August 20, 2009
August 18, 2009
DHS OIG Report on My User-centric EA Implementation at the Coast Guard
Just learned of new Department of Homeland Security (DHS) Office of Inspector General (OIG) Report documenting the significant progress of Enterprise Architecture and IT Governance program at the U.S. Coast Guard, which I led up to and during the majority of the audit.
I am pleased at the recognized progress and at the terrific work that my team accomplished there--I am very proud of all of them!
Of course, there is more work to be done, but the right EA infrastructure has been put in place to accomplish the goals and objectives set out.
Here is the link to the report: http://sites.google.com/site/thetotalcio/Home/links/EAOIGReport-July2009.pdf?attredirects=0
"The Coast Guard has made progress in developing its enterprise architecture by defining its enterprise architecture framework [User-centric EA] in alignment with both federal and DHS architectures. In addition, its enterprise architecture is aligned with the Coast Guard's IT strategy. These achievements have been possible because of executive support for the enterprise architecture effort."
I am pleased at the recognized progress and at the terrific work that my team accomplished there--I am very proud of all of them!
Of course, there is more work to be done, but the right EA infrastructure has been put in place to accomplish the goals and objectives set out.
Here is the link to the report: http://sites.google.com/site/thetotalcio/Home/links/EAOIGReport-July2009.pdf?attredirects=0
"The Coast Guard has made progress in developing its enterprise architecture by defining its enterprise architecture framework [User-centric EA] in alignment with both federal and DHS architectures. In addition, its enterprise architecture is aligned with the Coast Guard's IT strategy. These achievements have been possible because of executive support for the enterprise architecture effort."
August 16, 2009
Vision is not a Business Only Matter
At an enterprise architecture conference a number of weeks ago, the audience was asked how many of you see yourself as technology people—about half raised their hands. And then the audience was asked how many see yourselves more as business people—and about half raised their hands. And of course, there were a handful of people that raised their hands as being “other.”
Then the dialogue with the audience of architects proceeded to regardless of whether you consider yourselves more business-oriented or more technology-oriented, either way, enterprise architects must get the vision from the business people in the organization, so the architects can then help the business people to develop the architecture. It was clear that many people felt that we had to wait for the business to know that their vision was and what they wanted, before we could help them fulfill their requirements. Well, this is not how I see it.
From my experience, many business (and technology) people do not have a “definitive vision” or know concretely what they want, especially when it comes to how technology can shape the business. Yes, of course, they do know they have certain gaps or that they want to improve things. But no, they don’t always know or can envision what the answer looks like. They just know that things either aren’t working “right” or competitor so and so is rolling out something new or upgrading system ABC or “there has just got to be a better way" to something.
If we plan to wait for the business to give us a definitive “this is what I want,” I think in many cases, we’ll be waiting a very long time.
The role of the CIO, CTO, as well as enterprise architects and other IT leaders is to work with the business people, to collaboratively figure out what’s wrong, what can be improved, and then provide solutions on how to get there.
Vision is not a business only matter—it is a broad leadership and planning function. IT leaders should not absolve themselves of visioning, strategy, and planning and rely only on the business for this. To the contrary, IT leaders must be an integral part of forging the business vision and must come up with an enabling “technology vision” for the organization. These days, business is more and more reliant on technology for its success, and a business vision without thought and input from the technology perspective would be superficial at best and dead of center at worst.
Moreover, visioning is not an art or a science, but it is both and not everyone is good at it. That is why open communication and collaboration is critical for developing and shaping the vision for where the organization must go.
Early on in my career, in working with my business counterparts, I asked “What are you looking to do and how can I help you?” And my business partner responded, opening my eyes, and said, “You tell me—what do you think we need to do. You lead us and we will follow.”
Wow! That was powerful.
“You tell me.”
“What do you think we need to do.”
“You lead us and we will follow.”
The lesson is simple. We should not and cannot wait for the business. We, together with our operational counterparts, are “the business”. Technology is not some utility anymore, but rather it is one of the major underpinnings of our information society; it is the driving force behind our innovation, the core of our competitive advantage, and our future.
August 12, 2009
Andy's Cloud Computing Presentation on MeriTalk
Introduction
First let me start out by saying that cloud computing brings us closer than ever to providing IT as a utility such as electricity, where users no longer need to know or care about how IT services are provided, and only need to know that they are reliably there, just like turning on the light. This is the subscription approach to using information technology, where base services are hosted, shared, and you pay only for what you need and use.
In cloud computing, there are a number of basic models. First, in public clouds, we have a multi-tenant, shared services environment with access provided over a secure Internet connection. In contrast in a private cloud, the IT shared services is behind the company’s firewall and is controlled by in-house staff. Then, there is also a community cloud, which is an extension of the private cloud, where IT resources are shared by several organizations that make-up a specific community.
