OCDQ Blog

Securing your Digital Fortress

September 26, 2011

The Good, the Bad, and the Secure

September 26, 2011/ Jim Harris

This blog post is sponsored by the Enterprise CIO Forum and HP.

A previous post examined the data aspects of enterprise security, which requires addressing both outside-in and inside-out risks.

Most organizations tend to both overemphasize and oversimplify outside-in data security using a perimeter fence model, which, as Doug Newdick commented, “implicitly treats all of your information system assets as equivalent from a security and risk perspective, when that is clearly not true.” Different security levels are necessary for different assets, and therefore a security zone model makes more sense, where you focus more on securing specific data or applications, and less on securing the perimeter.

“I think that these sorts of models will become more prevalent,” Newdick concluded, “as we face the proliferation of different devices and platforms in the enterprise, and the sort of Bring Your Own Device approaches that many organizations are examining. If you don’t own or manage your perimeter, securing the data or application itself becomes more important.”

Although there’s also a growing recognition that inside-out data security needs to be improved, “it’s critical that organizations recognize the internal threat can’t be solved solely via policy and process,” commented Richard Jarvis, who recommended an increase in the internal use of two-factor authentication, as well as the physical separation of storage so highly confidential data is more tightly restricted within a dedicated hardware infrastructure.

As Rafal Los recently blogged, the costs of cyber crime continue to rise. Although the fear of a cloud security breach is the most commonly expressed concern, Judy Redman recently blogged about how cyber crime doesn’t only happen in the cloud. With the growing prevalence of smart phones, tablet PCs, and other mobile devices, data security in our hyper-connected world requires, as John Dodge recently blogged, that organizations also institute best practices for mobile device security.

Cloud, social, and mobile technologies “make business and our life more enriched,” commented Pearl Zhu, “but on the other hand, this open environment makes the business environment more vulnerable from the security perspective.” In other words, this open environment, which some have described as a multi-dimensional attack space, is good for business, but bad for security.

Most organizations already spend a fistful of dollars on enterprise security, but they may need to budget for a few dollars more because the digital age is about the good, the bad, and the secure. In other words, we have to take the good with the bad in the more open business environment enabled by cloud, mobile, and social technologies, which requires a modern data security model that can protect us from the bad without being overprotective to the point of inhibiting the good.

This blog post is sponsored by the Enterprise CIO Forum and HP.

Are Cloud Providers the Bounty Hunters of IT?

Are Cloud Providers the Bounty Hunters of IT?

September 13, 2011

Securing your Digital Fortress

September 13, 2011/ Jim Harris

This blog post is sponsored by the Enterprise CIO Forum and HP.

Although its cyber-security plot oversimplifies some technology aspects of data encryption, the Dan Brown novel Digital Fortress is an enjoyable read. The digital fortress of the novel was a computer program thought capable of creating an unbreakable data encryption algorithm, but it’s later discovered the program is capable of infiltrating and dismantling any data security protocol.

The data aspects of enterprise security are becoming increasingly prevalent topics of discussion within many organizations, which are pondering how secure their digital fortress actually is. In other words, whether or not their data assets are truly secure.

Most organizations focus almost exclusively on preventing external security threats, using a data security model similar to building security, where security guards make sure that only people with valid security badges are allowed to enter the building. However, once you get past the security desk, you have mostly unrestricted access to all areas inside the building.

As Bryan Casey recently blogged, the data security equivalent is referred to as “Tootsie Pop security,” the practice of having a hard, crunchy, security exterior, but with a soft security interior. In other words, once you enter a valid user name and password, or as a hacker you obtain or create one, you have mostly unrestricted access to all databases inside the organization.

Although hacking is a real concern, this external focus could cause companies to turn a blind eye to internal security threats.

“I think the real risk is not the outside threat in,” explained Joseph Spagnoletti, “it’s more the inside threat out.” As more data is available to more people within the organization, and with more ways to disseminate data more quickly, data security risks can be inadvertently created when sharing data outside of the organization, perhaps in the name of customer service or marketing.

A commonly cited additional example of an inside-out threat is cloud security, especially the use of public or community clouds for collaboration and social networking. The cloud complicates data security in the sense that not all of the organization’s data is stored within its physical fortresses of buildings and on-premises computer hardware and software.

