Monday, November 25, 2013

If CIOs became Tech company CEOs

Before the turn of the millennium there was a trend with many conglomerate and large corporates wanting to hive off their IT departments to become independent companies. Some of the companies scaled up well and grew to become fairly sizable and tech services or product providers in their own right. Few retained their niche and did well for a while; in most cases the Head of IT or CIO equivalent became the CEO of the start-up. Then the CIO moved on and the reins were taken over by typical IT sales persons from the outside.

The past decade saw the economy on a roller-coaster ride triggered by black swan events; technology hype drove irrational behavior; acquisitions saw the small and mid-size companies being gobbled up. Quite a few leaders of the past too struggled to survive and sought white knights; in M&A most of them lost their identity, some went off into oblivion. The CIO typically the customer was challenged to keep balancing contracts and budget escalations triggered by the larger company wanting to improve bottom line.

With competition heating up and start-up companies innovating to gain market share, the companies of yore created Customer Advisory Boards (CAB) to seek input from CIOs towards the product road-map. They used these forums to stay connected to their customers which did not necessarily always impact their ability to squeeze every cent they legally could from the same customers; product engineering and development was far detached from commercial and sales divisions.

Through challenging times, quite a few tech companies saw CEOs being fired, sales structures redrawn, and alignments change from products to industry to logical groups to key account management, and many more. Consulting companies reformulated strategies to sustain market share and retain customers; beyond tactical results this did not deliver to promise. All through the process, customer frustration continued its organic growth faster than the growth realized by the tech company.

So companies hired domain experts across industries and sometimes also across roles within a function; for example a Warehouse Management Solution company hired warehousing experts who would be the users of the solution. Similarly across Retail, Pharmaceuticals, Banking, Finance and Insurance, or for that matter depending on the industry focus, it was deemed important to have subject matter experts to connect with the CIO and other CXOs to facilitate the sales and adoption cycles.

I often wondered as to why CIOs rarely joined technology companies ? There have been rare instances where a CIO transitioned and started selling products or services. These individuals were CIOs representing their past industries or a specific solution set; I remember one instance where the only thing such a CIO wanted to talk about is how her company had implemented a specific technology and she had lead the team towards creating the success story. She was not very successful in her pitch but told her story wherever she went.

Why is it that companies never think of taking on a powerful or marque CIO as their CEO ? Wouldn't it be better to have someone who uses their solution or service and knows how to take advantage of the technology also drive the company ? Aren't CIOs adept at selling technology internally to their users, management and the Board ? They also have their eyes and ears to the ground and connect to strong social groups within the industry where some influence opinions and drive adoption.

Discussing this trend with a few friends I realized that most CIOs love their position of power over the vendors; they do not see themselves in the same position where they normally end up putting their tech partners. The game has gone on too long now with boundaries being defined and roles cast. Their cynicism coupled with reputation of some vendors does not make this an attractive value proposition for CIOs who would rather join consulting companies or take up academic roles; join a tech vendor ? No way !

I personally believe that IT companies would immensely benefit from such a move; who knows the pains, opportunities and challenges of CIOs better than CIOs themselves. Sales cycles nowadays follow a predictable pattern of technology analysis and negotiation linked to period end. I think that while the broad design may not change, there would definitely be higher traction based on mutual empathy. Maybe this is the trend for the future; taking CIOs as independent directors on the Board could be a starting point.

Monday, November 18, 2013

For the CIO, IT is (not) enough ?

CIOs shed your technology garbs and start donning business clothing; variations of this message have been bombarding the CIO for some time now. It was a clarion call for some who started working upon it, some nodded their heads and said we have already been on this path, the balance found that they were unable to make the transition either due to their own limitations or their company not willing to accept the new avatar that the CIO wanted to transform self into. A decade later the crescendo has only increased.

What next after you have been a successful CIO ? Move laterally into a business role, take on additional responsibilities, don’t you aspire to be a CEO ? Is IT not a business role asked a few ? The CIOs up/cross-skilled themselves into understanding business as well or better than the business; this was the new peak to climb. So once again some raised the bar and took on new roles, added new functions, managed P&L for parts of the business, and few took plunge into entrepreneurship; a smattering made it to the corner office too.