The advantage to cloud computing—whether public or private—is that you have a shared, enterprise-wide solution that offers a number of distinct advantages:
- Efficiency–with cloud computing, we build once and reuse multiple times—i.e. we share resources—rather than everyone having their own.
- Flexibility–we are more nimble and agile when we can quickly expand or contract capacity on-demand, as needed—what some call rapid elasticity. Moreover, by outsourcing the utility computing elements of our IT infrastructure, we can focus our internal efforts on building our core mission areas.
- Economy (or economy of scale)–it’s cheaper and more cost effective when we can tap into larger pools of common resources maintained by companies with subject matter expertise. They then are responsible for ensuring that IT products are patched, upgraded and modernized. Moreover, we pay only for what we actually use.
Issue
So cloud computing sounds pretty good, doesn’t it? What then is the big issue? Plain and simple it comes down to—Is cloud computing effective for the organization? And what I mean by that is a few things:
- First is customization, personalization and service: when you buy IT computing services in this shared services model, do you really get what you need and want – or are you just getting a canned approach, like the Model T that came in one color, black? For example, when you purchase Software as a Service are you getting the solution you need for your agency or the one built for someone else?
- Next is security, privacy, and disaster recovery. This is a big deal because in a public cloud, you are capturing, processing, sending, and storing data outside of your proprietary infrastructure. This opens the door for theft, manipulation, or other ways of our data being compromised by criminals, cyber-terrorists, and even hostile nation-states.
- Third, and maybe most important, is cultural, especially in a very individualistic society, like ours, where people are used to getting what they want, when they want, without having to share. For example, we prefer owning our own vacation home to having a time-share. We love the concept of a personal home theater. Everyone now has a personal cell phone, and the old public telephones that were once on every corner are now practically extinct. And most people prefer driving their own cars to work rather than using mass transit—even though it’s not environmentally friendly. So the idea of giving up our proprietary data centers, application systems, the control of our data, in a cloud computing model, is alien to most and possibly even frightening to many.
The Reality
So how do we harmonize the distinct advantages of cloud computing—efficiency, flexibility, and economy—with the issues of customization, security, and culture?
The reality is that regardless of customization issues, we can simply no longer afford for everyone to have their own IT platforms—it’s wasteful. We are recovering from a deep financial recession, the nation has accumulated unprecedented levels of debt, and we are competing in a vast global economy, where others are constantly raising the bar—working faster, better, and cheaper.
Moreover, from a technology standpoint, we have advanced to where it is now possible to build an efficient cloud computing environment using distributed architecture, virtualization/consolidation, and grid computing.
Thirdly, on a cultural level, as individualistic as we are, it is also true that we now recognize the importance of information sharing and collaboration. We are well aware of the fact that we need to break the stovepiped verticals and build and work horizontally. This is exemplified by things like Google Docs, SharePoint, Wikipedia, and more.
In terms of security, I certainly understand people’s concern and it is real. However, we are all already using the cloud. Are you using online banking? Are you ordering things online through Amazon, Overstock or other e-commerce vendors? Do you use yahoo or Google email? Then you are already using the cloud and for most of us, we don’t even realize it. The bottom line on security is that every agency has to decide for itself in terms of its mission and ability to mitigate any risks.
How to Choose
So there are two questions then. Assuming—and I emphasize assuming—that we can solve the security issues with a “Trusted Cloud” that is certified and accredited, can we get over the anxiety of moving towards cloud computing as the new standard? I believe that since the use case—for flexibility, economy, and efficiency—is so compelling, that the answer is going to be a resounding yes.
The next question is, once we accept the need for a cloud computing environment, how do we filter our choices among the many available?
Of course I’m not going to recommend any particular vendor or solution, but what I will do is advocate for using enterprise architecture and sound IT governance as the framework for the decision process.
For too many years, we based our decisions on gut, intuition, politics, and subjective management whim, which is why statistics show that more than 82% of IT projects are failing or seriously challenged.
While a full discussion of the EA and governance process is outside the scope of this talk, I do want to point out that to appropriately evaluate our cloud computing options, we must use a strong framework of architecture planning and capital planning and investment control to ensure the strategic alignment, technical compliance, return on investment, and risk mitigation—including of course security and privacy—necessary for successful implementation.
How Cloud Computing fits with Enterprise Architecture:
As we move to cloud computing, we need to recognize that this is not something completely new, but rather an extension of Service Oriented Architecture (SOA) where there are service providers and consumers and applications are built by assembling reusable, shared services that are made available to consumers to search, access, and utilize. Only now with public cloud computing, we are sharing services beyond the enterprise and to include applications, data, and infrastructure.