However, it must be noted that mobility is likely an even greater inside-out data security threat than cloud computing. Laptops have long been the primary antagonist in the off-premises data security story, but with the growing prevalence of smart phones, tablet PCs, and other mobile devices, the digital fortress is now constantly in motion, a moving target in a hyper-connected world.

So how do organizations institute effective data security protocols in the digital age? Can the digital fortress truly be secured?

“The key to data security, and really all security,” Bryan Casey concluded, “is the ability to affect outcomes. It’s not enough to know what’s happening, or even what’s happening right now. You need to know what’s happening right now and what actions you can take to protect yourself and your organization.”

What actions are you taking to protect yourself and your organization? How are you securing your digital fortress?

This blog post is sponsored by the Enterprise CIO Forum and HP.

August 23, 2011

Are Cloud Providers the Bounty Hunters of IT?

August 23, 2011/ Jim Harris

This blog post is sponsored by the Enterprise CIO Forum and HP.

Julie Hunt recently blogged about how “line-of-business (LOB) groups have been turning to cloud-based services to quickly set up technology solutions that support their business needs and objectives,” which is especially true when “IT teams are already carrying heavy workloads with ever-shrinking staffing levels, and frequently don’t have the resources to immediately respond to time-sensitive LOB needs.”

As I have previously blogged, speed and agility are the most common business drivers for implementing new technology, and the consumer technologies of cloud computing and software-as-a-service (SaaS) enable business users to directly purchase solutions.

When on-premises IT teams cannot solve their time-sensitive business problems, organizations use off-premises cloud providers, which are essentially the Bounty Hunters of IT.

The Bounty Hunters of IT

In The Empire Strikes Back, frustrated by the inability of on-premises IT teams (in this case, IT stood for Imperial Troops) to solve a time-sensitive business problem (in this case, crushing the competitive rebellion), Darth Vader uses the off-premises force.

“There will be a substantial reward for the one who finds the Millennium Falcon,” Vader explains to a group of bounty hunters. “You are free to use any methods necessary, but I want them alive. No disintegrations.” That last point was specifically directed at Boba Fett, the bounty hunter who would later provide a cloud-based solution by tracking the Millennium Falcon to Cloud City.

Cloud providers are the Bounty Hunters of IT, essentially free to use any technology methods necessary to solve time-sensitive business problems. Although, in the short-term, cloud providers can help, in the long-term, if their solutions are not integrated into the IT Delivery strategy of the organization, they can also hurt. One example is creating new data integration challenges.

“No Data Disintegrations”

“It’s clear,” Hunt explained, “that enterprises will continue to increase usage of cloud and SaaS offerings to find new ways to operate more competitively and efficiently.” However, she noted it’s also clear that “the same challenges that enterprises face for on-premises data management obviously apply to data repositories in the cloud.” And one new challenge is “data that cannot be aligned with enterprise datasets will destroy the value and cost savings that enterprises want from cloud services.”

“Moving any business relevant functionality to the cloud,” Christian Verstraete recently blogged, “requires addressing the issue of integrating the cloud-based applications with the enterprise IT systems.” In his blog post, Verstraete examines three options for integrating cloud data and enterprise data: remote access, synchronization, and dynamic migration.

Although there will always be times and places for leveraging the Bounty Hunters of IT, before Boba Fett sells you a solution in Cloud City, make sure you emphasize that there should be “no data disintegrations.”

In other words, your cloud strategy must include a plan to prevent data in the cloud from becoming disintegrated in the sense that it is not integrated with the rest of the organization’s data.

This blog post is sponsored by the Enterprise CIO Forum and HP.

August 09, 2011

The Diderot Effect of New Technology

August 09, 2011/ Jim Harris

This blog post is sponsored by the Enterprise CIO Forum and HP.

In his essay Regrets on Parting with My Old Dressing Gown, the 18th century French philosopher Denis Diderot described what is now referred to as the Diderot Effect.

After Diderot was given the gift of an elegant scarlet robe, he not only parted with his old dressing gown, but he also realized that his new robe clashed with his scruffy old study. Therefore, he started replacing more and more of his study. First, he replaced his old desk, then he replaced the tapestry, and eventually he replaced all of the furniture until the elegance of his study matched the elegance of his new robe.

