March 29, 2009

Kudos to the Bean Counters

Innovation is powerful, and with power comes responsibility.

When we think creatively and “out of the box”, we break the mental bounds that constrain our ability to go beyond what we know today and build capabilities that were unimaginable just the day before.

Yet, innovation is not like creation. G-d creates something from nothing. Man builds on the ideas of those who came before us—this is incrementalism.

And doing so, we are able to go beyond our own individual human limitations.

Incrementalism is a force multiplier. It is like layering one new thought, one change, one innovation on top on another and another. With each incremental development, we as a society are able to go beyond those who came before us.

Of course, some innovations are more evolutionary and some more incredibly revolutionary, but for all there are influences that underpin their development and they are there even if we cannot readily see them.

In short though, we are constantly changing as a society and as individuals—for better or possibly, for worse.

In the introduction to the novel, The Prey, by Michael Crichton, the author talks about the how everything—“every living plant, insect, and animal species”--is constantly evolving and warns of the complexity, uncertainty, and possible dire consequences if we do not manage change responsibly.

““The notion that the world around us is continuously evolving is a platitude; we rarely grasp its full implications…The total system we call the biosphere is so complicated that we cannot know in advance the consequences of anything that we do.”

I think the point is that even if we can envision or test the consequences of innovation one, two, three or however many steps forward, we cannot know the limitless possible downstream effects of a change that we initiate.

Crichton states: Unfortunately, our species has demonstrated a striking lack of caution in the past. It is hard to imagine that we will behave differently in the future.”

We don’t have to look too far to see how we have irresponsibly used many innovations in our times, whether they be complex and risky investment instruments that have led to the current financial crisis, medical products that have had serious unintended side effects resulting in serious injury and fatalities, and of course our endless thirst for and usage of fossil fuels and the general disregard for our planet and the negative effects on our environment such as global warming and pollution to name just a couple.

Crichton warns that “sometime in the twenty-first century, our self-deluded recklessness will collide with our growing technological power.”

The warning is particularly apropos in light of the ever increasing rate of change enabled by and manifested in various technologies such as biotechnology, nanotechnology, nuclear technology and information technology.

With each new advance in our technological prowess come risks of these new tools getting away from us and causing harm. For example, nuclear technologies have provided weapons of mass destruction that we struggle to contain; biotechnology has stirred concerns in terms of cloning, mutations, and deadly pathogens; nanotechnology stirs fears of toxic microscopic organisms that can easily get into our bodies, and IT viruses and cyber warfare that threaten our world of bits and bytes as we have come to know and rely for just about every daily activity we are involved in.

The point is not for us to be scared into mental stasis and inaction, but to be cognizant of the potential for serious side effects of changes and to take appropriate safeguards to mitigate those.

Innovation is exciting but it can also be seriously scary. Therefore, we need to be brave and bold in our thinking and actions, but at the same time we need to be cautious and act responsibly.

What this means in real life is that when new ideas are introduced, we need to evaluate them carefully so that we understand the range of benefits and risks they pose.

While it is not very sexy to be the voice of caution, great leaders know how to encourage new thinking while reining in potentially dangerous consequences.


March 27, 2009

Save A Penny, Lose a Customer

It’s amazing to me that organizations and people still miss the basic premise that underlies any successful business and that is good customer service.

Indeed all the innovation and technology in the world will not make up for the common business sense in putting the customer first.

Whatever happened to the customer is always right?

One of the most frustrating customer experiences is often associated with how companies routinely mishandle customer calls. We all know the shtick all too well by now:

  • The phone rings off the hook in the customer call center—why isn’t anyone answering?
  • If the phone is answered, very likely, the call is handled by automated call telephony—and you end up in a maze of instructions and options from which quite frankly, you may never return.
  • If you are so fortunate as to actually get to a real-live customer service representative, they won’t identify themselves—except with a first name--or provide a direct contact number to reach them should you get disconnected or need to follow up with them.
  • If you can identify who you are actually dealing with, you may quickly realize that you are talking to someone who is likely resident in another hemisphere and you may be unable to understand or effectively communicate with the company representative on the other end of the line (whose primary language is not your own).
  • If you are able to actually communicate with each other—what did you say?—you are likely to hear all sorts of gobbley-gook policies and excuses for why they can’t resolve your service request, need or complaint.
  • If you argue, raise your voice in frustration or ask to speak to a supervisor, you are likely to get “accidently” disconnected and you go back to go and cannot collect $200.
  • If you manage to get to a supervisor, the supervisor may throw you a bone and give you a partial win or more likely will stand firm and tell you to “talk to the hand, cause the face ain’t home.”
  • If you threaten to take your business elsewhere, you will have to place a call to another customer call center and start from step one all over again.