In terms of a transition strategy, cloud computing is a natural evolution in IT service provision.
At first, we did everything in-house, ourselves—with our own employees, equipment, and facilities. This was generally very expensive in terms of finding and maintaining employees with the right skill sets, and developing and maintaining all our own systems and technology infrastructure, securing it, patching it, upgrading it, and so on.
So then came the hiring of contractors to support our in-house staff; this helped alleviate some of the hiring and training issues on the organization. But it wasn’t enough to make us cost-efficient, especially since we were still managing all our own systems and technologies for our organization, as a stovepipe.
Next, we moved to a managed services model, where we out-sourced vast chunks of our IT—from our helpdesk to desktop support, from data centers to applications development, and even to security and more.
Finally, the realization has emerged that we do not need to provide IT services either with our own or contracted staff, but rather we can rely on IT cloud providers who can offer an array of IT services, on demand, and who will manage our information technology and that of tens, hundreds, and thousands of others and provide it seamlessly over the Internet, so that we all benefit from a more scalable and unified service provision model.
Of course, from a target architecture perspective, cloud computing really hits the mark, because it provides for many of the inherent architecture principles that we are looking to implement, such as: services interoperability and component reuse, and technology standardization, simplification, and cost-efficiency. And on top of all that—using services on a subscription or metered basis is convenient for the end-user.
Just one last thing I would like to point out is that sound enterprise architecture and governance must be user-centric. That means that we only build decision products that are valuable and actionable to our users—no more ivory tower efforts or developing shelfware. We need to get the right information to the right decision makers to get the mission accomplished with the best, most agile and economical support framework available.
August 8, 2009
The Four Noble Truths
Some great Buddhist philosophical insights here for keeping perspective on life and work and remaining personally selfless, detached from transient things, and constantly self-improving (from The Big View).
1. Life means suffering.
To live means to suffer, because the human nature is not perfect and neither is the world we live in. During our lifetime, we inevitably have to endure physical suffering such as pain, sickness, injury, tiredness, old age, and eventually death; and we have to endure psychological suffering like sadness, fear, frustration, disappointment, and depression. Although there are different degrees of suffering and there are also positive experiences in life that we perceive as the opposite of suffering, such as ease, comfort and happiness, life in its totality is imperfect and incomplete, because our world is subject to impermanence. This means we are never able to keep permanently what we strive for, and just as happy moments pass by, we ourselves and our loved ones will pass away one day, too.
2. The origin of suffering is attachment.
The origin of suffering is attachment to transient things and the ignorance thereof. Transient things do not only include the physical objects that surround us, but also ideas, and -in a greater sense- all objects of our perception. Ignorance is the lack of understanding of how our mind is attached to impermanent things. The reasons for suffering are desire, passion, ardour, pursuit of wealth and prestige, striving for fame and popularity, or in short:craving and clinging. Because the objects of our attachment are transient, their loss is inevitable, thus suffering will necessarily follow. Objects of attachment also include the idea of a "self" which is a delusion, because there is no abiding self. What we call "self" is just an imagined entity, and we are merely a part of the ceaseless becoming of the universe.
3. The cessation of suffering is attainable.
The cessation of suffering can be attained through nirodha. Nirodha means the unmaking of sensual craving and conceptual attachment. The third noble truth expresses the idea that suffering can be ended by attaining dispassion. Nirodha extinguishes all forms of clinging and attachment. This means that suffering can be overcome through human activity, simply by removing the cause of suffering. Attaining and perfecting dispassion is a process of many levels that ultimately results in the state of Nirvana. Nirvana means freedom from all worries, troubles, complexes, fabrications and ideas. Nirvana is not comprehensible for those who have not attained it.
4. The path to the cessation of suffering.
There is a path to the end of suffering - a gradual path of self-improvement, which is described more detailed in the Eightfold Path. It is the middle way between the two extremes of excessive self-indulgence (hedonism) and excessive self-mortification (asceticism); and it leads to the end of the cycle of rebirth. The latter quality discerns it from other paths which are merely "wandering on the wheel of becoming", because these do not have a final object. The path to the end of suffering can extend over many lifetimes, throughout which every individual rebirth is subject to karmic conditioning. Craving, ignorance, delusions, and its effects will disappear gradually, as progress is made on the path.
What China’s Bullet Trains Can Teach Us About Governance
One of the foundations of this great country is that we believe in respecting the rights of the individual. This belief is founded on the Judeo-Christian doctrine that every life is valuable and the loss of even one life is like the loss of an entire world.