I have recently fallen prey to what I refer to as the Diderot Effect of New Technology.

Regrets on Parting with My Old Laptop Computer

A few months ago, after finally succumbing to the not-so-subtle pressure from my friend, fellow technology writer, and Mac guy, Phil Simon, I purchased a MacBook Air.

Now, of course, there was absolutely nothing wrong with my three-year-old Dell Latitude laptop computer. It provided a sufficient amount of memory, speed, and storage. Its applications for writing and blogging, web browsing and social networking, as well as audio and video editing were productively supporting my daily business activities. Additionally, all of my peripherals (printer/scanner, flat screen monitor, microphone, speakers) were also getting their jobs done quite nicely, thank you very much.

However, as soon as the elegant, but not scarlet, MacBook Air was introduced into my scruffy old home office, the Diderot Effect began, well, affecting my perception of the technology that I was using on a daily basis.

Initially, I continued to use my Dell for my daily business activities, and dedicated only a small amount of work time to becoming accustomed to using my new MacBook. (I had once been an Apple affectionado, but it had been 10 years since I owned a Mac).

But it didn’t take long before I would have to describe myself as, to paraphrase the 19th century American poet Emily Dickinson, inebriate of MacBook Air am I.

(For the less poetically-minded reader, that’s just a fancy way of saying that I became addicted to using my new MacBook Air.)

So, much like Diderot before me, I have begun replacing more and more of my home office. The only difference being that I am trying to match the elegance (and, yes, of course, also the powerful and easy-to-use functionality) of my new technology.

The Diderot Effect of New Technology

The consumerization of IT has become a significant contributing factor to the increasingly rapid pace at which new technology is introduced into the enterprise. These elegant modern applications seemingly clash with our scruffy old legacy applications, and can evoke a desire to start replacing more and more of the organization’s technology.

However, donning the scarlet robes of new technology can become an expensive endeavor. (The subtitle of Diderot’s essay was “a warning to those who have more taste than fortune.”) Genefa Murphy has blogged that “one of the main reasons for IT debt is the fact that the enterprise is always trying to keep up with the latest and greatest trends, technologies, and changes.”

“In our race to remain competitive,” Murphy concluded, “we have in essence become addicted to the latest and greatest technologies. We need to acknowledge we have a problem before we can take action to rectify it.”

Diderot was able to both acknowledge and take action to rectify his addiction. “Don’t fear that the mad desire to stock up on beautiful things has taken control of me,” he reassures us at the conclusion of his essay.

Hopefully, the mad desire to stock up on new technological things hasn’t taken control of either you or your organization.

This blog post is sponsored by the Enterprise CIO Forum and HP.

July 28, 2011

The IT Consumerization Conundrum

July 28, 2011/ Jim Harris

This blog post is sponsored by the Enterprise CIO Forum and HP.

The consumerization of IT is a disruptive force that many organizations are struggling to come to terms with, especially their IT departments. As R "Ray" Wang recently blogged about this challenge, “technologies available to consumers at low cost, or even for free, are increasingly pushing aside enterprise applications. For IT leaders accustomed to having control over corporate technology, this represents a huge challenge — and it’s one they’re not meeting very well.”

Speed and agility are the most common business drivers for implementing new technology. The consumer technology trifecta of cloud computing, SaaS, and mobility has enabled business users to directly purchase off-premises applications that quickly provide only the features they currently need. Meanwhile, on-premises applications, although feature-rich, become user-poor because of their slower time to implement, and less-than-agile reputation for dealing with change requests and customizations.

However, the organization still relies on some of the functionality, and especially the data, provided by legacy applications, which IT is required to continue to support. IT is also responsible for assisting the organization with any technology challenges encountered when using modern applications. This feature fracture (i.e., the technology supporting business needs being splintered across legacy and modern applications) often leaves IT departments overburdened, and causes them to battle against the disruptive force of business-driven consumer technology.

“IT and business leaders need to work together and operate in parallel,” Wang concludes. “If IT slows down the business capability to innovate, then the company will suffer as new business models emerge and infrastructure will fail to keep up. If business moves ahead of IT in technology, then the company fails because IT will spend years cleaning up technology messes.”

