Owning All Clouds

cloud-computing-multiple-clouds

By Doug Harr

As part of my career as an IT executive for the last dozen plus years, I’ve led several companies through a process of migrating their business application portfolio to the cloud.  At Portal Software, that meant deploying SuccessFactors for HR performance reviews, and OpenAir for Professional Services Automation.  At Ingres that meant deploying Intacct for Financials, Salesforce for CRM, and lots of other cloud solutions. The approach for me reached its zenith at Splunk, where we had a 100% cloud business application portfolio, and where 50% of our compute and store capacity was at Amazon. With so much functionality in the cloud the question of roles and responsibilities became a focus for the company. In this very cloud-friendly shop, what should IT’s focus be? What level of administration of these solutions could actually be owned and delivered by departmental owners, such as Sales Operations, Customer Support Operations or HR administration?

As one example, both at VMware, where I was program manager for their Salesforce implementation, and at Splunk, where I was the CIO, we had very strong sales operations teams, and fairly complex Salesforce environments. In those environments Sales Op’s began to take ownership of more functionality in the Salesforce suite. This included user administration, assignment of roles to users, territories to reps, and just about all reporting. This grew to include modifying page layouts, and other configuration capabilities normally owned and controlled by IT. In my view the idea of enabling the Sales Op’s team was attractive for several reasons: (1) they wanted the power to do these things (2) they were not waiting for IT on the things they felt were high priority (3) they were closer to the sales teams who actually worked inside the tool, and so they were good at interpreting issues and acting – as good certainly as an IT Business Analyst, or even someone with fairly good technical skills. In these scenarios it freed IT to work on deeper technical issues, level 3 incidents, environment management, integration, reliability, etc.

In another example, at Splunk we made wide use of Amazon EC2 for compute and storage capacity. In these cases, IT System Admins were not needed – environments were spun up and used directly by personnel in Engineering and Customer Support. This was an amazing success, and it freed IT to work on monitoring usage, working deals on cost, and managing the overall vendor relationship.

Not every department has a team or individual ready to own or take a major role in the management of a SaaS or IaaS platform. For every HR department that manages Workday, there’s a finance department that does not manage Netsuite. It depends on the tool, and the personnel. What I’ve found is it can also depend on the CFO and management of a business function – some execs are happy to have these resources placed in the business, some are more afraid of  “shadow IT spend” or they’re caught up suggesting that IT can’t deliver and granting this power is a cop-out. Actually, I had a moment like this at Splunk, where I had not adequately updated two peer execs on our intent to get more deep IT skills hired into Sales Op’s, and had to sort that one out, to make sure everyone understood this was not a shadow operation! So there can be bumps in the road, but in my view adopting this approach is inevitable really, as software platforms and micro apps are becoming widespread, and so is the ability and desire by departmental teams to be more involved in the direction of how those tools, platforms, and apps are rolled out and used.

All this speaks to the future role of IT, and I for one have lived that future, as least in part. It’s one where IT is more strategic, focused on vendor/portfolio management, integration and security. To be sure some functions that are broadly used across all departments, and some that are task specific, still accrue to IT in most cases, or to partners that offer elements of typical IT as a service (think Help Desk). But done well, each department owns more of its technology, feels more in charge of its future, its technology adoption, its responsible use, along with other benefits. And, IT focuses less on being everything to everybody, maintaining disparate queues of backlogged work, and more focused on higher level matters, transforming the business for the digital age, and accompanying delivery of more complex technical solutions.

Right where we should want to be.

@douglasharr

The New Crisis in Cybersecurity

cyber-security-lock-image

By Mark Egan

There is a new crisis in Cybersecurity.  A recent article highlights the current lack of trained Information Security professionals and ties this lack to the digital revolution and other technology advances, leading to “mega-breaches on an unprecedented scale.” Stealing IP has become a billion dollar business; couple that with the fact that it is also much easier to break into a system than protect it.  All the criminal needs to do is to find one hole in your environment and they can slip in. Why there is a dearth in Cyber Security professionals and what can be done about it I have outlined briefly in a few key points here.

One of the biggest reasons why there are fewer trained security professionals is due to the fact that the Office of the CISO is still a relatively new organization, compared to that of the CIO, which role has been around for significantly longer.  CIO titles started in the 80’s when Information Technology became a critical component of daily business operations. The CISO title is more recent and in 2006 only 43% of large organizations had a CISO. This has changed over the past 10 years and now most larger organization now have a formal security function and overall leader.

However, companies show a trend of being focused on hiring very experienced security staff externally, as opposed to developing and training individuals internally.  It would be more effective to take existing staff and train them, or hire in trained entry level professionals who you can develop.