The rights of the individuals are enshrined in the Bill of Rights that establishes what we consider our fundamental human rights, such as freedom of speech, press, religion, due process, eminent domain, and many others.
The flip side of the protection of individual rights—which is sacred to us—is that it may occasionally come at some “expense” to the collective. This can occur when those individuals who may be adversely affected by a decision, hinder overall societal progress. For example, one could argue that society benefits from the building of highways, clean energy nuclear plants, even prison facilities. Yet, we frequently hear the refrain of “not in my backyard” when these projects are under consideration.
In my neighborhood, where a new train line is proposed, there are signs up and down the street, of people adversely affected, opposing it—whether in the end it is good, bad or indifferent for the community as a whole.
So on one hand we have the rights and valid concerns of the individual, yet on the other hand, we have the progress of the collective. Sure, there are ways to compensate those individuals who are adversely affected by group decisions, but the sheer process of debate—however valuable and justified, indeed—may slow the overall speed of progress down.
Why is this an especially critical issue now?
In a high speed networked world with vast global competition—nation versus nation, corporation versus corporation—speed to market can make a great deal of difference. For example, the speed of the U.S. in the arms and space race with Soviet Union left just one global superpower standing. Similarly, many companies and in fact whole industries have been shut down because they have been overtaken, leapfrogged by the competition. So speed and innovation does matter.
For example, in the field of information technology, where Moore’s Law dictates a new generation of technology every two years of so, the balance of speed to modernization with a foundation of sound IT governance is critical to how we must do business.
Fortune Magazine has an article called “China’s Amazing New Bullet Train (it leaves America in the Dust!)”
China’s new ultra-modern rail system will be almost 16,000 miles of new track running train at up to 220 miles per hours by 2020. China is investing their economic stimulus package of $585 billion strategically with $50 billion going this year alone to the rail system. This compares with the U.S. allocating only $8 billion for high-speed trains over the next three years. Note: that the high speed Amtrak Acela train between Boston and Washington, DC goes a whopping average speed of 79 mph.
One of the reasons that China’s free market is credited with amazing economic progress—for example, GDP growth this year projected at 8.3% (in the global recession)—is their ability to retain some elements of what the military calls a “command and control” structure. This enables decisions to get made and executed more quickly than what others may consider endless rounds of discourse. The down side of course is that without adequate and proper discussion and debate, poor decisions can get made and executed, and individuals’ human rights can get overlooked and in fact sidelined. (Remember the shoddy school construction that resulted in almost 7000 classrooms getting destroyed and many children dying in the Earthquake in China in May 2008?)
So the question is how do we protect the individual and at the same time keep pace—and where possible, maintain or advance our societal strategic competitive advantage?
It seems that there is a cost to moving too slowly in terms of our ability to compete in a timely fashion. Yet, there is also a cost to moving too quickly and making poorly vetted decisions that do not take into account all the facts or all the people affected. Either extreme can hurt us.
What is important is that we govern with true openness, provide justice for all affected, and maintain a process that helps—and does not hinder—timely decisions action.
We cannot afford to make poor decisions—these are expensive—nor do we have the luxury of getting caught up in “analysis paralysis.”
Of course, there are many ways to approach this. One way is to continue to refine our governance processes so that they are just to the individual and agile for our society by continuing to simplify and streamline the decision process, while ensuring that everyone is heard and accounted for. Recently we have seen the use of new information sharing and collaboration technologies, like those provided through social media—wikis, blogs, social networks and more—that can help us to do exchange ideas and work together faster than ever before. Embracing these new technologies can help us to pick up the pace of the vetting process while at the same time enabling more people than ever to participate.
Perhaps social media is one of the only things faster than China’s new bullet trains in helping us to progress how we do business in the 21st century.
August 7, 2009
How to Strengthen the Office of the CIO - Part II
Punlished at Government Technology
[Editor's Note: This article is the second in a series that explores the CIO Support Services Framework in government.]
In Part 1 of The CIO Support Services Framework, I presented the six major components needed to support the public CIO in managing IT strategically and proactively. In this article, I will explain what IT best practices framework inform these six components and propose a structure for implementing it.
The six CIO Support Services Framework (CSSF) functions are distinct areas that require subject-matter expertise and need to be managed based on the various IT best practice frameworks. While I am not endorsing any particular best practice government or industry framework, below is a sampling according to CSSF functional area:
Enterprise Architecture (EA) -- Federal Enterprise Architecture (FEA), Department of Defense Architecture Framework (DoDAF), and The Open Group Architecture Framework (TOGAF).