This is the IT Consumerization Conundrum. Although, in the short-term, it usually better services the technology needs of the organization, in the long-term, if it’s not properly managed and integrated into the IT Delivery strategy of the organization, then it can create a complex web of technology that entangles the organization much more than it enables it.

Or to borrow the words of Ralph Loura, it can “cause technology to become a business disabler instead of a business enabler.”

This blog post is sponsored by the Enterprise CIO Forum and HP.

June 07, 2011

The IT Prime Directive of Business First Contact

June 07, 2011/ Jim Harris

This blog post is sponsored by the Enterprise CIO Forum and HP.

Every enterprise requires, as Ralph Loura explains, “end to end business insight to generate competitive advantage, and it’s hard to gain insight if the business is arms length away from the data and the systems and the processes that support business insight.”

Loura explains that one of the historical challenges with technology has been that most IT systems have traditionally taken years to deploy and are supported on timelines and lifecycles that are inconsistent with the dynamic business needs of the organization, which has, in some cases, caused technology to become a business disabler instead of a business enabler.

The change-averse nature of most legacy applications is the antithesis of the agile nature of most modern applications.

“It wasn’t too long ago,” explains John Dodge, “when speed didn’t matter, or was considered an enemy of a carefully laid out IT strategy based largely on lowest cost.” However, speed and agility are now “a competitive imperative. You have to be fast in today’s marketplace and no department feels the heat more than IT, according to the Enterprise CIO Forum Council members.”

“If you think in terms of speed and the dynamic nature of business,” explains Joseph Spagnoletti, “clearly the organization couldn’t operate at that pace or make the necessary changes without IT woven very deeply into the work that the business does.”

Spagnoletti believes that cloud computing, mobility, and analytics are the three technology enablers for the timely delivery of the information that the organization requires to support its constantly evolving business needs.

“Embedding IT into an organization optimizes a business’s competitive edge,” explains Bill Laberis, “because it empowers the people right at the front lines of the enterprise to make better, faster and more informed decisions — right at the point of contact with customers, partners and clients.”

Historically, IT had a technology-first mindset. However, the new IT prime directive must become business first contact, embedding advanced technology right at the point of contact with the organization’s business needs, enabling the enterprise to continue its mission to explore new business opportunities with the agility to boldly go where no competitor has gone before.

This blog post is sponsored by the Enterprise CIO Forum and HP.

May 26, 2011

A Sadie Hawkins Dance of Business Transformation

May 26, 2011/ Jim Harris

This blog post is sponsored by the Enterprise CIO Forum and HP.

In the United States, a Sadie Hawkins Dance is a school-sponsored semi-formal dance, in which, contrary to the usual custom, female students invite male students. In the world of information technology (IT), a Sadie Hawkins Dance is an enterprise-wide initiative, in which, contrary to the usual custom, a strategic business transformation is driven by IT.

Although IT-driven business transformation might seem like an oxymoron, the reality is a centralized IT department is one of the few organizational functions that regularly interacts with the entire enterprise. Therefore, IT is strategically positioned to influence enterprise-wide business transformation—and CIOs might be able to take a business leadership role in those activities.

Wayne Shurts, the CIO of Supervalu, recently discussed how CIOs can make the transition to business leader by “approaching things from a business point of view, as opposed to a technology point of view. IT must become intensely business driven.”

One thing Shurts emphasized is necessary for this shift in the perception of the CIO is that other C-level executives must realize “technology can be transformative for the organization, especially since it is transforming the consumer behavior of customers.”

Business Transformation through IT

David Steiner and Puneet Bhasin, the CEO and CIO of Waste Management, recently recorded a great two-part video interview called Business Transformation through IT, which you can check out using the following links: Part 1, Part 2, Transcript

“From day one,” explained Steiner, “I knew that the one way we could transform our company was through technology.” Steiner then set out to find a CIO that could help him realize this vision of technology being transformative for the organization.

“If you’re going to be a true business partner,” explained Steiner, “which is what every CEO is looking for from their CIO, you have to go understand the business.” Steiner explained that one of the first things that Bhasin did after he was hired as CIO was go out into the field and live the life of a customer service rep, a driver, a dispatcher, and a route manager—so that before Bhasin tried to do anything with technology, he first sought to understand the business so that he could become a true business partner.