This is NOT a customer-centric enterprise architecture for an organization—it is almost the furthest thing from it aside from going out and actually paying customers to go use a competitor’s products or services instead of their own. This customer service-NOT approach is the death of our national competitiveness and represents the end of life for an organization and any individual employing it.

The Wall Street Journal, 24 March 2009, has a review on a book titled “Your Call Is (not that) Important to Us” by Emily Yellin who hits this right on the head.

“It is one of the most maddening ordeals of modern life. You are having problems with a product or service, and so (fool that you are) you call a customer help number, only to be greeted by a cheerfully inept or robotically indifferent voice at the end of the line.”

So why do organizations behave in this self-defeating, anti-customer fashion?

It’s called pinching pennies. Or penny wise and dollar foolish.

“Companies naturally try to keep costs down, sometimes rating the performance of their harried call-center workers by the number of calls they log, not by how well they resolve callers’ complaints…or companies move their help desks to countries where costs are low but accents are impenetrable. Or they switch to computer systems that leave already unhappy customer shouting their responses at an unresponsive machine.”

This is emblematic of the short-term focus on quarterly profits and share price at the expense of the customer satisfaction, service, and long term retention goals. The result: piss-poor customer service!

That’s why as enterprise architects, we need to ALWAYS start, end and follow every point in between with the customer needs. So in terms of EA what can we do to improve service delivery?

  • Focus on organizational performance goals and put customer satisfaction and retention at the top of those goals.
  • Align technology solutions and investments to deliver on the customer experience.
  • Don’t automate the customer out of the equation by removing genuine listening, empathy, and problem resolution.
  • Add a human-capital perspective to enterprise architecture frameworks to focus on best practices, targets, and transition plans to manage both the humans that work in the organization and to satisfy the human beings who are our customers. Human-to-Human interface!

Generally speaking, technology is known as an enabler for efficiency and effectiveness. Let it be first and foremost a means to better customer experiences. That is what is going to keep them coming back for more or heading to the exits.


March 22, 2009

Why We Miss the Planning Mark

We’ve all been there asking why we missed the signs while others saw them head-on and benefited in some way. This happens with financial investments (e.g. I should’ve sold before this recent meltdown like my good buddy did), business opportunities (e.g. I should’ve opened up a chain of coffee stores like Starbucks before Howard Shultz got to it), military strategy (e.g. we should’ve seen the attacks on Pearl Harbor and 9-11 coming and been better prepared to try and stop them) and other numerous “should’ve” moments—and no I’m not talking about that” I should’ve had a V8!”

Why do we miss the signs and misread information?

Obviously, these are important questions for IT leaders, enterprise architects and IT governance pros who are often managing or developing plans for large and complex IT budgets. And where the soundness of decisions on IT investments can mean technological superiority, market leadership and profitability or failed IT projects and sinking organizational prospects.

An article in MIT Sloan Management Review, Winter 2009, provides some interesting perspective on this.

“Organizations get blindsided not so much because decision makers aren’t seeing signals, but because they jump to the most convenient or plausible conclusion, rather than fully considering other interpretations.”

Poor decision makers hone in on simple or what seems like obvious answers, because it’s easier in the short-term than perhaps working through all the facts, options, and alternative points of view to reach more precise conclusions.

Additionally, “both individual and organizational biases prevent…signals from getting through” that would aid decision making.

How do these biases happen?