SMACS or variations of this theme create the next scare; the Chief Digital Officer threatens to take away a chunk of the CIOs span of control. Social is willy-nilly intertwined into the enterprise fabric now and there are more mobile internet users in many markets. Big Data and Analytics threaten to disrupt existing business paradigms while Cloud has thrust BYOD and consumerization into another orbit. With all this comes the scare of individual privacy, leave aside the corporate security policy which has been struggling to keep pace.

CIOs should know legalese as well as number crunching in equal measure. After all they sign many contracts with service providers and vendors; they also manage and run the IT budget which is significant. Charge backs to business are being discussed actively which raises many challenges on the financial models. CIOs also need HR skills to hire and retain good talent within their teams. So the CIO is now a CLO, CFO and CHRO all rolled into one just to run the IT organization effectively. Not that other CXOs have it easy, but for the CIO these are more discussed than others.

While the CIO battles all of this, somewhere the CMO is expected to sidestep the CIO while sourcing services and solutions on the Cloud; the hypothesis, the CIO is too busy doing something else (what?) and is ignoring the CMO ! So the question that keeps raising its head is whether IT as a domain is not good enough for the CIO to succeed ? Is cross-functional knowledge essential to maintain the position or nice to have skills ? And if the CIO is indeed expected to be a Jack of all trades and Master of some, how does s/he keep hitting a moving target ?

Ask any consultant or for that matter any Tom, Dick and Harry about the future of the CIO; they will for sure have a view on why the CIO is going to die sooner than later. Everything as a service, outsourcing and savvier employees will challenge the role of the CIO as it exists today. CIOs have presumably resisted mobility, BYOD, and every new technology that actually made their lives easier. Are CIOs really so dumb and resistant to change ? And if they indeed are, why is it that when asked, no one can give names of a few specimens ?

A long time back someone had asked me the question: now that you have been a CIO across multiple companies and industries successfully creating transformation, what next ? At that time my answer was “What’s wrong with being a good and successful CIO ?” People don’t want to accept the fact that being a CIO can also be a fulfilling and satisfying career; you don’t get there so easily anyway and stay in that position. There will always be few who will continue their quest towards new shores, and there are ones who just enjoy the journey.

Monday, November 11, 2013

We have been hacked !

Not too long ago I had this interesting encounter with a CIO in a highly agitated state talking to someone on the phone while pacing the corridor of a hotel. He looked up to acknowledge my presence and continued the tirade, his face changing shades of red I never thought possible. I waited for him to complete his conversation (more of a monologue) and then asked him the reason for his state of mind. He stated that the information security of his company had been compromised and he was still discovering the extent of damage.

Information security has always been one of those investments that are like an insurance policy every organization takes to protect them. The number of threats has been going up since the internet became intertwined into the enterprise fabric; with the complexity increasing and external attacks rising in sophistication, solutions have evolved attempting to stay abreast of the game. Security budgets have been rising steadily and so have been instances of successful breaches to companies big and small.

In the older days of IT deployments, basic anti-virus was deemed adequate; today they encompass almost every device and mode of communication used by enterprises, partners, vendors, and the corporate road warrior. Even manufacturing process controls and industrial equipment were targets of some attacks which left many companies and governments struggling. Every day we hear of new data compromises, phone taps, social media sharing agreements leaving individuals and their shares exposed to the world.

Using surveys and incidents everyone talks about a majority of the threats being internal attributable to recalcitrant employees or contractors; many have also been victims of social engineering that coerced sensitive information from gullible staff. Thus building moats around the castle largely served as preventive measures for the external snooper. Despite this the industry feasting on the FUD (Fear, Uncertainty, Doubt) factor, has continued to corner the hapless CISO and CIO to make significant investments though not without reason as highlighted by many attacks and data leaks.

Based on identified security measures and advice from vendors and partners and in conjunction with his business leaders, my CIO friend had put in all the available technology at his disposal; audits and other exercises had declared his enterprise to be secure. He had also followed all the good practices and undertaken the path towards popular security certification. Despite all this his fortress had been breached and he was now at the receiving end to justify why all the heavy artillery could not secure the company.

