As CIO of Prescient Solutions, Jerry Irvine has a birds-eye view of how business pressures, a lack of IT standards, and a tendency to leave IT out of the loop on important technology decisions will put enterprises at risk.
Prescient Solutions manages IT operations for midsized companies, primarily in manufacturing, as well as for government municipalities, public safety agencies, and financial services firms. The company currently has 85 technicians in place at client sites around the US.
Irvine fulfills a dual role as CIO, managing Prescient Solutions' in-house IT operations as well as overseeing the company's IT services for clients. "I fulfill the role of our in-house CIO, maintain our systems, develop strategic plans, work with our CFO to do our budgets, and I do all those same functions for our clients," Irvine tells Enterprise Efficiency. And you thought your job was tough?
Irvine says CIOs face three major challenges in today's business environment:
Drive-by business to get its needs fulfilled often forces IT to "just get it done" when it comes to new projects or implementations, rather than having the time to "do it right."
Lack of standards within a company, resulting in multiple types of PCs, servers, and applications strewn across the environment, causing management, support, and security problems.
Leaving IT out of the loop, with line-of-business executives commissioning app development in the cloud or making decisions about SaaS products, for example, without consulting IT.
Cloud computing companies have allowed this, and told people 'you can go into the cloud and develop an app without even involving your IT department.' Really? You think that's a good idea? That the IT dept that's protecting your operations and security and infrastructure should be left out of the loop?
Building a cohesive, standards-based IT environment is the way out of the morass, says Irvine. "You have to look at the entire company as a whole, examine what the business processes are, and make technology decisions based on that," he advises. If not, you end up as some of Prescient Solutions' clients do:
We've got companies that have multiple ERP or CRM solutions in place because one department didn't like the screen or interface and got their own. Now you have different standards, different levels of support and management going on, and it increases your security risk. Making a change to any of them at any point in time puts you at risk.
The variety of Prescient Solutions' clients means that its IT strategies have to accommodate every regulatory and compliance standard, including Sarbanes-Oxley and HIPAA. As a result, Irvine says Prescient applies those standards to its in-house operations and to clients across the board, even for a manufacturing environment that may not have as many regulatory concerns. "Just because manufacturers don't have to comply with HIPAA doesn't mean they shouldn't have the level of standards required by HIPAA," says Irvine.
This approach becomes even more relevant when you add in the unstoppable bring-your-own-device (BYOD) trend:
BYOD is too far gone for mobility to be brought back into IT control. Management of these devices has been a challenge for IT. There's been no single platform, and no single standard, that has helped us manage all of this. There are disparate apps to help manage the hardware and others to manage the data. Only now are mobile device management and mobile data management [starting to] come together.
Mobile access to business applications -- including the Microsoft Office suite -- without requiring a third-party solution is considered by Irvine to be a major next step for enterprise mobility.
Even Web-based apps and in-house apps are being designed in a traditional format, where you have a phone app [tacked on] where you can connect and all the data exists on your phone. If you read all the studies, people like the app-based solutions, as opposed to going into browser-based solutions on the phones. But [app-based solutions] are significantly less secure. Anytime the data gets pushed down to the phone that data can be compromised.
As a result, Irvine says, enterprises are starting to develop Web-based apps in which data exists at server level and at application level, and the only thing that gets passed to mobile devices is a Webpage. "That's got to be the future," he says, along with the integration of data loss prevention applications not just for mobile devices but for data in general.
Mobile entry into enterprise is making companies more aware that their data is at risk. As a result, they're paying more attention to security and assessing this across the infrastructure. More and more companies are implementing infrastructure-based security such as NAC [Network Access Control] and other types of access control that can be tightened down. Apps being server-based gives IT much more control.
Irvine has advice for CIOs and other IT leaders as they look to manage the BYOD environment:
In evaluating mobile device management and mobile data management tools, look for options that have data loss prevention and digital rights management built in.
Configure management standards on all mobile devices and applications.
When developing in-house applications, make sure security and access control features are baked in from the infrastructure base all the way up to the application layer. Test early and often.
Implement vulnerability and assessment tools to make sure your systems are always updated and configured appropriately.
The most important thing for the CIO, says Irvine, is to step out ahead of the mobility curve and establish yourself as a point person who is a trusted source for users. Irvine says:
The most important thing is knowing the industry, knowing the new mobile technology that's coming out, educating your executive team, and knowing your employees. It's up to you to be the first on block to educate them. If a new set of apps is going to be developed, get input from your end users and let them be a part of it as you're doing it. You've got to be the first one, do the research, find out what you need, and go from there.