SUBJECTIVITY: We subjectively listen almost exclusively to our own prejudiced selves and distort any conflicting information. The net effect is that we do not fully appreciate other possible perspectives or ways of looking at problems. We do this through:

  • Filtering—We selectively perceive what we want to and block out anything that doesn’t fit what we want to or expect to see. For example, we may ignore negative information about an IT investment that we are looking to acquire.
  • Distortions—Information that manages to get through our mental and emotional filters, may get rationalized away or otherwise misinterpreted. For example, we might “shift blame for a mistake we made to someone else.”
  • Bolstering—Not only do we filter and distort information, but we may actually look for information to support our subjective view. For example, “we might disproportionately talk to people who already agree with us.”

GROUPTHINK: “a type of thought exhibited by group members who try to minimize conflict and reach consensus without critically testing, analyzing, and evaluating ideas.” (Wikipedia)

“In principle, groups should be better than individuals at detecting changes and responding to them. But often they are not, especially if the team in not managed well, under pressure, and careful not to rock the boat.”

Interestingly enough, many IT investment review boards, which theoretically should be helping to ensure sound IT investments, end up instead as prime examples of groupthink on steroids.

Concluding thoughts:

If we are going to make better IT decisions in the organization then we need to be honest with ourselves and with others. With ourselves, we need to acknowledge the temptation to take the simple, easy answer that is overwhelmingly directed by personal biases and instead opt for more information from all sources to get a clearer picture of reality.

Secondly, we need to be aware that domineering and politically powerful people in our organizations and on our governance boards may knowingly or inadvertently drown out debate and squash important alternate points of view.

If we do not fairly and adequately vet important decisions, then we will end up costing the enterprise dearly in terms of bad investments, failed IT projects, and talented but underutilized employees leaving for organizations where different perspectives are valued and decisions are honestly and more comprehensively vetted for the betterment of the organization.

If we shut our ears and close our eyes to other people’s important input, then we will miss the planning mark.


March 21, 2009

Challenges of a Change Agent

I have always been fascinated by leadership and how to grow an organization in spite of a broad variety of obstacles to change and maturity.

Indeed, as I have studied, read, watched, and practiced leadership and change initiatives for over two decades, I am always intrigued at the role of the change agent.

Certainly, it is hard to be a change agent for so many reasons. It is hard to change yourself let alone to get others to change. It is hard to exist in an environment where you see new and different possibilities, but others see only their way or the highway. It is hard to see others jockey for power and revel in the humiliation and shame of their peers. Change is only for the strong-hearted.

It’s interesting to me that change agents are often alone in the enterprise. They are specifically brought in fix highly ingrained problems that very often culturally rooted and that are damaging to the continuing maturation and success of the enterprise. But the change agent is coming in with “fresh eyes” and accompanying toolkit of best practices from outside the insular dynamics of the dysfunctional organization.

But the change agent is alone, or relatively so as they may be others who are “bucking the trend,” to try to bring a new openness and flexibility to the stagnant corporate culture and decaying ways of doing business that descend like death over complacent or arrogant organizations that think that once on top of the world, always on top.

Applause to the organizational leaders who are aware of processes, products, and ways of thinking that are broken and recognize the need for change and attract the agents of change and agility.

But the change agents run against the tide. They are new and are viewed as not knowing anything about the organization. Moreover, they are perceived as a danger to the comfortable long-standing held beliefs and ways of doing things. And moreover, they are seen as a threat to the incumbents. So from the incumbents perch, the change agents need to be shamed, humiliated, thwarted at almost any cost. And the change resisters in the established hierarchy “revel” in every obstacle they throw up.

There is an interesting article in the Wall Street Journal, 21-22 March 2009 about a website where people “revel in each other’s humiliation.”

The French site has 70,000 readers and it has “become a phenomenon in France…it receives a thousand or so new stories a day from which three young men who run it pick a dozen or so to post…the site now has 7,200 vignettes picked from nearly 400,000 sent in.”

It started a couple of years ago by the founder who “started posting stories online about the frustrations of modern life.”

The stories of life difficulty that are shared and read by others is closely aligned with Schadenfreude, a German word which means “One’s person’s misfortune is another’s happiness.” Or another version for the popularity of the site is that “one person’s misfortunes reassure another.”