Going Forward

The solution to Information Security is that companies have to develop their existing staff and then cultivate a mindset where everybody is “mindful” – like a Neighborhood Watch, where everyone is involved in the program. Most attacks still originate from phishing email – someone clicks on an email, and that email comprises that machine. And once they compromise that machine, they move laterally within the environment to elevate to a privileged level of access.  So if you have Neighborhood Watch, everybody is on alert. When they see the suspicious email, they notify someone, and through this behavior you can build and grow and perpetuate a more “security aware” program.

Ultimately security is a people issue. To this effect we created the Merritt College Information Security program as a fully accredited A.S. degree with majors in Applications and Infrastructure Security. The program has been two years in the making and serves the San Francisco Bay Area East Bay School districts, which include students from less advantaged backgrounds. It results from the partnership with the CISE CIO organization, Merritt College, and CIO’s / CISO’s from leading San Francisco Bay Area companies. The program provides trained, entry level security professionals from which an organization can then expand on and develop other existing staff internally.

They are currently for hire; please contact me for more info.

Organization Structure to Support Digital Business – What to Consider

digital-business-image-1

By John Dick

Central to the changing landscape of IT and business is the proliferation of devices and Internet of Things; by 2020, more than seven billion people and businesses, and at least 30 billion devices, will be connected to the Internet. This interaction leads to the evolution of digital business, and with that evolution is the need for companies to think about how to organize their most important asset – people – in a way that best supports the delivery of their products and services in this new digital business structure.

We have been giving advice to companies on how to thoroughly think about the role of people and organization structure within this evolving and complex equation of people, process, and technology. I have captured some of our leading points around structural questions to consider and critical success factors related to the organization of a company’s technology engineering and delivery groups below. In turn, this blog will lead to a future post outlining digital business organization structure, and guidelines around your company’s infrastructure readiness.

First, there are some questions to consider in thinking about digital business, technical engineering and delivery organization structure.

The first deals with how your company is organized, because it is probably organized the way it is for a reason, such as to most optimally support effective product sales and delivery.  Also, that structure is the eco-system in which you will need to co-exist.

Important Company Structural Questions and Considerations

  • What is your company’s approach to centralization vs. decentralization of responsibilities and structure?
  • Does your company impose structure through traditional functions, product, process functions, or technical expertise?
  • How does your company think about direct line vs. dotted line reporting and to whom?
  • Do you fit the technology organization to the business requirements or to the people?
  • How do you handle regional | international units?

Understanding the relationship of your organization within its larger context is critical to how you organize your group. For example, if your company is decentralized, it will probably be important to understand why your organization is also decentralized. What are the key reasons your business is decentralized? How will you provide digital support to the decentralized units in a meaningful, personal manner? How will you understand unique customer regional requirements? What if it has aspects of both? A carefully crafted hybrid solution may then become necessary.

From here, we offer key initial points to consider toward optimizing your organization structure for success.

Once you’ve thought through and understand how your company is organized for success around its products and services, you’ll want to transition to what are the critical success factors for your technology associated group. That, once aligned with the rest of the company structure, will assist in developing success criteria.

Critical Success Factors

  • Aligning organization with business strategy and function
  • Allowing organization to keep pace with company growth and changing business dynamics
  • Providing effective decision support and related performance | scorecard tracking
  • Integrate organization approaches within company culture

While the first three points are a common theme and well accepted, I believe the last point is often overlooked. All companies have some aspect of company culture in their environments. If your organization is not organized or motivated within that context, success could be difficult. A good way to support this is to subtly develop success criteria that is natural to your environment.

With new roles other supporting or catalyst roles will emerge, and CXOs will need to develop digital leadership capabilities in order to execute an effective digital strategy.

In the next post I will delve further into what this means and how to think about your company’s infrastructure readiness to complete the picture.

Information Security Training: Merritt College Enters Its Third Year

 

Merritt College logo

Merritt College in Oakland, CA will start its third year of classes this Friday, August 26.

We’re excited to be entering the third year of this program, having graduated our first set of students this past June 2016. The Merritt College Applications and Infrastructure Security program (as a reminder) is a fully accredited A.S. degree with majors in Applications and Infrastructure Security.

This program results from partnership with the CISE CIO Organization, Merritt College, and CIO’s/CISO’s from leading San Francisco Bay Area companies. These groups have given their time and expertise toward building up this program from its inception. Donations from the CISE CIO group now amount to $130K, and with this amount, we have developed the current curriculum and put a new cybersecurity lab in place.

This program and its impact couldn’t be more timely, given that one of the biggest threats to companies is a lack of trained cybersecurity professionals.

You can find an overview of program here.

We are also looking to place our recent first class of June graduates into Information Security roles with leading companies and organizations. Please contact Mark Egan you are interested in hiring our students to improve your Information Security programs.

