As CIO of Prescient Solutions, Jerry Irvine has a birds-eye view of how business pressures, a lack of IT standards, and a tendency to leave IT out of the loop on important technology decisions will put enterprises at risk.
Prescient Solutions manages IT operations for midsized companies, primarily in manufacturing, as well as for government municipalities, public safety agencies, and financial services firms. The company currently has 85 technicians in place at client sites around the US.
Irvine fulfills a dual role as CIO, managing Prescient Solutions' in-house IT operations as well as overseeing the company's IT services for clients. "I fulfill the role of our in-house CIO, maintain our systems, develop strategic plans, work with our CFO to do our budgets, and I do all those same functions for our clients," Irvine tells Enterprise Efficiency. And you thought your job was tough?
Irvine says CIOs face three major challenges in today's business environment:
- Drive-by business to get its needs fulfilled often forces IT to "just get it done" when it comes to new projects or implementations, rather than having the time to "do it right."
- Lack of standards within a company, resulting in multiple types of PCs, servers, and applications strewn across the environment, causing management, support, and security problems.
- Leaving IT out of the loop, with line-of-business executives commissioning app development in the cloud or making decisions about SaaS products, for example, without consulting IT.
Cloud computing companies have allowed this, and told people 'you can go into the cloud and develop an app without even involving your IT department.' Really? You think that's a good idea? That the IT dept that's protecting your operations and security and infrastructure should be left out of the loop?
Building a cohesive, standards-based IT environment is the way out of the morass, says Irvine. "You have to look at the entire company as a whole, examine what the business processes are, and make technology decisions based on that," he advises. If not, you end up as some of Prescient Solutions' clients do:
We've got companies that have multiple ERP or CRM solutions in place because one department didn't like the screen or interface and got their own. Now you have different standards, different levels of support and management going on, and it increases your security risk. Making a change to any of them at any point in time puts you at risk.
The variety of Prescient Solutions' clients means that its IT strategies have to accommodate every regulatory and compliance standard, including Sarbanes-Oxley and HIPAA. As a result, Irvine says Prescient applies those standards to its in-house operations and to clients across the board, even for a manufacturing environment that may not have as many regulatory concerns. "Just because manufacturers don't have to comply with HIPAA doesn't mean they shouldn't have the level of standards required by HIPAA," says Irvine.
This approach becomes even more relevant when you add in the unstoppable bring-your-own-device (BYOD) trend:
BYOD is too far gone for mobility to be brought back into IT control. Management of these devices has been a challenge for IT. There's been no single platform, and no single standard, that has helped us manage all of this. There are disparate apps to help manage the hardware and others to manage the data. Only now are mobile device management and mobile data management [starting to] come together.
Mobile access to business applications -- including the Microsoft Office suite -- without requiring a third-party solution is considered by Irvine to be a major next step for enterprise mobility.
Even Web-based apps and in-house apps are being designed in a traditional format, where you have a phone app [tacked on] where you can connect and all the data exists on your phone. If you read all the studies, people like the app-based solutions, as opposed to going into browser-based solutions on the phones. But [app-based solutions] are significantly less secure. Anytime the data gets pushed down to the phone that data can be compromised.
As a result, Irvine says, enterprises are starting to develop Web-based apps in which data exists at server level and at application level, and the only thing that gets passed to mobile devices is a Webpage. "That's got to be the future," he says, along with the integration of data loss prevention applications not just for mobile devices but for data in general.
Mobile entry into enterprise is making companies more aware that their data is at risk. As a result, they're paying more attention to security and assessing this across the infrastructure. More and more companies are implementing infrastructure-based security such as NAC [Network Access Control] and other types of access control that can be tightened down. Apps being server-based gives IT much more control.
Irvine has advice for CIOs and other IT leaders as they look to manage the BYOD environment:
- In evaluating mobile device management and mobile data management tools, look for options that have data loss prevention and digital rights management built in.
- Configure management standards on all mobile devices and applications.
- When developing in-house applications, make sure security and access control features are baked in from the infrastructure base all the way up to the application layer. Test early and often.
- Implement vulnerability and assessment tools to make sure your systems are always updated and configured appropriately.
The most important thing for the CIO, says Irvine, is to step out ahead of the mobility curve and establish yourself as a point person who is a trusted source for users. Irvine says:
The most important thing is knowing the industry, knowing the new mobile technology that's coming out, educating your executive team, and knowing your employees. It's up to you to be the first on block to educate them. If a new set of apps is going to be developed, get input from your end users and let them be a part of it as you're doing it. You've got to be the first one, do the research, find out what you need, and go from there.
Is this consistent with your company's approach to BYOD? If you're on the business side, do you agree with Irvine's assessments about the challenges facing IT? If you're in IT, are you facing these same challenges and how are you dealing with them? Comment below.