Whichever explanation you adhere to for the popularity of people posting and reading about other people’s misfortunes and shame, points to people’s need to open up and release thoughts and feeling that are shameful and painful; people have a need to share, commiserate, and gain acceptance and to know that they are not alone.

Now there is an English language version of the popular website and “stories are flooding in. But the content is often similar. ‘It’s like there is a kind of solidarity among all countries when it comes to misfortune. We are all in a big, international pile of crap—but we’re in it together.”

The enterprise, its diehard stalwarts, and the change agents are also in it together. And they will either sink or swim. Hopefully, they decide on the latter.


March 15, 2009

Leadership Should Integrate Spirituality and Mission

I remember learning in religious day school that people are half spiritual beings and half animal and that it was a person’s duty (or test in life) to imbue the carnal part of our existence with spirituality.

It was nice to see a book today that brought this topic home; it is called “G-d is My CEO” by Larry Julian.

The premise of the book is that “we usually want to do the right thing, but often succumb to the short-term, bottom line demands of daily business life.”

Julian states: “The bottom line had become their G-d. It was insatiable. No matter how hard they worked, it was never enough, nor would it ever be enough.”

As I see it, people have two faces (or more) and one is their weekend persona that is family and G-dly oriented and the other is the one for the rest of the week—for business—that is driven by materialism, accomplishment, and desire for personal success.

This is where the test of true leadership comes into play.

We can and must do better in our business lives by “doing the right thing regardless of the outcome” and “expanding the definition of success from making money to making a difference.”


We’re all experts at making excuses, why we need to be successful in business, achieve results, make lots of money, get the next promotion (and the next and the next) and that “the end justifies the means; you get to the outcome regardless of how you accomplish it”!

In Information Technology, it’s no different than in any other business function. It’s a competitive environment and most of the time, people’s raw ambitions are somewhat obscured (but still operating there) and occasionally you see the worst come out in people—not working together (like system operating in stovepipes), or worse criticizing, bad-mouthing, and even back stabbing.

As a CIO or CTO, we must rise above this and lead by a different set of principles. To this end, I like the “Servant Leadership” doctrine put forward by Julian.

In short, the servant leader, leads by example and puts people first and in essence, spiritually elevates the baser ambitions of people.

The servant leader is “one who serves others, not one who uses others. He/she “serves employees so they can serve others.”

“When we [as leaders] serve others, we help them succeed” and thereby we can accomplish the mission even better than pure individual greed ever could.


The CIO/CTO can lead people, modernize and transform the enterprise with innovation and technology, to accomplish the mission better than ever and we can do it by integrating spirituality and kindness to people into what we do every day in our working lives.

Unfortunately, IT organizations are often run not by elevating people and making them significant, but instead by running them into the ground. The mission is demanding the latest and greatest to stay competitive. The technology is changing rapidly. IT specialists are challenged to keep up with training on new hardware, programming languages, systems development and project management techniques, best practice frameworks, and so forth, The Help Desk and Desktop support people are routinely yelled at by the customers. Security and privacy issues are a constant threat to operations. IT is denigrated as a support function, whose people don’t understand the business; IT is viewed as a utility and it’s people often pushed out for outsourcing.

Truly, in this type of demanding and challenging environment, it is tough for any IT organization and its people to maintain their dignity and spirituality. But that is precisely where the CIO/CTO must lead and demonstrate humanity and care for people. The true IT leader will impose structures to create order out of chaos and in so doing elevate people as the critical asset they truly are to the organization.

Here’s some ways we can do this:

  1. Treat all employees with respect and dignity by representing their interests in the organization, as well as abiding by at the very least minimal standards of professionalism and courtesy
  2. Partner with the business so that it’s not us versus them, but just one big US.
  3. Develop a meaningful architecture plan and sound IT governance so everyone understands the way ahead and is working off the “same sheet of music.”
  4. Manage business expectations—don’t overpromise and under deliver, which leads to frustration and anger; instead set challenging but attainable goals.
  5. Filter requirements through a “single belly button” of seasoned business liaisons, so that the rank and file employees aren’t mistreated for doing their sincere best.
  6. Provide training and tools for people to do their jobs and stay current and understand not only the technology, but the business.