Is this consistent with your company's approach to BYOD? If you're on the business side, do you agree with Irvine's assessments about the challenges facing IT? If you're in IT, are you facing these same challenges and how are you dealing with them? Comment below.
@DBK: Well said. So how does one go about changing this culture, which does seem so innate to human behavior. Are we hard-wired to fear failure? Is it something that we experience because of some long-distant survival instinct? Failure in a hunt for food, for example, could be a life-or-death situation for you and your family. You might not get a chance to learn from your mistakes. Perhaps like many human behaviors this primal fear affects our behavior to this day, even as our way of life has changed dramatically.
Susan - I agree with you that companies strive for and demand the concept of perfection, whatever that is. And depending on the corporate culture this situation can cause employees to operate from a foundation of fear. And frankly that is a fundamental element of the human condition, the fear of failure. But the greatest failure that we make is the failure to take action. My belief is that business leaders needs to understand that perfection is a destination and the process is what yields perfection. There really is no failure, unless you stop, they are simply incremental steps to success. And we all need the latitude to faultier and learn, then adjust to succeed and our limited ability to be perfect. While Thomas Edison worked toward the development of the light bulb he experimented many times. And his response to the multiple attempts to make it work said; and I paraphrase, "I have not failed, I've just found 10,000 ways that won't work" As my friend Todd J. says "Brut force and ignorance perceivers once again" and that is a quote.
@Syerita: That is where the tension between IT and users enters the picture. It seems that the line between control and freedom of use is constantly shifting, and policies that made sense even two years ago may no longer work in today's enviornment.
@DBK: Apt comparison between HR and IT. I think the key work here is "perfect." Nothing is ever perfect. I don't mean that facetiously, it's just a fact of life. And yet, in business, we seem to strive for some vague sense of perfection that ultimately does more harm than good. It also causes people to be deathly afraid of making mistakes.
IT will always have its challenges but when it comes to adding BYOD to it; it further complicates an already complicated world. I believe that there needs to be parameters and control around how the devices are used. The better the parameters and the control the better a handle you will have to prevent issues from arising and potentially harm the entire computer structure of the company.
Susan - The concept of taking ideas and putting them into actionable items sees so basic. With that said you are correct actions are often over looked and great ideas sit idle. I think that there are times CIO's are looking for the perfect solution. The same can be said about HR when they have an open job requisition that goes unfilled while they look for the "Perfect Candidate". The reality is that in both cases if you have the right combination or candidate and once enpowered to take shape will result in the ideal solution. Left to sit idle there is simply a void with no results. It is better to take action and then adjust than to freeze, "Paralysis by Analysis" is a crippling condition and rarely yields results.
I'm pretty excited about the changes happening in Microsoft, and I can't get to hand my hands on the Surface. Hey, it wouldn't be Oprah's Favorite Thing if it isn't good, right? Just kidding! But anyway the coming of the MS Office Suite right at mobile devices especially smart phones is definitely sweet. In fact, I can also predict that by next year Windows will be the strongest competitor of Android, not Apple. Sorry to the Apple fans.
As for the BYOD, that's such a sad prediction, because it holds a lot of promise for enterprises. Perhaps creating a clearer policy that also stresses accountability can help reduce the risks associated with it and make it more controllable.
Susan - I think you are right in saying that not everyone is equipped to sel. We all have our strengths and weaknesses. But IT will need to identify a responsible party in the team that can package the proposal and deliver it. First you need to know that is whay you need to do then take action. Ideas are wothless with out action.
@DBK: Smart. Worth watching the sales and marketing execs in your own organization and learn from their successes and apply these lessons to our own roles in the organization. Not everyone has the personality needed for sales, but everyone can learn to communicate their value and build their "personal brand".
The blogs and comments posted on EnterpriseEfficiency.com do not reflect the views of TechWeb, EnterpriseEfficiency.com, or its sponsors. EnterpriseEfficiency.com, TechWeb, and its sponsors do not assume responsibility for any comments, claims, or opinions made by authors and bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Enterprise Efficiency is looking for engaged readers to moderate the message boards on this site. Engage in high-IQ conversations with IT industry leaders; earn kudos and perks. Interested? E-mail: email@example.com
Now that TGen has broken new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions, the company discusses what will come next for it and for personalized medicine.
The Translational Genomics Research Institute wanted to save lives, but its efforts were hobbled by immense computing challenges related to collecting, processing, sharing, and storing enormous amounts of data.