“So the best advice I could give to any CIO would be,” concluded Steiner, “be a business partner, not a technologist. Know the technology. You’ve got to know how to apply the technology. But be a business partner.”

“My advice to CEOs,” explained Bhasin, “would be look for a business person first and a technologist second. And make sure that your CIO is a part of the decision-making strategic body within the organization. If you are looking at IT purely as an area to reduce cost, that’s probably the wrong thing. To me the value of IT is certainly in the area of efficiencies and cost reduction. I think it has a huge role to play in that. But I think it has an even greater role to play in product design, and growing customers, and expanding segments, and driving profitability.”

John Dodge recently blogged that business transformation is the CIO’s responsibility and opportunity. Even though CIOs will eventually need their business partners to take the lead once they get out on the dance floor, CIOs may need to initiate things by inviting their business partners to A Sadie Hawkins Dance of Business Transformation.

This blog post is sponsored by the Enterprise CIO Forum and HP.

May 12, 2011

Are Applications the La Brea Tar Pits for Data?

May 12, 2011/ Jim Harris

This blog post is sponsored by the Enterprise CIO Forum and HP.

In a previous post, I explained application modernization must become the information technology (IT) prime directive in order for IT departments to satisfy the speed and agility business requirements of their organizations. An excellent point raised in the comments of that post was that continued access to legacy data is often a business driver for not sunsetting legacy applications.

“I find many legacy applications are kept alive in read-only mode, i.e., purely for occasional query/reporting purposes,” explained Beth Breidenbach. “Stated differently, the end users often just want to be able to look at the legacy data from time to time.”

Gordon Hamilton commented that data is often stuck in the “La Brea Tar Pits of legacy” applications. Even when the data is migrated during the implementation of a new application (its new tar pit, so to speak), the legacy data, as Breidenbach said, is often still accessed via the legacy application, which could be dangerous, as Hamilton noted, because the legacy data is diverging from the version migrated to the new application (i.e., after migration, the legacy data could be updated, or possibly deleted).

The actual La Brea Tar Pits were often covered with water, causing animals that came to drink to fall in and get stuck in the tar, thus preserving their fossils for centuries—much to the delight of future paleontologists and natural history museum enthusiasts.

Although they are often cited as the bane of data management, most data silos are actually application silos because historically data and applications have been so tightly coupled. Data is often covered with an application layer, causing users that enter, access, and use the data to get stuck with the functionality provided by its application, thus preserving their use of the application even after it has become outdated (i.e., legacy)—much to the dismay of IT departments and emerging technology enthusiasts.

When so tightly coupled with data, applications—not just legacy applications—truly can be the La Brea Tar Pits for data, since once data needed to support business activities gets stuck in an application, that application will stick around for a very long time.

If applications and data were not so tightly coupled, we could both modernize our applications and optimize our data usage in order to better satisfy the speed and agility business requirements of our organizations. Therefore, not only should we sunset our legacy applications, we should also approach data management with the mindset of decoupling our data from its applications.

This blog post is sponsored by the Enterprise CIO Forum and HP.

April 28, 2011

Why does the sun never set on legacy applications?

April 28, 2011/ Jim Harris

This blog post is sponsored by the Enterprise CIO Forum and HP.

Most information technology (IT) departments split their time between implementing new and maintaining existing technology. On the software side, most of the focus is on applications supporting business processes. A new application is usually intended to replace an outdated (i.e., legacy) application. However, both will typically run in production until the new application is proven, after which the legacy application is obsolesced (i.e., no longer used) and sunset (i.e., no longer maintained, usually removed).

At least, in theory, that is how it is all supposed to work. However, in practice, legacy applications are rarely sunset. Why?

The simple reason most legacy applications do not go gentle into that good night, but instead rage against the dying of their light, is that some users continue using some of the functionality provided by the legacy application to support daily business activities.