Through these and other servant leader examples, we can integrate our spiritual and material lives and be the types of leaders that not only deliver, but that we can really be proud to be.


March 14, 2009

Bridging the Business and IT Divide

Leadership is all about people. In the simplest terms, you can’t be a leader without followers. And to inspire and motivate people to follow, you need a clear vision and the ability to articulate it. Moreover, leaders need to be professionally and technically competent; they need to understand their industry and the competitive environment, and be able to effectively engage decision makers, subject matter experts, and employees across the enterprise and stakeholders outside of it.

For a CIO, leadership can be even more challenging because of the balance needed between the business and technical aspects of job and the need to communicate to those two communities in their respective languages and to be able to translate between them. Often, sitting in meetings I see the best intentioned IT folks often talking techie “right past” their business counterparts and the business folks discussing mission to IT people who may never have been outside the confines of the IT environment.

As the CIO, it’s key to bridge the divide and help the business and IT communities in the organization work together and learn to speak and understand each other. Only this way, can the IT folks understand the business requirements and the business folks understand the technical solutions being proposed.

To accomplish this, the CIO should have the business and IT people work together in integrated project teams (IPT’s), tiger teams, task forces, and so on to accomplish IT projects, rather than the business just being consulted at the beginning of the project on the requirements, and handed a “this is what we thought you wanted” deliverable at the end.

Further, the CIO should appoint business liaisons or customer relationship managers to routinely work with the business, understand their needs and work to address them—until completion and satisfaction. The business liaisons need to “own the customer” and should not just be a pass-through to the help desk with no follow up, closure, or performance measurement

Where appropriate, I think it is even a good idea to collocate the business and IT people together, rather than in their separate fiefdoms and functional silos to so they really become a cohesive team—sharing business and IT knowledge and working together to implement an IT enabled business.

Of course, the CIO should encourage training, field trips, work details, and other cross-pollinating initiatives.

Finally, a robust enterprise architecture and IT governance helps to effectively bring the business and IT people together to jointly build the plan and make the decisions, so that it is not one side or the other working in a vacuum or imposing little understood requirements or solutions on the other.

In the book, The New CIO Leader by Boardbent and Kitzis, one of the basic premises is that “every CIO will follow one of two paths:” as follows:

--either they will be a “chief technology mechanic,” narrowly focused on IT to the exclusion of the business.

- or they will be a “new CIO leader,” where “IT is at the heart of every significant business process and is crucial to innovation and enterprise success.”

To be the new CIO leader, and truly integrate IT into the very fabric of the mission, you need to “weave business and IT strategy together” and also integrate the business and IT people to work effectively together.

Of course, this starts with building a high-performing IT organization, but must also involve regularly reaching out to the business at every opportunity and including them as full partners in build effective and efficient enterprise architecture planning, IT governance, and full systems life cycle execution.

In my opinion, the new CIO leader, does not think just IT, but lives and breathes the business and does everything in their power to bring the two not just in alignment, but in true partnership.

How important is this?

As Broadbent and Kitzis state: “If you don’t think like a constantly ‘re-new-ing’ CIO, you may be on our way to becoming an ex-CIO.


March 12, 2009

What It Means to Get Madoff-ed

"Saying he was 'deeply sorry and ashamed,' Bernard Madoff pleaded guilty Thursday to pulling off perhaps the biggest swindle in Wall Street history and was immediately led off to jail in handcuffs to the delight of his seething victims. Madoff, 70, could get up to 150 years in prison when he is sentenced in June." -Associated Press

In enterprise architecture, defining data terms and usage is very important. So everyone is talking the same language!

Well with Bernie Madoff's plea of guilt to all 11 charges against him today involving a $50 billion Ponzi scheme (named after another financial crook), I believe are witnessing the birth of a new word in the English lexicon.

Here on in, Madoff will mean:

to swindle, cheat, defraud, deceive.

a person who swindles, cheats, defrauds, and deceives.

Congratulations Bernie, you lousy Madoff!

Another way to think of this new word...
he MADe OFF with a lot of people's hard-earned money.


March 8, 2009

We Need A Grand Vision—Let It Be Smart!

