Executive Advisory Program

Damon Winter/The New York Times

Posted by: Jack Santos

Yes, it’s historic. 

So what happens now? And what’s the impact to IT, IT decision-making, and the economy in general?

This we know:

• We are involved in two wars at a horrendous cost of money and lives.
• We are in the middle of an economic meltdown not seen since the 1930s.
• We just elected an unknown quantity. No real track record in the US Senate, and minimal insight into his state legislative experience, or even his community organizing background.

What kind of vision can we expect from our new president, and where would he get the biggest bang for the buck for IT investment?

One way to look forward is to look back, and look at efforts that were proposed by the current (Bush) administration. One of those was the need for a broadband policy, and the administration’s inability to move forward on that effort.

The US has long lost its leadership on high speed broadband deployments, and the argument can be made on many fronts that this is a significant issue that needs federal government leadership. An increased emphasis on our national broadband strategy can mean gains in e-government for constituent access to services. Recently a friend of mine in a management position at Social Security was lamenting about the lack of internet usage by claimants; not only is this a demographic issue that plays into a technology comfort factor, but it also reflects lack of broadband access.

On any competitive front (green issues, energy issues, employment issues), broadband is an enabling technology. Increased broadband can enable more remote work/work at home, reducing carbon-based transportation reliance. Broadband increases access for employers to workers, and access to employment by workers. Broadband is at the crux of any new "smart grid" development for our energy infrastructure – exchanging information between energy suppliers and users about optimal energy usage and more flexible billing mechanisms; some energy companies have long explored broadband deployment through their grid, for that reason alone.

What’s really exciting about a renewed emphasis on broadband policy is that in an uncanny way,our foot dragging on wired broadband may in fact leave us in a position to leap forward to new options in wireless broadband deployment in a much more cost-effective manner – such as new wireless broadband options like WiMax, LTE (Log Term Evolution) , and UMB (Ultra Mobile Broadband); all are 4th generation broadband options on the drawing boards or being piloted. The Apple IPhone is a perfect example of how the consumer market is rapidly evolving from wired desktop/laptop to untethered handheld connectivity – with tremendous success.

So whether it’s for more efficient government, increased flexibility for consumers, or increased options for business – in the current economic climate a renewed focus on moving the US up the broadband food chain may be one catalyst for a turnaround in our economy, and part of the foundation for future growth.

I am sure there are other IT related efforts that we need to keep an eye on, given the new blood in Washington. We’ll continue to explore them in this blog.

Posted by: Jack Santos

Most IT executives have, by now, heard of and explored virtualization as an option for consolidation, efficiency, and cost savings.   Drue Reeves, Chris Wolf and the entire merry band of datacenter analysts are the best in business when looking at those trends.  Their blog is a fascinating way to keep abreast of developments in that space. 

Virtualization is just a tip of the iceberg in what is becoming an exciting market battle that has enormous IT impacts.  It rivals the 80's battle for the desktop OS (Microsoft, Apple, and IBM), and the 90s browser wars ( Netscape and Microsoft).  This may be the final stand for Microsoft, which (up until now) has been an unstoppable industry juggernaut. 

Microsoft is now in the early stages of a multi-front war:

• Their old nemesis (IBM) is back with a renewed lease on life through a strategy that mixes their expertise with large-scale global computing and computing services; 
• Google, exhibiting all the symptoms of hyperactivity disorder, spread across cell phones, advertising, software development, search, and with nascent success in the Internet delivery of office services (Google Apps).  To many, Google IS the Internet;
• SaaS providers, such as Salesforce.com, that are finding traction with Internet delivered applications;
• Virtualization vendors, led by VMware/EMC with 80+% of the market,  that have a vision of hypervisors being the delivery mechanism upon which all Internet services are built and delivered;
• A highly fragmented hosting market, Amazon web services,  traditional software vendors such as Oracle and CA, and the HP/EDS combination add plenty of variability to the mix, either as 2nd-tier competitors sapping troop strength from the main battle, or for strategic alliances.

Call this "The Cloud Wars" - because it is all about Cloud Computing.  As nebulous as that term is (see my earlier post), it is important that we recognize the 5-10  year trend and its implications.  IT as we know it is changing, with tectonic plate shifts exceeding those from the introduction of the PC, or the commercialization of the Internet.  It affects how IT will develop and deliver services into the future -- whether it's where you buy/rent infrastructure such as processing power or storage, how business apps are bought, paid for, and delivered, whether the future is open or proprietary.

