Most readers of this publication will be familiar with “SMAC” – Social, Mobile, Analytics, and Cloud; considered the current areas of focus in technology. My spelling above is not incorrect. Instead, it adds another critical and well-discussed area - Cyber-Security. No discussion about trends in technology is complete without it. So as I take the holiday break to reflect on what went well (and what went less well) in 2015, and think about what will be important in 2016, SMACC is about as good a summary as there is. So while we are often focused on the latest hardware, new applications, or bumping up the SLAs in a latest contract renewal; I want to add some focus 2016 on the human side of SMACC.
“Our role as CIO requires that we understand and speak the language of the business, as opposed to technology, especially in our interactions with the C-Suite”
Social – Whether we like it or not, the ability to journalize our lives and share it is something that virtually all of us have taken to in some extent. From the grandparent staring into an old CRT monitor, logging into a Facebook account to look at pics of their grandkids; to the teens (or younger), with Instagram, Snapchat, or Periscope, to the rest of us in the middle using Twitter, LinkedIn, Pinterest (and perhaps Tinder), we have the ability to reach a large and targeted audience. Have we educated our users as to proper use of social media in the workplace? And as IT leaders, the time has long gone where we can ignore this trend. It can take only a few negative comments on glassdoor/Yelp/Trip Advisor/apartments.com, etc. from our employees or customers to have a negative effect on our business. We need to have a plan and resources at the ready to address these issues and protect our companies’ reputation.
Mobile – Our mobile devices have literally become a necessary appendage, and much of the growth in social media can be attributed to the ability to access and use these applications on our smartphones (How many of us remember when the Blackberry was the only approved device for accessing company resources). Now our various forms of correspondence, contacts, music/video, and health data, are all accessible on these devices. So are we showing our users how to best protect this necessary appendage? Have we taken the necessary steps to show them how to eliminate unauthorized access to the device, ensure that company data is secure, and even do them the favor to let them know how important it is to back up the device? I’m sure we’ve all experienced the user who comes to us having lost years’ worth of photos or text messages. Or lost the device itself with no backup. Even in a BYOD environment, don’t we owe it to our users to at least meet them part way when it comes to educating them about their own technology.
Analytics- The heavy lifting is pretty much over. Realizing that Microsoft Excel should not be the primary analytical tool to run our businesses, we’ve acknowledged and continue to address the business value of getting our data into the variety of systems that we run. Now that the data is there, we have also been able to address the integration issue – the ability to normalize and integrate the data. A big challenge continues however – the human challenge – in how to present this data in order to have maximum impact and usefulness for the user population. Gaining understanding of business drivers, process issues and the like allows us to better view technology from the eyes of the user. Our role as CIO requires that we understand and speak the language of the business, as opposed to technology, especially in our interactions with the C-Suite. Fellow industry associate and Managing Director at CBRE, Stuart Appley calls this the “CIO Golden Rule”.
Cloud – Many of us have IT headcounts that we can count on both hands. And even if we don’t, with the demands of a 24/7/365 operation, keeping the technology lights on can be a challenge. Getting a call on a Saturday morning that your CEO was not receiving email, and having to execute PowerShell commands is not the best use of a CIO’s time. There are now so many avenues to bring the cloud into your environment, and these companies can generally do a better job than we can. Not having to babysit your own infrastructure, and the almost immediate scalability yields immediate benefits. Whether moving Exchange to Microsoft or another 3rd party provider, moving your Sharepoint site to Amazon Web Services, Rackspace, or taking advantage of the multitude of SaaS solutions (including moving a current on-prem product to SaaS); you’ll likely realize immediate benefits, and if nothing else, perhaps sleep a bit better.And frankly it is probably better to yell at a vendor than your own employees.
Cyber-Security- It seems as at least weekly we are hearing of another major company having sensitive data let out into the wild. And of course there are countless others that we haven’t heard about. While there are many good products and protocols to protect us, often forgotten is the human side of the Cyber-Security equation. Security best practices around passwords and utilizing the most sophisticated software and hardware becomes useless when the passwords are written on a sticky note and stuck on a monitor for easy access. Are our users educated enough not to take the bait from a phishing attempt? Are they properly trained, and do our acceptable use policies prohibit the sharing of passwords?The good news is that there are cost effective training solutions that are readily available.These products integrate with many learning management solutions and even have functionality to test users with simulated phishing attempts.
One last thought as I look into 2016, I’m reminded of a day last July, a day when United Airlines and The New York Stock Exchange both reported network outages. When I went to look for more information, the Wall Street Journal's homepage was also down. And all I could think of was that "IT HAPPENS..."On that day last July, IT happened three times, first to United Airlines, then to the New York Stock Exchange, and finally to the Wall Street Journal.
IT in this case refers to the failure of one or more technology resources, be it applications, infrastructure or connectivity. Those of us responsible for overseeing our companies' technology resources spend a significant amount of time and dollars trying to keep IT from happening. Earlier in my career, when IT would happen, my pulse would rise a bit, and those first few minutes were spent frantically trying to determine what IT was, and how to address IT, often with a senior executive in my doorway-arms crossed, toe tapping.
I've come to realize that despite all of our best efforts, best practices, and best choices, ultimately IT will happen sometime, somewhere. In most industries, the consequences are generally not much more than lost productivity. Not to minimize that fact, but thankfully, no one usually gets hurt.
IT happens to Apple, to Netflix, to Facebook and every other company at one time or another, despite their best efforts and significant resources expended to keep IT from happening. In addition,IT happens to us. And on that day last July, IT happened to United Airlines, The New York Stock Exchange and The Wall Street Journal.