We can build systems that are stand-alone and require lots of hands-on monitoring, care, and feeding or we can create systems that are smart—they are self-monitoring providing on-going feedback, and often self-healing and they help ensure higher levels of productivity and up-time.

According to the Wall Street Journal, 17 February 2009, smart technology is about making systems that are “intelligent and improve productivity in the long run…they [makes use of] the latest advances in sensors, wireless communications and computing power, all tied together by the Internet.”

As we pour hundreds of billions of dollars of recovery funds into fixing our aging national infrastructure for roads, bridges, and the energy grid—let’s NOT just fix the potholes and reinforce the concrete girders and have more of the same. RATHER, let’s use the opportunity to leap forward and build a “smarter,” more cost–effective, and modernized infrastructure that takes us, as nation, to the next playing-level in the global competitive marketplace.”

- Smart transportation—the “best way to fight congestion is intelligent transportation systems, such as roadside sensors to measure traffic and synchronize traffic lights to control the flow of vehicles…real time information about road conditions, traffic jams and other events.” Next up is predictive technology to tell where jams happen before they actually occur and “roadways that control vehicles and make ‘driving’ unnecessary.”

- Smart grid—this would provide for “advanced electronic meters that send a steady stream of information back to the utility” to determine power outages or damage and reroute power around trouble areas. It also provides for consumer portals that show energy consumption of major appliances, calculate energy bills under different usage scenarios and allow consumers to moderate usage patterns. Additionally, a smart grid would be able to load balance energy from different sources to compensate for peaks and valleys in usage of alternative energy sources like solar and wind.

- Smart bridges—this will provide “continuous electronic monitoring of bridges structures using a network of sensors at critical points.” And there are 600,000 bridges in the U.S. As with other smart technologies, it can help predict problems before they occur or are “apparent to a human inspector…this can make the difference between a major disaster, a costly retrofit or a minor retrofit.”

Smart technology can be applied to just about everything we do. IBM for example, talks about Smart Planet and applying sensors to our networks to monitor computer and electronic systems across the spectrum of human activity.

Building this next level of intelligence into our systems is good for human safety, a green environment, productivity, and cost-efficiency.

In the absence of recovery spending on a grand vision such as a cure for cancer or colonization of Mars, at the VERY least, when it comes to our national infrastructure, let’s spend with a vision of creating something better—“Smarter”--for tomorrow than what we have today.

March 7, 2009

6 CIO Tools for Managing IT Risk

“The consequences of not managing risk have hit Americans square in the jaw.”-- Government Executive magazine, March 2009

Too often CIOs see themselves very literally as managing IT. What they need to do is manage risk along with all of the other key leadership issues such as innovation, information-sharing, collaboration, and so on.


The IT environment today is part of a larger social, political, and economic context that is more fraught with risk than ever. The mortgage meltdown, the financial crisis, job losses, volatility in commodity prices (e.g. oil), and so much more—it seems like it will never end. I would add that recently we had birds collide with an airline in NY, satellites that collided in space, and submarines that collided from France and the U.K. Oh, let’s not forget Russia’s invasion of Georgia and the terrorist attacks in India in November that killed at least 173 and wounded 308 and the Asian Tsunami in 2004 that killed over 225,000 people from 11 countries.

This is scary beyond belief!

Is G-d punishing us, teaching us, ignoring us?


Whatever is going on, people are crying out for help--they are praying, and they are also turning to their government for “recovery” (as in the Recovery Act), “bailout” (as in taxpayer bailout), “relief” (as in the Troubled Asset Relief Program). The CIO is operating in an environment in which risk management is increasingly something that the average citizen expects from their leaders (and IT is not immune):

--“Citizens are increasingly calling on government to prevent bad things from happening and to ride in to help when they do.” (Donald Kettl).

--“American want life to be less risky…[and so] without realizing it, federal officials are risk managers at their core.”

--“The public, not only demands that the government manage the consequences of risk, but that it deals with problems before they turn into catastrophes. Merely reacting to risk is eroding the people’s trust in government.”


While risk management is clearly a critical need, it is also more difficult than ever, for the following reasons:

--Pace and impact—“the problem now is the rapid pace of the challenges—that whatever it is that happens punishes and punishes instantly.”