Microsoft is right at the center of this shift, defending their franchise, while reinventing themselves (once again) into a new and innovative space.  They are the IBM of the 21st century, and - like the IBM  of the 80s - they will have to change.

VmWare's recent conference really crystallizes how they see this battle unfolding. 
Take a peek at Drue's insight into Maritz's keynote address, and Chris' perspective.

"The Cloud Wars" directly affect IT/business decision-making, and has all the ingredients of a great story - shifting allegiances, strategic moves and positioning, conflicting visions, and strong personalities:   

• Google's Eric Schmidt. Has made his life's work nipping  at Microsoft's ankles (with Novell, Sun) and has finally sunk his teeth deep into meat with Internet successes in search and advertising.
• VMware's founder (Diane Greene).  Already a battlefield casualty in an intensely political and profit driven environment that eats its young.
• Paul Maritz.  A Microsoft veteran that switched sides to lead  VMware in a way that can only be reminiscent of the relationship between Brutus and Caesar.
• Steve Balmer. Microsoft's original Big Man on Campus, Friend of Bill (now semi-retired and Friend of Jerry), and looking to make sure his legacy is cemented.
• Ray Ozzie.  Innovator extraordinaire, man with a vision but rarely a plan, looking to recreate the Lotus Notes magic at Microsoft as the wizard behind the Balmer curtain.
• Steve Mills. IBM's software VP; cut from the IBM mold and valiantly keeping IBM relevant.
• Larry Ellison, Jonathon Schwartz.   Ellison's sometimes erratic business moves may yet make a difference in this battle.  For Schwartz, it's all about an exit strategy.

Hypervisor innovation, dynamic datacenter strategies, software as a service, development standards, and APIs are all converging to define the future landscape -- and strike solidly at Microsoft's strengths.  Microsoft is responding with efforts like Microsoft Live, and virtualization releases that build on its core and take advantage of systems management tools to give the incumbent OS vendor the edge in virtualization.  But will it be enough?  Or is this shaping up to be an epic "Black Gates of Mordor" battle?

Stay tuned.

posted by: Jack Santos

Can't help but comment on recent reportage that highlighted some of the work being done in our Application Platform Strategies area.  It showcases Burton Group research with the title "Could the Real Key to SOA Success Be a New CIO? ".  Provocative enough.

enter Chris Howard

<CH>
In our research, We noticed a relationship between the appearance of a new CIO and the rate of SOA success. Those CIOs drove the effort to success because of an understanding of the value/benefits of SOA.

To be sure, there are probably many new CIOs that do not accomplish this, or increase the SOA failure rate. It was not clear from the research that a forced regime change was a goal in the companies studied. It was a coincidence that “New CIO”=”SOA Success”, but it doesn’t guarantee it (or the success of any other initiatives).
</CH>

There is no doubt that any strategy (SOA, virtualization, mobility, whatever) without the right leadership, will fail.  The CIO has to believe in it and be committed to it, as does everyone up and down the chain of command, those involved with the work (business and IT), and a fair amount of thought leaders not involved as well.  The poisonous environments are those where there is little support or agreement within (or outside) IT - and if it's underground it gets even worse. 

The not-so-subtle premise of the title is that "forced regime change" is a way to make it happen. Without getting too political, that argument sounds awfully familiar, and myopic.

Enter Mike Rollings

<MR>
Regime changes may just allow a new person to try something that the business wouldn't let the other CIO do.  Maybe it is the ability to have a fresh conversation about business value that is the secret sauce of regime changes.  Maybe they aren't focused on SOA, and instead focused on adding value to the business. Maybe the interview process opened the minds of the CEO to pursuing a business initiative.
</MH>

Don't get me wrong.  Are there disconnects between business and IT that cause projects to fail? Absolutely -- probably the majority of failures can be attributed to that. Anne's quote in the article brought that out clearly:  "Manes’ list of SOA failure factors traces back to too much focus on technology and too little change in the IT culture". 

Are there CIOs out there that have to go before an organization can make progress? Darn tootin. 