Capital Planning and Investment Control (CPIC) -- Office of Management and Budget (OMB) Circular A-130--"Management of Federal Information Resources" and the Control Objectives for Information and related Technologies (COBIT) by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI).
Project Management Office (PMO) -- the Project Management Book of Knowledge (PMBOK) by the Project Management Institute is the de facto standard project management best practices from initiation through project closeout.
Customer Relationship Management (CRM) -- the IT Infrastructure Library (ITIL) by the United Kingdom's Office of Government Commerce (OGC) and International Standards Organization (ISO) 20000--"IT Service Management." While both are very much operational frameworks, they can also be used to guide service and support at a strategic level in the OCIO.
IT Security (ITS) -- the Federal Information Security Management Act (FISMA), various Federal Information Processing Standards (FIPS) from the National Institute of Science and Technology (NIST), and International Organization for Standardization ISO/IEC 17799 -- Information Technology Code of Practice for Information Security Management.
Business Performance Measurement (BPM) -- the Balanced Scorecard (BSC) by Kaplan and Norton from Harvard Business School -- examines financial, customer, internal business process, and learning and growth measures for the organization.
Although each of the six main functional areas and their supporting best practice frameworks are unique, they can and will overlap, and it is imperative that the OCIO develop a simple and streamlined process for managing these, so that IT and business personnel are not confused or burdened by redundant or circuitous IT processes that hinder, rather than spur innovation and agility. For example, while EA planning guides CPIC IT investment decisions, those decisions inform the next round of EA planning -- it is inherently cyclical. Nevertheless, we must ensure that the overall process flow between all six areas is as clear and simple as possible.
I like to use the example of a Monopoly game board as an analogy for how IT processes should ideally progress from "Go" all the way through -- logically, and more or less sequentially -- without project mishap, ending up on the OMB Watch List for risky IT projects, the equivalent of landing in Monopoly "jail."
The CSSF provides the functional resources to fully support the OCIO and provide the capability to move from simply fighting day-to-day operational problems to strategically managing IT service provision, improving performance and increasing program and project success, through:
Planning (EA)
Investing (CPIC)
Executing (PMO)
Servicing (CRM)
Securing (ITS)
Measuring (BPM)
Each of these OCIO component functions is helpful in managing IT by providing the CIO the capability to better plan, invest, execute, service, secure and measure -- but these are not stand-alone functions -- they are all necessary and complementary.
An organization can have the best EA plan, but without the structured investment processes of CPIC, the plan will not drive, guide, influence and shape IT investment decision-making. In fact, I would propose that CPIC is an enforcement mechanism for carrying out the EA plan.
Similarly the organization can have a wonderful CPIC process for making IT investment decisions, but without a PMO to develop and enforce sound PM policies and practices, IT projects will continue to fail miserably. With an effective PMO, we will have more successful project execution, but without CRM to manage customer requirements and service and support issues, we run a very high risk of rolling out IT capabilities that the customer neither wants nor is happy with. Further, CRM will increase customer satisfaction, but without ITS, CIOs will not ensure the security of the information and systems that the users are depending on.
Finally, with ITS, CIOs will provide users for information security, but without BPM, will miss the opportunity to perform structured performance measurement and management, so that the CIO has visibility to how IT is performing in all areas and on an ongoing basis and can take timely corrective action as needed.
The result is that the CIO is better supported, without being overwhelmed, and the CTO has a clear mandate for strategically implementing the CIO's vision for the organization.
Of course, one of the biggest challenges to implementing the CSSF is finding and allocating the needed funding to support these OCIO functions. IT operations tend to be underfunded already and stuck in the perpetual firefighting mode. Executives often fearf siphoning the needed money or people away from the short-term firefight to work on long-term strategy and implementation. This is a serious mistake!
Firefighting is a losing battle if you attack only the symptoms, but never address the cause or core strategic issues. Moreover, in the fast-paced technology environment of the 21st century, no IT leader can afford to be looking backward -- managing legacy systems that do not leverage modern technologies, techniques and methodologies for information sharing, collaboration and business intelligence.
If you are spending close to 100 percent on IT operations today, is it really unreasonable to allocate 3 to 5 percent of this to strategy, planning and control? Of course, this needs to adjust when IT budgets get extremely large or small and as the complexity of the organization shifts.
As the prior chief enterprise architect of the U.S. Coast Guard and of the United States Secret Service, I have always been a deep proponent of EA and CPIC to drive better IT investment decision-making. However, now as the chief technology officer (CTO) of the Bureau of Alcohol, Tobacco, Firearms and Explosives, I more fully understand how the CSSF functions and interplay are needed for the CIO to perform effectively.