--Scope—“’we obviously don’t want to get to a state where the government is running everything.’ But with no clear definition of the limit, the number of public risks the government should manage appears endless.”

In my opinion, cost is a huge factor as well. Just the financial crisis so far has cost us trillions of dollars and added to our debt probably for generations to come, and at a time when we are already on the brink with unfunded social security and Medicare liabilities for the baby boomers that are quickly nearing retirement and is feared will overwhelm the system. How much more financial burden can the system take before there are dire consequences?


There are no easy answers to these trying times or to how we manage the incredible risk that we seem to face virtually every day. However, there are three common approaches to risk management set forth by Moss:

--Reduce it (or eliminate it, if possible)

--Spread it

--Shift it

We often reduce risk, by having a backup plan (such as in IT having backup and recovery), and we mitigate risk by spreading or shifting it (such as through insurance policies or government social programs, and so forth).

6 Tools for CIOs

These lessons in risk management are critical to professionals in information technology, a field that is always in rapid transition with changing products, skill sets, and practices and where the scope of IT impacts almost everything we do (from online finance, health IT, e-commerce, robotics, and more). And where the price of keeping up with Jones in technology is does not come cheap to any organization these days.

In IT, where more than half of projects are over budget or behind schedule and many end up cancelled all together, we need to manage project risk. Here is a suggested toolkit for CIOs to do so:

--First, we need an architecture plan to ensure that we are aligning to business requirements and complying with technical requirements. This helps reduce the risk that we are doing IT the “wrong” way.

--Second we need to have sound IT governance to manage the selection of our investments, the control of cost, schedule, and performance, and the evaluation for lessons for the future. This helps reduce and spread the risk that we are doing the “wrong” IT investments.

--Third, we need solid project management to guide projects from initiation through close out in a defined, repeatable, and measureable way. This helps reduce the risk that we doing projects the “wrong” way.

--Fourth, we need robust IT security that protects our data from manipulation, interception, interjection, or other malice. This helps reduce and spread the risk of our IT working “wrong”.

--Fifth, we need adept customer relationship management so that we are fully engaged with our customers in building solutions that meet their needs and solves their business problems. This helps spread and shift the risk that we are managing our IT customers the “wrong” way.

--And sixth, and not least, we need to focus on our human capital to ensure they have the leadership, motivation, tools, and training to perform at their peak. This helps reduce and spread the risk of human error.

Together, these six CIO tools are the keys to the kingdom when it comes to managing IT risk and we can never take risk management for granted.


March 1, 2009

Cybots to the Rescue

In the Star Trek series Voyager, the (cyb)Borg wants to assimilate everyone (literally every species and they are given numbers to keep track of them) throughout the galaxies into their collective. They are an existential threat to humankind. And it makes for some great science fiction entertainment.

In real life though, the cybots are coming not to harm, but to help people.

Government Computer News, 23 February 2009, reports that Oak Ridge National Lab is working on developing cybots (software robots) to defend us in cyberspace.

Cybots are “intelligent enough to cooperate with one another to monitor and defend the largest networks.”

What makes cybots more effective than the software and hardware security we have today?

“Instead of independent devices doing a single task and reporting to a central console, the cybots would collaborate to accomplish their missions.”

The end state is a virtual cybot army deployed so those seeking to do us harm in cyber-warfare will themselves be the ones for whom “resistance is futile”.

Could cybots end up like the the Cylones in Battlestar Galactica or the machines in Terminator that turn on humans?

The Cybots have a programmed mission such as “network monitoring and discovery, intrusion detection, and data management.” So the hope is that they stay true to those things.

However, to me it seems completely plausible that just as cybots can be developed for defensive capabilities, they can also be programmed for offensive cyber warfare. And if they can be used offensively, then we can end up on the wrong side of the cybots someday.

Where does this leave us?

It seems like cyberspace is about to get a whole lot more complicated and dangerous—with not only human cyber-criminals and –warriors, but also cyber robots that can potentially wreak Internet havoc.

In terms of planning for future IT security, we need to stay technologically on the cutting edge so that we stay ahead of our adversaries as well as in constant control of the new defensive and offensive cyber-weapons that we are developing.