Posted on

The four faces of IT


 Tother_Triumph Triumphs 2CV  Grace 1

 

The times they are a changing, and as businesses adapt to the new reality of technology driven value creation, IT departments are changing too (finally)! The scenarios that I am about to paint are not new; what has changed is the scale and ease of action.

These days almost every business function can be enhanced with cloud based information systems – from rubbish collection to retail. The business unit managers are being approached continuously by salesmen with products, and there are compelling business benefits available.  Managers can sign contracts and have working systems in place in a matter of weeks with no interaction with IT. Everything is available through the browser.

Of course problems arise through time – the cost of the system may escalate as more users are put on; the business department has to manage user names and passwords; the reports from the system are limited unless other organizational data can be added; the supplier may have regular outages; and finally the IT department may upgrade systems or security and the system stops working.

If this happens with just one business department, IT can help to resolve the issues; but when it happens everywhere, IT has real resource limitations and cannot respond effectively. This of course drives a further cycle of bypassing IT (maybe by contracting external help).

So how do we deal with this new reality? The answer is first to get on the front foot and work out between the executives what sort of IT department they want from the choices below:

  • Fixer – The business units drive their own agenda, and only occasionally take advice from IT. Often IT cannot influence the outcomes, but has to resolve issues as they arise. The IT department pours its resources into reactive capability and loses control on strategy and architecture. This is happening to many IT departments today.
  • Governor – In this approach, the IT department takes a governing role, collating a single list of technology projects, identifying interactions and pre-requisites but not holding the budgets. IT may set policies on security and service requirements and is likely to get involved in technical negotiations with suppliers. Depending on IT’s ability to influence (and the quality of its advice) this might improve the outcomes but does not deal with issues such as funding for components to tie the initiatives together.
  • Integrator – Here the organization accepts that businesses do not have the skills to procure and manage IT systems. Executives assign responsibility to various departments and ensure that they have the right competencies. For example procurement may need to develop specialist IT procurement skills; compliance would have staff who could take a close look at the technology; audit may verify supplier performance; and IT would take on integration, service desk and other functions. IT is just one of the team with certain key accountabilities. In this model IT has a clear (but limited) accountability and may have to release resources into other parts of the organization.
  • Orchestrator – In this (somewhat scary) model, IT acts like the conductor of the orchestra, ensuring that all components are identified and actioned. The CIO takes accountability and pulls together all the necessary components in a program approach. The IT department has to be agile to meet the expectations of the business and the CIO needs hefty support to ensure that the business department is serious about delivering on benefits.

The key to success in this whole debate is to decide – then do. If you just drift into a particular scenario, it may be very difficult to change to another model.

So are you ready to have the discussion with your executive on which face of IT they want to see?

Posted on

Don’t get comfortable, the internet of things is coming

Flat out
Flat out

The role of a chief information officer in a large company has its challenges. They have to intermediate between the messy world of business and the even messier world of IT. Their focus is on the risks, costs and opportunities of today and they have few resources to prepare for the future.

I would argue that the next big challenge in IT is something that most CIOs are not ready for. This is the integration of information technology (IT) with operational technology (OT). It is a question of how we manage the internet of things – devices communicating over the internet without human interaction.

To give a personal example, as CIO I supported the operation of a newly purchased ore crushing machine (OT) at a remote mine site. The machine needed to run optimization software that was hosted on the vendor’s computers. This meant connecting the machine through our corporate network (IT) to the vendor. The vendor had no security accreditation and did not offer the security tools that we insisted on from our regular IT suppliers.

The machine had been purchased and the investment in a second communications link was substantial. In the end we accepted an increased security risk, given the costs of mitigation.

There are 3 big challenges with the internet of things:

  1. Security. As soon as we connect devices to the internet, there is massively increased opportunity for malicious attack. Hackers from anywhere in the world may obtain access, as highlighted by Mandiant. Many suppliers of OT do not have the resources to invest in properly secured systems.It is just a matter of time before serious mechanical or safety incidents occur. The Stuxnet virus destroyed hardware used to enrich uranium in Iran, but also infected over 200 Australian based devices. The Australian Government Computer Emergency Response Team found that 35% of attacks were non-targeted and indiscriminate.
  2. Integration. As the complexity of internet of things devices increases, so does the ability to store and utilize data. This data needs to be exchanged efficiently with corporate IT systems, however there are few standards.One example I came across recently was from an engraving firm. They had a web site through which customers could place their orders. To get the details into the connected engraving machine required them to rekey all the data, leading to errors and wasted time.
  3. Purchasing. The people buying OT hardware and software have a focus on the performance of the system. They are often less expert at understanding the license conditions and costs of ongoing support. It is not uncommon to see the same corporate license purchased more than once in an organization.

Some organizations are taking the bull by the horns. At the Australian Broadcasting Corporation, they have put the engineering services for recording and digital editing under the CIO. The critical infrastructure providers such as the utilities and airports have invested in professional approaches to OT. For many however, this is another problem just waiting to happen.

Do you have any plans for the internet of things?