Two of the biggest contributors to this IT conundrum are speed and agility—the most common business drivers for implementing new technology. Historically, IT has spent a significant part of their implementation time setting up application environments (i.e., development, test, and parallel production). For traditional enterprise solutions, this meant on-site hardware configuration, followed by software acquisition, installation, configuration, and customization. Therefore, a significant amount of time, effort, and money had to be expended before the development of the new application could even begin.

Legacy applications are typically the antithesis of agility, but they are typically good at doing what they have always done. Although this doesn’t satisfy all of the constantly evolving business needs of the organization, it is often easier to use the legacy application to support the less dynamic business needs, and try to focus new application development on new requirements.

Additionally, the consumerization of IT and the technology trifecta of Cloud, SaaS, and Mobility has both helped and hindered the legacy logjam, since a common characteristic of this new breed of off-premise applications is quickly providing only the features that users currently need, which is often in stark contrast to new on-premise applications that although feature-rich, often remain user-poor because of the slower time to implement—again failing the business requirements of speed and agility.

Therefore, although legacy applications are used less and less, since they continue to support some business needs, they are never sunset. This feature fracture (i.e., technology supporting business needs being splintered across new and legacy applications) often leaves IT departments overburdened with maintaining a lot of technology that is not being used all that much.

The white paper The Mandate to Modernize Aging Applications is a good resource for information about this complex challenge and explains why application modernization must become the enterprise’s information technology prime directive.

IT can not enable the enterprise’s future if they are stuck still supporting its past. If the sun never sets on legacy applications, then a foreboding darkness may fall and the number of successful new days dawning for the organization may quickly dwindle.

This blog post is sponsored by the Enterprise CIO Forum and HP.

April 14, 2011

The Partly Cloudy CIO

April 14, 2011/ Jim Harris

This blog post is sponsored by the Enterprise CIO Forum and HP.

The increasing frequency with which the word cloud is mentioned during information technology (IT) discussions has some people believing that CIO now officially stands for Cloud Information Officer. At the very least, CIOs are being frequently asked about their organization’s cloud strategy. However, as John Dodge has blogged, when it comes to the cloud, many organizations and industries still appear to be somewhere between FUD (fear, uncertainty, and doubt) and HEF (hype, enthusiasm, and fright).

Information Technology’s Hierarchy of Needs

Abraham Maslow’s Hierarchy of Needs

Information Technology’s Hierarchy of Needs

Joel Dobbs describes IT’s hierarchy of needs (conceptually similar to Abraham Maslow’s hierarchy of needs) as a pyramid with basic operational needs at the bottom, short-term tactical needs in the middle, and long-term strategic needs at the top.

Dobbs explains that cloud computing (and outsourcing) is an option that organizations should consider for some of their basic operational and short-term tactical needs in order to free up internal IT resources to support the strategic goals of the enterprise.

Since cost, simplicity, speed, and agility are common business drivers for cloud-based solutions, this approach alleviates some of the bottlenecks caused by rigid, centralized IT departments, allowing them to cede control over less business-critical applications, and focuses them on servicing the unique needs of the organization that require their internal expertise and in-house oversight.

The Partly Cloudy CIO

The white paper Get Your Head in the Cloud is a good resource for information about the various cloud options facing CIOs and distinguishes among the choices based on specific business requirements. The emphasis should always be on technology-aware, business-driven IT solutions, which means selecting the technology option that best satisfies a particular business need — and data security is one obvious example of the technology awareness needed during the evaluation of cloud-based solutions.

Although no one is advising an all-or-nothing cloud strategy, cloud computing is becoming a critical component of IT Delivery. With hybrid solutions becoming more common, the forecast for the foreseeable future is calling for the Partly Cloudy CIO.

This blog post is sponsored by the Enterprise CIO Forum and HP.

March 31, 2011

The IT Pendulum and the Federated Future of IT

March 31, 2011/ Jim Harris

This blog post is sponsored by the Enterprise CIO Forum and HP.

In a previous post, I asked whether the consumerization of IT, which is decentralizing IT and is a net positive for better servicing the diverse technology needs of large organizations, will help or hinder enterprise-wide communication and collaboration.

