- Security TWENTY
- Women in Security
Is there any hope for the CIO species? asks Calum MacLeod, VP of EMEA at Lieberman Software Corporation, considering the death of the CIO.
It’s a few years from now and the last known member of the species finally succumbs to “The Cloud”. The breed appeared from nowhere about 20 years earlier, around the time of another cataclysmic global event that became affectionately known as Y2K. From nowhere this breed became dominant, not only in their own environment, but very quickly adapted to be able to feel comfortable mixing with other species, especially those higher up the food chain. And for a while it looked like they would thrive in the corporate boardroom, but very soon their ravenous appetite for food, and the inability to contribute any lasting value, meant that they began to be regarded with suspicion by those around them.
Then a number of years ago, a predator arrived on the scene which they simply could not cope with. They sought sanctuary in the land of Outsourcing, hoping against hope that this would be their salvation from the daily inquisition of the board, and that the Outsourcers would protect them and help them demonstrate value, but this to soon became a forlorn hope. To try and stave of the threats, they used their powerbase, to block any and every attempt by lesser mortals to improve the way the business worked. After all who else but the CIO knew anything about IT.? And along with the henchmen, CSO, CTO, and Audit, every possible obstacle was set up to ensure that all power stayed within the IT department. The statement by Joseph Eger about administrative problems at Lincoln Center back in the mid-70s became an apt description of the situation in most IT departments; “Administrators are running around straightening out deck chairs while the Titanic goes down.” So finally they fell victim to “The Cloud”, and apart from the rare anomaly found in public sector organizations, the CIO had ceased to exist.
Fact or fiction
Nicholas Carr in the excellent read, “The Big Switch Rewiring the World, from Edison to Google” makes the following statement. “Today, we’re the midst of another epochal transformation, and it’s following a similar course. What happened to the generation of power a century ago is now happening to the processing of information. Private computer systems, built and operated by individual companies, are being supplanted by services provided over a common grid—the Internet—by centralized data-processing plants. Computing is turning into a utility, and once again the economic equations that determine the way we work and live are being rewritten.”
I believe it is fair to say that IT has failed to live up to the hype, and particularly Corporate IT departments, and Outsourcers “…in the end, outsourcing was not really a new business model or approach – just a shift in how internal IT was delivered and paid for.” Charles Araujo – The Quantum Age of IT.
Regardless of where you get your analytical data, the conclusions are horrendous. Capital expenditure on IT has risen in the past 50 years from less than 3pc of corporate CAPEX, to over half in many organizations. And yet when you look at the Return on Investment, it is extremely difficult to find many organizations where the investment has provided a significant business advantage.
Compounding the problem has been the monotonous repetition of failed projects, budget overruns. A study by the Standish Group came with the unbelievable result that only 9pc of projects succeeded and only 16pc were considered to have been a success; in other words completed on time and on budget. Compare that with a statistic that over 90pc of projects had to be restarted, many of them several times. A similar study by KPMG was slightly more pessimistic. Over three quarters of companies surveyed said that their projects substantially exceeded budget, in many case by over 50%. And what doesn’t help is the pervasive “lemming mentality” within IT. How many failed implementations of a technology are required before enough is enough? CIOs have a lot of interaction with each other, and you would think that a topic of conversation would be “what to avoid”. Or maybe not..
Certainly much of this can be put down to failures resulting from companies trying to gain a competitive advantage by trying to adopt new technologies. One only has to follow the insanity of BYOD and mobile since the arrival of the tablet.
How many Executives received a Christmas present called iPAD, only to show up at work the very next day demanding to have their corporate email on the device? And why not, this was a seemingly reasonable expectation given that you could do everything else with the device. This was followed by the knee-jerk reaction from IT to try and discover a method of doing this securely, and low and behold, the next thing is an avalanche of projects to do with Mobile Device Management. And today many of these projects have floundered, usually because IT have focused on finding Eldorado without really looking at the business objectives. In other words you end up with BYOD in the organization with pretty much every useful feature disabled because of a real or perceived security risk!! You may have right on your side, but it doesn’t carry much weight with the business.
A day doesn’t go by without some new risk being identified in the world of IT, and it only takes a few weeks for technology vendors to claim to have solved the problem. But there have been so many false dawns, whether for BYOD, MDM, AV, APT; whatever the acronym, in many cases these solutions fail to deliver the lavish claims. And of course everything on offer is “Enterprise Ready”, but frequently the solutions offer little more than point solutions that end up costing three to four times as much to implement as the technology costs, and rarely delivering on the promises.
Today every CIO is on the back foot, and looking for help. And those offering a panacea are lined up at the door, whether they be vendors, consultants, analysts, whoever. But in general the focus is on IT and not on the business, and CIOs are being asked to provide business value from IT when all their business competitors have access to the same technology. It’s an impossible ask if they continue to try and protect the IT territory, and continue to follow outdated traditions.
Ultimately it will depend on how the CIO responds. But without a doubt, ignore Cloud at your peril, and where specific solutions are needed that are not available as Software as a Service (SaaS), avoid them. Your customers are not expecting you to reinvent the wheel, they’re looking to you to provide them with the services they need.
So will the CIO survive “Cloud” – Depends if they can evolve.