Clearly EA and CPIC are not enough to adequately support the CIO's needs, and thus, they need to be extended with PMO, CRM, ITS and BPM. Moreover, these areas function best that function together for the reasons I mentioned prior -- it's a clear domino effect, where astute planning, sound governance, skilled project management practices, competent customer service, solid IT security and meaningful performance measurement are all necessary for the CIO to manage IT more strategically and effectively.??This is why I firmly believe that the CIO Support Services Framework is how we are going to have to manage IT to achieve genuine success for the CIO in the 21st century and beyond.
_______________________________________
Andy Blumenthal is chief technology officer at the Bureau of Alcohol, Tobacco, Firearms and Explosives. A regular speaker and published author, Blumenthal blogs at User-Centric Enterprise Architecture and The Total CIO. These are his personal views and do not represent those of his agency.
August 6, 2009
How to Strengthen the Office of the CIO - Part I
Published at Government Technology
[Note: This is a two-part article on strengthening the office of the CIO to improve IT operations. Part 1 examines the six components of a CIO Support Services Framework. Part 2 will explore best practices and implementation.]
Information technology is plagued with what federal CIO Vivek Kundra recently called "magnificent failures." A recent research survey by theStandish Group identified that more than 80 percent of IT projects were either failing or significantly at risk. Another article described the CIO's role as a nearly impossible job, trying to manage day-to-day firefighting with limited to no ability to get control and manage strategically.
We are investing massive sums of money, time and effort, only to disappoint customers, miss the mark on requirements and fail to deliver on time, within budget and to specifications.
The CIO Support Services Framework (CSSF) is an approach for changing the dynamic of failed IT projects and putting the CIO and other IT leadership back in the driver's seat, by ensuring that the structural components for success are identified, elevated and resourced appropriately.
The focus of this article is to identify, describe and link the core elements that make up and support an Office of the CIO for the purpose of demonstrating how that will lead to improved IT operations. When the CIO is properly supported, program and project management can be executed with strategic intent and alignment.
It is not my aim to discuss the pros and cons of the many solid approaches to IT project and program management today, such as the Federal Enterprise Architecture (FEA), Information Technology Infrastructure Library (ITIL), Control Objectives for Information and related Technology (COBIT), Project Management Body of Knowledge (PMBOK), Federal Information Processing Standards (FIPS) and International Organization for Standardization (ISO) 20000. I will say that while each is comprehensive in its own right, they are skewed by a particular emphasis on a particular function. For instance, FEA looks at architecture planning, ITIL on service support and delivery, PMBOK on project management and so on. What the CIO needs for ultimate success is a way to incorporate elements of all of these perspectives into a bigger picture.
So what is the CSSF? It is an IT framework aimed at standing up and strengthening an office of the CIO so that it can lead strategically and drive improved IT operations. The idea is that just as business drives (or ought to drive) technology within the greater organization, so too within the function of IT, the CIO and his or her strategy must drive technology operations rather than just fighting fires.
In the typical IT organization, CIOs are expected to be both strategist and problem-solver, with little supporting strategic infrastructure to guide, influence, shape and drive their key decisions about IT operations. All too often, problems crop up and even the most skilled and well intentioned CIOs are left to make decisions based on gut, intuition, politics and subjective management whim.
Even if the CIO has an IT governance board to shoulder some of this responsibility, together they are still like blind people grasping in the dark for answers. This framework corrects the structural defects in today's IT organization that cause this situation to occur.
The CSSF has six major components:
1. Enterprise Architecture (EA) -- for strategic, tactical, and operational planning in the organization. EA includes all perspectives of the organization's architecture including: performance, business, information (data and geospatial), services or systems), technology, security, and human capital (this last one is currently missing from the Federal Enterprise Architecture).
In EA planning, we develop the current architecture--where we are today in terms of business and technology resources, the target--where we want to be in the future through business process improvement and technology enablement, and the transition plan--how do we get from where we are today to where we want to be in the future.
More mature EA's provide business, data, and systems models, and identify gaps, redundancies, inefficiencies, and opportunities in the business and IT and recommend business process improvement, reengineering, and new technologies to improve organizational performance.
2. Capital Planning and Investment Control (CPIC) or IT governance -- manages the IT investment decision processes of selecting, controlling, and evaluating new or major changes to the IT portfolio ( i.e. to put those plans to work and make them pay-off). CPIC can ensure that IT investments maximize return on investment, minimize or mitigate risk and provide for strategic alignment to the business.
CPIC also helps make IT investments technically compliant by ensuring that desirable IT behaviors are followed, such as information sharing and quality, interoperability, component reuse, standardization, simplification, cost-efficiency, and of course security.