The extent of damage was not too high with a few noncritical servers being breached, but they raised an alarm internally. The CIO in damage control mode had to address the issues it raised. A systemic exercise and root cause investigation revealed that these servers were adequately protected with all the controls that the security team had put in place. The breach was discovered to a compromised password which had been gained using social means. The hapless user who knew no different had shared his credentials.

All the policies, processes and technology were no match for the human frailness which exposed the company. My friend controlled the damage as much as he could and was wondering how to prevent recurrence of such an attack in the future. His training courses and promotional material to all the employees talked about refraining from such behavior; the hackers obviously wielded higher convincing powers. As frustration poured out on sympathetic shoulders, I could only offer him words.

When information security gets compromised, what should companies do ? Whether it happens due to ignorance inside or brute force from the outside, any breach can impact company credibility, image, and customers. The resultant impact is dependent on the industry, size and position in the market. I believe that CIOs and CISOs should build in steps on internal and external communication which should be executed without fail. Damage control is as important as the technology solution; after all, the weakest link in the chain is human.

Monday, November 04, 2013

Chief Introvert Officer

One of the common perceptions about CIOs is that they are introverts, they like to keep their mouth shut and rarely speak up in meetings or conferences or for that matter anywhere at all. Socially they are people unfriendly and communicate only with their kith and kin and that too in tongues that are not listed in the languages of the world. The geeky and nerdy persona of the IT populace has been slow to dissolve largely fueled by consumerization of what was earlier the stronghold of the chosen tech few.

Technology and various things attached with IT are no longer mystic and find print space in the digital world and mainstream business and social publications. Across age groups and social strata the adoption of smart devices (phones, tablets and everything in between) led to discussion on apps moving away from enterprise to marketplace/store, now cost a Dollar or more shedding many zeros to insignificance. Complexity associated with writing apps was dispelled by teenagers putting big enterprise software to shame.

Written to death the “alignment” with different parts of the company, CIO and IT shed the comforting fa├žade to embrace the language of business. They rose to the occasion and reversed the belief that they could not take on lateral roles or get a seat on the table. In fact many today know technology as much as their business brethren even when they still lead the technology function. They also know where to source the skill or answer to the next challenging and disruptive hype as and when it raises its head.

CIOs share stage with other CXOs and leaders with equal ease discussing and debating macro-economic trends, customer centricity, or strategic directions. They are not waiting in the wings to be called to action; they are seizing the initiative to find revenue improvement, cost and process efficiencies or for that matter how to retain market share. M&A is no longer complete without their involvement, nor is divestment; CIOs have taken on HR, Supply Chain, and Finance along with their existing portfolio with ease.

Why is it that this perception has not changed despite the fact that new age CIOs are different from their ancestors by a huge margin ? What contributes to continued opinion of the CIO’s personality ? Are CIOs really introverts who love technology to no end ? Is evolution restricted to a few CIOs who have transitioned or has it gained critical mass with the majority now walking on the right side ? Or is it that the title has now been conferred on the undeserved IT Manager by virtue of his/her being the senior most IT professional in the company ?

I surveyed my network of CIOs and asked a few friends to do the same to qualify the numbers from all they knew to carry a title of CIO or equivalent. They were asked to rate and create two buckets; CIOs and IT Heads yet to portray characteristics now associated with CIOs. While the result may have been subjective, it helped in classification that started making some sense. We discussed and debated and unanimously agreed on some; the list had a 30:70 split with the smaller segment being CIOs.

The reasons were varied and we believed that we did a fair assessment; anyone with less than 10 year experience or company revenue below a mark was not tagged; the balance was the total set. We then looked at the 30% and observed that 80% of the set were quite vocal and articulate; they were well placed and rarely found themselves tongue-tied. They had truly overcome the perception and their reputations preceded them; whenever they were invited to any gathering like magnets they attracted others to themselves.

I have rarely found the confident and articulate to be introverts or the other way round; semantically that is the definition of extrovert and that ability and confidence comes from success. Articulation is another matter with some reveling in smaller groups and some at ease in all settings. The question really is “Is being introverted a bad thing ?” I don’t think so; it is a behavioral trait which sometimes chooses you. I believe that for a leader what matters is the right attitude and the ability to get results !