On enterprise SaaS, On outsourcing, On the IT Industry

Security certifications for cloud applications, will it help adoption?

I just read this, a tad old pre-finance-crisis, but still relevant and good article on “Gartner prediction misses today’s enterprise cloud action” when I realized it was automatically linked to my post “Enterprise cloud computing and security, the missing debate or solved” – it actually still gives me hits, nice!

The post refers to security certifications for cloud applications and it also provides a nice grouping of applications with a timeline of when the author expects the cloud to be ready to handle this type of apps.

  1. Low security sites such as marketing apps and batch computations on public data with public algorithms
  2. Massive compute jobs that use proprietary algorithms that are not super-sensitive and operate on public data.
  3. Super secret data and very sensitive algorithms

I certainly believe that certifications that document security and processes, and new good architectural solutions will bring us to a point where cloud-sourcing bullet three is considered ok sometime in the future, but it still comes down to the level of trust one is able to build.

If you are the owner of business critical data that is “super secret and sensitive” a certificate doesn’t help much when your competitor got hold of your customer base and attacked all your customers with their marketing machinery, but of course a certificate helps documenting and is good in the sales process.

Who knows, your data might be more secure in the cloud than in your basement server room, which is normally most certainly not certified and it will provide documentation to hide behind. To conclude, yes, I think it will help adoption.

Security officer, courtesy to erotikknett.no

Security officer, courtesy to erotikknett.no

Meanwhile, be aware of social hacking amongst your trusted security officers 😉

On changing the culture, On collaboration, On the CIO role, On the IT Industry

Evolving the role of the IT organization – rebranding the CIO – CIO 2.0

Today I read the latest Norwegian issue of Computerworld (nr 5 2009, pg 6), and to my great pleasure I found an article from our Senior Gartner columnist about the “war” between the IT Organization wanting to standardize and the vast amount of different quick win business applications that the business side want to use right away. These two agendas just does not match. Who wins; the IT department or the business side? And what happens with the IT department if they always loose? And what happens to innovation if the IT department always win? Gartner predicts that individual system choices will be more and more common. This, to my delight, foster creativity, but it also makes defining a complete IT Architecture nearly impossible and to manage, and if I may add, IT risk even harder to manage. The suggested solution: managed diversity.

I am a follower on the IT Strategy blog by Raj Sheelvant where he earlier wrote about rebranding the CIO, meaning the CIO could be an enabler instead of a brake in the organization.

Imagine a CIO fully grasping this concept? I certainly think an CIO coming to me and saying, use whatever program, as long as you tell me, and you try to convince the others doing the same as you to use the same program, would give me positive feelings. Now, how to make this work in practice? I think it is possible to sum it up in four very clear actions/policies:

Internal money
I absolutely think the Gartner approach where one may has to pay “internal money” in order to deviate from the given IT standard gives meaning. This not only incentivizes the business side to choose the preferred IT Standards, but it also enables the IT Department to provide some supporting resources to the new choice of technology if they should choose to deviate. It raises the question of how to price this though, but that is a whole other discussion.

Taking the consulting role
The CIO is no longer in charge of just operations of his system portfolio, but to give the business side good advice on how their choices of technology will work. He may ask questions like “how is backup taken care of” and “who do you call when it does not work” and last but not least “how is it integrated with our other portfolio of systems”? The CIO will have to “sell” the benefits of his policy, and enabling the organization to make informed choices. This is totally the other way around, opposed to the more or less undocumented denial one sometimes meet.

Keeping control
Make sure to define clear system policies that enables individual freedom, but keeping the necessary level of control. This must mean that applications used at work should be approved, so the IT Organisation knows about it, but that denying people to use it, given that they can pay for it as in the first bullet, is more difficult.

Dealing with the lifecycle cost and risk
To be aware of the lifecycle cost when enabling a new tool is critical. The feeling that deviation from the standard creates higher costs later, may also be why the CIO seems negative in the first place. Often quick and dirty projects only thinks about getting the tool up and running and forget about maintenance, backup, access control, security and so on. These issues must be tackled in order for the new tools to meet a long and prosperous life in the organization.

Any comments to these four elements? Anyone missing?

IBM illustrated this new role at their CIO Conference in November 2007 like this:

Good luck CIOs!

On collaboration, On social media, On the IT Industry

The Magic Quadrant: Team collaboration and social software

Building on my post yesterday, defining a collaborative culture, a colleague notified me of the Gartner Quadrant from 2007 that already has made the connection between collaboration and social software. since someone already put it out, here it is again:

Gartner Magic Quadrant for Team Collaboration and Social Software 2007

Gartner Magic Quadrant for Team Collaboration and Social Software 2007

However this quadrant is now getting old, and it has also recieved some critics, for the fact that it does not take new players into the picture. I also guess Gartner has made a new one since then. 

However, the quadrant only resembles one actor at a time, but my personal favourite is the combination of Microsoft Office Sharepoint Server 2007 and Atlassian Confluence with the Sharepoint connector. If you, in addition, include Office Communictaion Server to allow chat and unified communication, then you should be well on the way towards collaboration nirvana. Anyone there yet?

I must say I also look forward to explore some of the other tools that shows up everywhere for different niche features and processes.

By the way, anyone thought of when consolidation is going to happen in the IT industry? This is why I love the strategy Atlassian pursues with the Sharepoint Connector (the market leader above) and JAVA(the definite challenger to MS.net in programming languages), amazing combination that is going to blast competitors. When they in addition get a thriving community and crowdsource all their plugin developments, how can anything possibly beat them?

On the IT Industry

The Rosing Award 2008, Norway

Today the computer association of Norway had their annual Rosing award ceremony (Rosingprisen 2008) where they handed out a total of nine different prices, accompanied by a good band, Funk Factory and a delicious dinner. Fortunately I was able to take part and here are the winners. A great ceremony with remarkable winners.

1. The usability award
– The winner: Bazefield from bazetech

2. The IT Security award
– The winner: The Norwegian Oil industry association

3. The best Norwegian net service
– The nominees: regjeringen.no, finn.no, telepriser.no
– The winner: finn.no

4. The language award
– The nominees: Lexin and LingIT
– The winner: Lexin

5. The IT Leader of the year in Norway
– The nominees: Nils Øveraas (Accenture), Bjørn Kjos (norwegian.no), Fredrik Halvorsen (tandberg.com)
– The winner: Fredrik Halvorsen

6. The Deloitte Fast 50 in Norway award
– The nominees: REC ASA, Norspace ASA, Thermtech AS
– The winner: Thermtech from Bergen

7. The creativity award
– The nominees: eide utvikling, Luup, Sonitor
– The winner: Sonitor

8. The Green IT award
– The nominees: Local / Ergo Group, haldencoe.com, finn.no, NAV
– The winner: Halden COE

9. The Rosing Annual honour
– Mr Georg Apenes, Datatilsynet