Enter Phil Schacter:

<PS>
I’ve heard various data on the average life of a CIO’s tenure with a company, but let’s assume its 18 months. Is that sufficient time for a new CIO to launch a SOA strategy and for it to produce sufficient results to be judged to be a success?
</PS>

Like our experiences with political regime change, it may initially look like its working (as statues of Saddam came crashing down), but in the long run the fundamental societal/organizational issues just bubbled right back up. It was just a matter of time.  In the case of Iraq - not much time; organizations, too, will react differently as issues begin to slowly come to a boil again.

Does Regime Change work? Sometimes. But there are no guarantees.

Posted by: Jack

One of the most active areas for IT these days is in medical IT – hospitals, physician practices, health care providers.  Market leaders such as Siemens, Eclipsys, Cerner, and GE supply electronic medical records systems to hospitals and physicians.  A recent Wall Street Journal article noted that by some studies only 4% of physician practices are using EMRs effectively, if at all.

   

Then there is the personal health record crowd, mostly lead by insurers like Aetna, Cigna, Blue Cross, United Healthcare, Wellpoint.  Their value add is to be a central repository/aggregator for all of an individual’s medical history – regardless of which physician, hospital, or other provider (say chiropractor) you visit – as long as you are insured by them.

   

But, of course, we don’t all stay with one insurer all our lives, nor do we always visit the same provider (doctor, hospital, other provider).  And in both approaches (put aside for the moment differences in the level of clinical data associated with a personal vs. a medical record) integration across providers or insurers is key.

   

Enter Google and Microsoft (among others) that are “provider or insurer” independent.  They’ll claim to interface with different health information sources and be the centralized repository and aggregator to keep your (HIPAA says it's yours) information in one place.

   

And threaded through it all is the issue of security, secure access, and privacy…..Kevin Kampman from our IdPS coverage area has blogged on that: http://bgidps.typepad.com/bgidps/2008/07/physician-heal.html

   

Three years ago you could walk into a hospital or doctor’s office, have an x-ray taken, and ask for your copy …and they would look at you cross-eyed, feign an inability to do that, or just plain ignore your request. 

   

Now if you do that (as I did at a recent emergency room visit), they’ll put it on CD for you and you can walk out the door with it.  But don’t ask for the doctor’s notes or the actual record of your visit with blood pressures, heart rates, drug test results, or any other actual data that was collected from your body.  It is almost impossible to get it, assuming the physician or nurse knows how.

   

The Google/MS approach follows the “Quicken” model from earlier years, in a different industry (financial services).   In subsequent blog entries, we’ll explore the financial services experiences for a unified financial record, and see what lessons can be gleaned for a unified health record. 

But before we go down that road, let's get some definitions straight.  I got these from "geekdoctors" blog - John Halamka at Beth Israel in Boston  ( http://geekdoctor.blogspot.com/2008/06/ehr-for-non-owned-clinicians-coming-to.html )

Electronic Medical Record
An electronic record of health-related information on an individual that can be created, gathered, managed, and consulted by authorized clinicians and staff within one health care organization.

Electronic Health Record
An electronic record of health-related information on an individual that conforms to nationally recognized interoperability standards and that can be created, managed, and consulted by authorized clinicians and staff, across more than one health care organization.

Personal Health Record
An electronic record of health-related information on an individual that conforms to nationally recognized interoperability standards and that can be drawn from multiple sources while being managed, shared, and controlled by the individual.

Health Information Exchange
The electronic movement of health-related information among organizations according to nationally recognized standards. HIE is a verb describing a process.

Health Information Organization
An organization that oversees and governs the exchange of health-related information among organizations according to nationally recognized standards. HIO is a noun describing an organization.

Regional Health Information Organization
A health information organization that brings together health care stakeholders within a defined geographic area and governs health information exchange among them for the purpose of improving health and care in that community

The implications of what we do here are enormous - both from security, identity, and enterprise architecture points of view.  Not to mention our own health histories. If you are a healthcare CIO you are living it.

If you are a financial services CIO, you have already lived it.  There must be lessons and approaches that we can transplant.

Send me your ideas.

Posted by: Jack

Why does it always seem that a major new regulatory initiative peaks during an economic downturn?  The skeptic in me believes that these efforts (last time HIPAA, this time PCI) are stealthily cloaked
make-work initiatives.  That or efforts to make a CIO's life that more difficult - on the one hand being asked to cut, on the other hand being asked to do more.  It's satanic.