3. Project Management Office (PMO) -- oversees the effective execution on the IT projects. These projects derive from the EA technical roadmap and transition strategy and from IT investment decisions coming out of the governance board(s) in CPIC. Project management is how we manage all facets of a project to include scope, schedule, cost, quality, project resources, integration, communications, and more, from the initiation of a project through its closeout. Project managers typically develop the work breakdown structures, project schedules, and monitor and manage progress to these.
4. Customer Relationship Management (CRM) or IT service management -- for managing service and support to our customer with "one call does it all". As opposed to customer management within IT operations which is focused on helpdesk, availability, break-fix, and support issues, CRM in support of the CIO is focused on serving as IT liaisons to the business responsible for overall customer satisfaction, generating and managing customer requirements, supporting business case development, and handling internal business complaints, issues, and coordinating problem resolution with IT operations.
5. IT Security (ITS) -- how we conduct IT security policy and planning. This function encompasses how we plan, assess, and enforce IT security, and not the actual implementation of IT Security, which is an operational IT function. This functional area includes preparing certifications and accreditations, risk assessments, security plans, vulnerability testing, security awareness training, and security policies. IT security ensures the confidentiality, availability, integrity, and privacy of the organizations information.
6. Business Performance Management (BPM) -- how we measure and drive performance, so we know whether we are hitting the EA target or not. BPM involves identifying performance measures, capturing, analyzing and reporting on metrics, and providing the CIO with IT executive dashboard views to inform which programs and projects that are on track, challenged and in jeopardy of failure.
Typically BPM provides for a drill-down capability, so high-level "red-yellow-green" program/project indicators and milestones can be decomposed into lower levels of detail for trends, analysis and making course corrections. BPM should provide a feedback mechanism for how the IT function is performing and drive continuous process and performance improvement in the CIO organization.
Together these six areas make up a holistic and synergistic set of support functions constitute a fully capable Office of the Chief Information Officer (OCIO) in the center.
In creating a strong OCIO, the CIO Support Services Framework wisely separates the policy, planning and oversight functions from the IT operations. This is beneficial in two main ways: First, this enables the CIO to strategically and proactively direct IT operations, rather than being in perpetual firefighting and reactive mode. Second, the separation of duties -- strategy from operations -- creates a healthier organizational dynamic and interplay in IT, where the fox is not left guarding the chicken coop.
Part 2 of this article will explore IT best practice frameworks and implementation of the CIO Support Services Framework.
_____________________________________
Andy Blumenthal is chief technology officer at the Bureau of Alcohol, Tobacco, Firearms and Explosives. A regular speaker and published author, Blumenthal blogs at User-Centric Enterprise Architecture and The Total CIO. These are his personal views and do not represent those of his agency.
August 5, 2009
How To Use Social Media Strategically
This is an outstanding 3 minute video on Social Media from General Services Administation (GSA) and HowCast.com
The video provides 6 "how-to" steps to implementing social media for the purposes of collaboration, information sharing, information exchange, keeping pace of fast moving events in real-time, and harnessing the collective ingenuity of the public to support mission.
As the video states, "The key is to focus on the organization's goals."
August 2, 2009
Health Care Reform is Technologically Deficient
The debate on the news, in the streets, and on the Hill these days is health care reform—getting insurance coverage for those who lack it. And while this is an important and noble pursuit, there is something extraordinary absent from the health care reform discussion—and that is technology—in terms of how we get better care to everyone, the uninsured and insured alike?
We are living with a health care system that is functioning devoid of the most basic technology aids—such as electronic medical records, electronic scheduling, e-appointments with doctors using IM or video, electronic prescription handling, and much more.
If the finance industry is at the advanced end of the technology spectrum, the medical industry is at the extreme low end—and how sad a commentary is that: is our money more important to us than our health?
An article in Fast Company in May 2009 called “The Doctor of the Future” states: “This is a $2.4 trillion industry run on handwritten notes. We’re using 3,000 year-old tools to deliver health care in the richest country on the planet.”
The health care system is broken for sure, but it goes way beyond the 45 million American’s that lack insurance.
- “Health care accounts for $1 in every $6 spent in the United States.”
- “Costs are climbing at twice the rate of inflation.”
- “Every year, an estimated 1.5 million families lose their homes because of medical bills.”
- “Although we have the word’s most expensive health-care system, 24 counties have a longer life expectancy and 34 have a lower infant-mortality rate.”
Based on these numbers, the medical industry in this country is overcharging and under-delivering, and part of the reason for this–as Fast Company states is the lack of technological innovation: “one of the paradoxes of modern medicine is that it demands continual innovation yet often resists change.”
New medical technology programs are available that provide for a vastly improved patient experience.
