Monday, February 26, 2007

Security and the CIO

Last week I attended a CIO conference that focused on IT Security. The debate that ensued was whether IT security is strategic or tactical within an organization. This was discussed by an eminent panel comprising of CIOs, Chief of IT security and a consultant.

From the word "go" it was kind of obvious that no one is willing to accept that within their enterprise IT security is tactical. Many instances were cited to drive home the point that it is indeed strategic. When I asked around the audience, it was evident that the desire is to get security to a strategic level but the reality is that in most organizations the level of focus is purely tactical.

The proponent of the strategic intent even went on to give a story about how his business leader consulted him on security; little realizing that the example made it quite evident that there was no alignment between the business leader who was primarily ticking off his checklist on clearances sought after the system was ready to deploy.

A few CIOs were prudent in stating that there is a balance between the strategic intent and the tactical implementation. Without the technology and process underlying the operation, the people will rarely see the value of what it really means.

I happened to talk about IT security in another seminar a couple of weeks back which desired to highlight the practical aspects of IT security and how does one manage it. The discussion was not about whether a tactical view should be taken or strategic with discussion and debate on the pros and cons of deployment, but how does one succeed in deploying controls and technology with the help of people to be effective.

The question still remains in my mind whether in the first place we should elevate the question "IT security is strategic or tactical". To me IT security is a must without which IT will probably collapse with significant business impact. Even the best laid plans do fail (the story of TJX is still not cold) and not for want of trying but someone trying harder to break in.

I welcome your thoughts.

Wednesday, February 21, 2007

Gartner CIO Summit

Today was the last day of the Gartner CIO India summit at Mumbai. The difference which i found from the earlier CIO gathering events is worth noting from Vendors Perspective.

1. It was a paid event for CIO 1000USD. It gives a focus serious audience.
2. It has multiple round table tracks hence focused sliced audience was available to the vendor
3. Gartner had selected limited vendors for sponsorship.

In fact we were shocked when they refused us the sponsorship mentioning that they were sold out. The event content was research based and had one on one sessions.

Nothing in this world comes free. If CIO time is valuable and in shortest time they would like to grasp maximum technology and business value then only option is to pay to Gartner type events.

On business intelligence front the domain where in we are working is now becoming the top priority for CIO across the board. We had an overwhelming response from all vertical across the industry due to our participation at CIOL C-Change 07 and IE Technology Senate. It means that CIO present at that events were benefited by attending the event as they got exposed to a new value proposition in BI space.

Tuesday, February 20, 2007

CEO Expectations

Recently one of the large IT vendors with a blue logo published a report on what CEOs expect from the CIO and how they percieve the role of the CIO. This report spawned many a critique and proponents of what the survey of the CEOs said.

Key finding specific to this part of the world was that the CIO needs to evolve an understanding and appreciation of the business and how IT can work lock-step with the business to deliver value. According to the report, the CIO still has a long way to go in realizing this goal.

Contrary to the report however a panel discussion sponsored by the same vendor with some CEOs revealed that their respective CIOs are doing a wonderful job of taking on roles which do add value to the business. That makes me wonder the specifics of the report.

My assessment is that the challenge as revealed by the report is more visible in the larger multinational organizations driven by the organization culture and historical evidence arising out of the HQ which translates into restrictions on what the local CIO can do. The local organizations by virtue of no such legacy provide a better platform for innovation and growth to the CIO.

Thus, as we see the adaptation of technology within the local enterprise though it started late has delivered better value and alignment to the business.

What has been your experience based on the companies you work for ?

Wednesday, February 14, 2007

Vendor pitches at CIO events

Last week I participated in a CIO event which had approximately 100 odd CIOs/IT Heads together discussing and debating the "Customer". It was indeed refreshing to see the majority of the participants engaged in a discussion on how they can impact customer behaviour.

Like any such event, even this one had its set of sponsors, typically IT vendors big and small who expect their pound of flesh. Not that CIOs grudge them their 15 minutes of time, but they also expect something useful to emerge from the presentations. A few expectations that I could gather talking to the CIOs were:

1. Tell us about new stuff that is coming from your research labs which may impact my IT shop and can create value for the Company
2. Share success stories and failures which help us in our journey
3. Engage in a discussion or debate of real life problems faced by an enterprise before making a sales pitch
4. One-on-one sessions are more effective in selling to prospective interested customers than technical presentations

It was quite obvious that while the CIOs have evolved to the next level, the vendors still target them like they are IT Managers. This puts off a large percentage of the population and most sit through such sessions more out of politeness to the organizers than interest.

If this were not to change, I believe that CIOs will reduce their participation in events and such a step would be a loss to the industry as a whole !

What do you think the vendors' focus should be when facing a conglomeration of CIOs ?

Monday, February 12, 2007

I am back

Been some time since I posted on this blog. Back again with a bang !

Keep watching, the movement towards active CIO blogging appears to be gaining momemtum. Hope it will sustain.

A CIO event last week had lots of folks wondering about blogs. More on that during the week.