Not that I am throwing cold water on the need for stronger financial protections on our systems.  Hannaford, TJ Maxx, (who's next?) are poster children for that need, and the best thing that ever happened for PCI.

At a large web and bricks and mortar retailer the question was asked what is their top 3 priorities; the answer?  1) PCI 2) PCI 3) PCI.

I was CIO at a firm where the CFO was really peeved at Visa that they would dictate (with fines) what his priorities should be.  We spent half our time in IT searching for tape backup solutions that encrypted personal information (and credit card data) -- without much success (this was a year and a half ago, that has probably changed).  And the  key issue when addressing that was the havoc that increased runtimes would have on our daily cycles due to the larger backup windows.  All because our backup tapes went offsite and could fall off trucks.

The other half of our time was data de-identification tools, or (in some cases) trying to find all the places where we had critical personal data (like crabgrass and because of Business Intelligence, it would just sprout up everywhere).

That aside, its a serious issue and one that is deeply intertwined with a lot of Burton Group research.  Over the next month or so I hope to pull out pertinent guideposts within our research that is applicable to PCI (besides the obvious PCI documents that have already been written. 

Nobody wants to be the next headline.  Besides, the economy needs help.

Is Unified Communications ("UC") on the CxO radar? Don't count on it. Should it be?

In fact, it's time to rant -- what is UC anyways? We (Burton Group) have a lot of research on it (current or proposed) -- a nice mix of the next stage of VoIP, mixed in with "presence-based" applications, and spices of IM and video conferencing. MS and Cisco use the buzzword a lot to push their follow-on products, mostly to replace an older PBX with something sexy. Call centers and work-at-home seem fertile ground for UC, whatever UC is.

OK - so what is UC again?

I have come to the conclusion (not unlike most CIOs) that UC is still a vision and long term strategy -- really the recognition of an overall trend with communications. As Mike Gotta (one of Burton Group's UC gurus) says:  “UC needs to be treated as a program managed over the long term through a governance process”.

Vendors, on the other hand, take the UC moniker and run with it (any surprises there?) to sell products that may/may not be ready for prime time. The reality is that the buzz around “Unified Communications” will only be real when applications get developed based on the underlying technologies – and so far there has been no “killer app”. 

From a business perspective, “UC” (as a whole) is a technology vision and architectural framework, with no real ROI or business driver.  Business groups and end-users don’t really care about UC –they care about the productivity value from the tools and applications they interact with every day to get the work done. ROIs come at the project level, as different components of the UC framework get implemented (like VoIP,  corporate IM, or desktop video conferencing).

So if it’s a long term vision and strategy, should a CIO care? Sure, with IP based telephony, traditional enterprise telephony is under attack; software plays a significant role in delivering voice, and new “UC” products, such as those from Microsoft (Office Communications Server), will influence the market.

Most CIOs don't care about UC -- they care about the applications, and those applications will be delivered piecemeal, and should be part of a long term understanding of the trends and convergence that is going on with technology--- which is what UC really is.

Point-in-time decisions made at a project level (such as a PBX upgrade decision) will be viewed as evolutionary, functional replacements of current technology with the latest and greatest solutions. Other leading edge projects might see the fundamental workflow and integration that "UC" class technologies bring to the table, and make the case (ROI and otherwise) for significant change -- but with sound business drivers and business sponsorship.

UC clearly needs to be on the Enterprise Architect's radar and, through governance, a framework that an organization uses for technology decisions involving the technologies and applications that UC encompasses. As a result, CIO awareness of UC is important, but what is more important is the skepticism that a CIO needs to have when approached by vendors that have the ultimate "Unified Communications" product.

OK, so a little play on words and sounds in the title.  It's Friday, cut me some slack!  It's been a fun week at the technology center of the world (Burton Group).  The analysis and heat seeking thought processes continue to amaze me.  I am very impressed with the work being done in by our Network and Telecom Strategies group...the reference architecture and technical positions I am just really starting to digest.  My goal is to immerse myself enough that I can come up for air, and pull out tidbits and cross-tab thoughts and write something about what these guys are doing that will catch a CIO's attention, and give a CIO some ideas about where that particular technology genre is headed.  It won't be easy.

Just completed a piece on what the overwhelming availability and access to information is doing to our IT departments and businesses -- not from a hardware-software perspective, but from a psychological and human impact perspective; and what a CIO can do about it.   Coming to a website near you.

Jack