Stephen Putman commented that a centralized IT department will just change focus, but not disappear altogether:

“I look at the centralized/decentralized IT argument in the same way as the in-house/outsourced development argument—as a pendulum, over time. Right now, the pendulum is swinging toward the decentralized end, but when people realize the need for collaboration and enterprise-wide communication (dare I say, ‘federalization’), the need for a centralized organization will be better realized. I think that smart centralized IT departments will realize this, and shift focus to facilitating collaboration.”

I agree with Putman that the IT Pendulum is currently swinging toward the decentralized end, but once large organizations realize the increased communication and collaboration challenges it will bring, then the IT Pendulum will start swinging back a little more toward the centralized end (and hopefully before people within the organization start taking swings at each other).

A federated approach combining centralized IT control over core areas (including, but not necessarily limited to, facilitating communication and collaboration) with business unit and individual user autonomy over areas where centralization would disrupt efficiency and effectiveness, may ultimately be what many large organizations will have to adopt for long-term success.

The Federated Future of IT, which would allow the IT Pendulum to swing in harmony, balancing centralized control with decentralized autonomy, may not be as far off as some might imagine. After all, a centralized IT department is one of the few organizational functions that regularly interacts with the entire enterprise, and is therefore already strategically positioned to be able to best support the evolving technology needs of the organization.

However, the required paradigm shift for IT is shifting its focus away from controlling how the organization is using technology, and toward advising the organization on how to better leverage technology—including centralized and decentralized options.

Joel Dobbs has advised that it’s “absolutely critical” for IT to embrace consumerization, and John Dodge has recently blogged about “striking that hybrid balance where IT is delivering agility.” Historically, IT Delivery has been focused on control, but the future of IT is to boldly go beyond just a centralized department, and to establish a united federation of information technology that truly enables the enterprise-wide communication and collaboration needed for 21st century corporate survival and success.

This blog post is sponsored by the Enterprise CIO Forum and HP.

March 17, 2011

Suburban Flight, Technology Sprawl, and Garage IT

March 17, 2011/ Jim Harris

This blog post is sponsored by the Enterprise CIO Forum and HP.

Suburban flight is a term describing the migration of people away from an urban center into its surrounding, less-populated, residential communities, aka suburbs. The urban center is a large city or metropolitan area providing a source of employment and other professional opportunities, whereas suburbs provide a sense of community and other personal opportunities. Despite their strong economic ties to the urban center, most suburbs have political autonomy and remain focused on internal matters.

Historically, the IT department has been a technological urban center providing and managing the technology used by all of the people within a large organization. However, in his blog post Has your IT department died yet?, John Dodge pondered whether this notion of “the IT department as a single and centralized organization is on the way out at many enterprises.”

David Heinemeier Hansson raised similar points in his recent blog post The end of the IT department, explaining “the problem with IT departments seems to be that they’re set up as a forced internal vendor. But change is coming. Dealing with technology has gone from something only for the techy geeks to something more mainstream.”

Nicholas Carr, author of the infamous 2004 book Does IT Matter?, expanded on his perspective in his 2009 book The Big Switch, which uses the history of electric grid power utilities as a backdrop and analogy for Internet-based utility (i.e., cloud) computing:

“In the long run, the IT department is unlikely to survive, at least not in its familiar form. IT will have little left to do once the bulk of business computing shifts out of private data centers and into the cloud. Business units and even individual employees will be able to control the processing of information directly, without the need for legions of technical people.”

Cloud computing, as well as software-as-a-service (SaaS), open source software, and the rise of mobile computing have all been contributing factors to the technology sprawl that has begun within many large organizations, which, similar to suburban flight, is causing a migration of people and business units away from an IT-centric approach to providing for their technology needs.

We are all familiar with the stories of how some of the world’s largest technology companies were started in a garage, including Google, Apple, and Hewlett-Packard (HP), which William Hewlett and David Packard started in a garage in Palo Alto, California.

However, in this new era of the consumerization of IT, new information technology projects may start—and stay—in the garage, where in the organizational suburbs, most business units, and some individual users, will run their own Garage IT department.

Although decentralizing IT is a net positive for better servicing the technology needs of the organization, will Garage IT stop large organizations from carpooling together toward the business-driven success of the corporate urban center? In other words, will the technological autonomy of the consumerization of IT help or hinder enterprise-wide communication and collaboration?

This blog post is sponsored by the Enterprise CIO Forum and HP.