from being able to analyse the supply chain and optimize ordering, reducing delivery time by a factor of 6 and costs by 80%.

Of course for every success story, there are litanies of disasters where IT investments have soaked up huge amounts of money. I have a few tips for making sure that you get value if you are investing scarce resources:

1. Create a business case. This clearly states the expectations behind business drivers, strategic outcomes, options, scope, benefits, costs, risks and timeframe. If the costs and risks outweigh the benefits, cancel the initiative early.

2. Assign accountability. You need to have individuals who are fully accountable for the business case and in particular the delivery of business benefits. The expectations should be clearly stated in the individual’s personal performance objectives

3. Excellence in delivery. Running IT projects is risky. The concensus from a number of surveys on IT projects is that just 1 in 5 are fully successful. A solid project methodology, experienced project managers and executive support focused on delivering the promised benefits will increase your chance of success

4. Connect initiatives. Running a series of disconnected IT initiatives will lead to lower agility and higher costs in the long run. Plan your IT like you would plan a city to make sure that your roads connect and you don’t build an abattoir in a residential area.

How confident are you about investing in organizational change?

Posted on

Excuse me CEO, just one question please?

It's tough at the top
It’s tough at the top

Gartner runs a CEO survey every year and in his blog, Mark Raskino asked what questions we should be asking in these surveys. The focus is on how the CEO sees the current state of IT and how it needs to change to support the business.

In my time as CIO, I have often wanted to ask my CEO that killer question that reframes his view of IT. I am not sure that I ever quite succeeded, but the accelerating pace of change driven by technology is probably making some CEOs nervous. Time to hit them with the big one ….

But first I need to frame the state of play as I see it.

The executive and senior management in many organizations are disappointed with IT and do not trust the IT department to deliver the technology that they need for transformation. IT departments provide solutions too slowly; they are too expensive and overly restrictive. The existing solutions are often not fit for purpose. CEOs don’t want to restrict innovation and profit by forcing all technology solutions through IT, so they are allowing the business to buy their own cloud solutions.

The IT departments are frustrated by the way that the business engages with IT issues. Best practice approaches to architecture, IT governance or security are only paid lip service by business leaders. I hear comments like “the business really needs to improve its maturity to be successful with IT”. Furthermore IT budget are constantly under pressure and IT management is having to focus increased effort on supporting products that they had no part in procuring.

A classic Mexican standoff, with the majority of guns pointing at the unlucky CIO!

So how does the CEO think IT should be run in their organization?

Do you believe that following IT best practices would deliver the right IT solutions for your business?

The best practices are there to ensure agility, quality, alignment, risk management and costs control – exactly the problems that organizations are experiencing. IT best practices stretch well beyond the IT department and can only work when the CEO is committed to them. The nexus of the question is who the CEO trusts to fix IT.

If the CEO does not trust the CIO, do they trust ISACA, ITSMF, or PMI (the best practice organizations)? If they don’t trust these industry groups who do they trust? Please let me know your thoughts

Posted on

How do CIOs befriend the miners?

Hole in the glacier
Undermined

I have worked as a CIO in a number of industries and each has their peculiarities. One segment where the CIO has to be particularly nimble is in the mining sector. There are a few top tips that I have learned from working for a contract miner, producing ore from working mines.

I’ll try to frame up the key requirements in this industry

1. The mining industry is cyclical and when it is hot, it is hot. They need solutions quickly and run high profit margins in the good times. As the cycle turns there is a focus on cost control. In many cases IT is delivering projects late in the cycle and appears out of step with reality.

2. The equipment used in the mines has become technologically complex. There are management systems on the trucks, the crushers have IT components and there are a myriad of complex systems such as slope stability monitoring. The vast majority of this equipment is purchased without IT involvement, but these days most of the systems connect to the internet via the corporate LAN.

3. Many in the mining workforce are engineers or technicians and technologically literate. They often source their own technology solutions and have the skills to make them effective in the workplace. Examples are collaboration systems and mobile enabled ordering systems. These are nearly always disconnected from the corporate IT systems.

As CIO, I was keen to get onto the front foot with these issues. I wanted to understand why the IT department could not deliver the solutions as quickly and cheaply as business units buying it themselves. I succeeded in providing solutions quickly, cheaply and properly supported (my perspective), but I don’t think I won the business over for the following reasons:

1. Acceptance of risk. The business had a higher tolerance of risk than that practiced in IT. When the business implemented their own technology there was no business continuity planning, security was dealt with in a superficial manner and there was often a complete loss of capability when a key staff member left (key man risk). The truth was that these systems would fail, but as different systems were used on different sites the impact would not be catastrophic.

2. Opaque costing. The actual costs of these systems were not well understood. There was no aggregated cost (as you would find in an IT budget) and the costs were often wrapped into other high value contracts. The costs benefits were calculated simplistically by referring to the punitive expenses of having plant not working.

3. Inconsistent expectations. Business provided solutions would fail and they often had poor maintenance arrangements. The business was surprisingly accepting of these issues (given the costs of down time) and much more accepting than for corporate provided IT systems. I put the inconsistency down to the extra control that the business had over the issue. They would deal directly with the supplier and often leverage a relationship to accelerate resolution.

So here are my 3 top tips for success (or at least avoiding disaster)

1. Know when to get out of the way – you may not have the capability or resources to deliver. Ensure that you engage the key stakeholders in this decision.

2. Map the risk – ensure that you have a holistic view of technology risk, not just IT risk. The Audit and Risk committee should be thankful for such a perspective.

3. Be excellent at project management – if you are providing solutions apply a professional, agile project management technique. Good people, a strong methodology and business involvement is a recipe for success.

What are your experiences with IT and the mining industry?