For example, using the Myca platform the user-experience is simpler, faster, and cheaper. Here’s a view of how it would work: “your profile shows your medical team…to make an appointment, you look at the doctors schedule, select a time slot or at least half an hour and the type of appointment (in-person, video, IM), and fill out a text box describing your ailment so the doctor can start thinking about treatment. Typically follow ups are e-visits. A timeline doted with icons representing appointments lets you review the doctors comments, read the IM thread, watch the video of an earlier electronic house call or link t test results.”
Using other technological advances, we could also benefit the patient by being able to:
- Send electronic prescriptions to the pharmacy and automatically check for drug interaction.
- Enter a patient’s symptoms and test results and get a comprehensive software generated diagnosis along with the probability of each result as well as other pertinent tests for the doctor to consider.
- Provide electronic medical records that can be shared securely with medical providers including medical history, exam notes, tests ordered and results, and drugs prescribed.
- Utilize telemedicine for consultation with medical providers anywhere and anytime.
- And even apply robots to surgical procedures that result in less invasive, more effective, quicker recovery rates, and with less chance of infection.
None of this is science fiction…and this is all possible today.
Therefore, if we are going to call for a revamp to our health care system, let’s go beyond the coverage issue and address the logjam on quality of care for all Americans.
Absolutely we need to address the 18% uninsured in this country, but while we do that and figure out how to pay for it, let’s also deal with providing 21st century care to all our citizens through the modernization of our medical industry benefitting both the patients and medical providers through more efficient and effective care-giving.
August 1, 2009
Faith or Fear?
I love stories of hope and possibility.
I read in the Washington Post, 1 August 2009, about cars that actually enable blind people to drive. This was one of those stories.
In 2004, a challenge was issued from a blindness advocacy group “to build a vehicle that the blind could drive with the same freedom as the sighted.”
Around the same time, The Defense Advanced Research Projects Agency (DARPA)—the same government agency that brought us the Internet—“ran a series of contests to inspire a driverless car that could navigate complex terrain.”
However, at Virginia Tech’s Robot’s & Mechanism Laboratory the challenge of “an autonomous vehicle wasn’t enough. We want the blind person to be the driver, not to be driven.”
To meet this once unthinkable goal, the design team developed a prototype vehicle that blind students this summer are actually testing.
Here’s how the vehicle works: An all-terrain vehicle with a front-mounted laser sensor sweeps the terrain ahead, and a computer in the back processes the information into a two-dimensional map. A computer voice tells the driver through headphones what number of clicks to turn the wheel to steer around obstacles and a vest vibrates to indicate whether the driver should slow down or stop.
By challenging ourselves, bringing innovation to the table, thinking positively, and working through the challenges, we are able to bring opportunities to people that many thought were impossible.
Yet even today, I heard people reacting to this story and saying “Oh, I wouldn’t want a blind person driving behind me.”
But why not? There are reasons to believe that this can work.
First of all, in the vehicle tests, the blind drivers actually did better than the engineers because they followed the directions coming from the computer more precisely.
Second, when it comes to other modes of transportation such as flying, people no longer seriously question the use of technology to aid our ability to see, navigate and fly through all sorts of weather and turbulent conditions. Now a days, a large commercial airplane flying at hundreds of miles an hour over densely populated cities on autopilot is an accepted fact.
I believe there are really two issues here:
On one hand, is the technology itself. How far can technology take us—are there limits?
And the second issue is can people overcome their mindset of fear, doubt, hesitation, and negativity to really stretch the bounds of the imagination to the what’s truly possible?
I think both the issues of technology and mindset are strongly related.
Obviously there are laws of nature and physics that place real limits on even how far technology can take us. Yet, as we press against the boundaries and test the seemingly impossible, we are able do things that practically defy those very laws. For example, who would’ve thought that man could fly like the birds, walk on the moon, communicate thousands of miles in a split second, or cure the incurable? Perhaps, what we perceive as physical limitations are only there until we can figure out how to overcome them with innovation and technology—and of course, the wisdom bestowed from the almighty.
By realizing that the boundaries are not so hard and fast—that they are elastic—we can have hope in going further and doing the seemingly impossible.
Certainly, I recognize the very real legitimacy of the concerns that people might have over the thought of blind people in the driver’s seat. However we must ask ourselves how much of this concern is based on rational, logical factors and how much on a misperception or mistrust of what technology—and blind people themselves—can actually do. To me, it really comes down to one’s mindset.
Through faith, courage, conviction, we can overcome our doubts and fears. We can and must continue to explore, to test the bounds, and to innovate some more.
Subscribe to:
Posts (Atom)