StratraFusion – Values

Values balls

 

The pace and evolution of enterprise technology more than ever calls for strategic advice on how best to use this technology to optimize your business.

We formed The StrataFusion Group as a unique technology and business consulting practice based on knowledge gleaned from practitioners and their years of in-house “hands on” leadership and experience. Our Partners have driven technology and business strategies in disruptive Fortune 500 companies and fast-growing enterprises and firms, and they bring years of practical knowledge into solving each opportunity in its complexities and challenges.

We advise and assist our clients on how to leverage their technology investments to increase revenue, and improve customer satisfaction while reducing risk and cost.

We originally conceptualized and founded The StrataFusion Group to provide expertise ”for CIO and CTOs, by CIOs and CTOs.” The practice has, unlike many other technology consultancies, continued to emphasize the personal operational experience of our Partners. This expertise is then applied directly to your problems and issues by our Partners — not inexperienced stand-ins. You receive our personal attention and commitment to efficient and effective engagement management.

Our passion is to empower companies to be business innovators by combining leading-edge insights with significant experience-based knowledge of markets, technologies and industries. We focus on adding client value, delivering ultimate professionalism, applying team cohesion to expand experience and focus success, with respect for individual values and goals. We truly seek to earn the “Trusted Advisor” status. When you have a serious technology problem we want you to think of StrataFusion, not Ghostbusters!

We offer proven solutions for the most difficult business challenges, focusing on these practice areas:

StrataFusion Practice Areas

  • CIO / CTO Advisory
  • Information Security
  • Digital Transformation
  • Big Data / Cloud Analytics

As we go forward and continue to build on our consulting practice areas, how we were formed, our foundation and core values continue to drive how we approach each company with their unique set of of challenges. Underlying all of our work is our set of guiding principles:

StrataFusion Guiding Principles

  • We challenge and reinvent the vision
  • We create through teamwork
  • We nurture the independent, entrepreneurial spirit
  • Our personal and operational competence and professionalism is clear and at our clients’ disposal

We look forward to working with you.

John Dick, Partner and Co-Founder, StrataFusion

The Cloud – All In

TheCould_AllIn_72dpi

By Doug Harr

This post will be the first of several outlining my passion for moving IT software and services to the cloud, articulating the exponential value this move provides.

My journey began in early 2000’s when I was VP of IT at Portal Software; there, we moved the function of doing performance reviews out of our data center and into the SaaS / cloud service, Successfactors. This change cut costs in half; this kind of savings we saw almost every time we moved another software package or custom written application off site and into the cloud. Success with this model led me to take the helm at two other high tech companies (most recently at Splunk) where we ran virtually all of our business software and half of our infrastructure in the cloud, via services like Netsuite (financials), Salesforce (CRM), and Amazon EC2 (servers, storage).

These experiences were so positive and influential on my outlook that I’ve been espousing the “all cloud” IT sourcing strategy for some time now. Finally, and most recently, both Microsoft and Google have made it possible to go “the last mile,” to move your corporate domain, which houses the identity of all your employees, along with their organizations and access rights, into the cloud. This positions new companies and more aggressive existing companies to get to the point where you’ll find two fat pipes to the internet as the only technology installed at the company’s offices. The pipes terminate in a set of wireless access points, which themselves can now be managed via a cloud service!

Why is this all nirvana to me?  What does it mean for IT?  It means a lot. In almost every case I’ve seen service improve, both in terms of the time it takes to get things done, and the ability to focus on higher-level concerns, while more control accrues to the business. The focus of the CIO and IT Management team then changes – setting up a strategy, sourcing these cloud services, managing the vendor relationships, monitoring the services, integrating and securing them. We get to the ultimate goal of IT – maximizing the effective use of these systems, and harnessing the information that can be extracted and analyzed from those services. Not too shabby, right?  Sounds like a busy and more enabling, productive IT department, even if the roles have changed.

In future posts, we’ll address how the move to the cloud changes the nature of what resources each department needs to hire in order to effectively run the cloud applications. With sales operations, customer support operations, HR operations, etc., there is the ability for internal corporate employees to be more directly involved in optimizing, running and supporting the applications they use.

More to come.

Rapid M&A Integration

By Mark Egan

???????????????????????????????????????????????????????????????????????????????????????

  • Focus on the people
  • Take an aggressive approach to migrate the new business into existing systems
  • Plan to complete the work within 90 days of deal closing

Mergers and Acquisitions (M&A) are an important strategy for expanding business. Unfortunately, many times these actions do not meet their intended goals. Although considerable emphasis is placed on technology, products, and new markets, some fundamental issues are overlooked. After working on over 60 M&A transactions, I recommend that you focus on three areas: engaging your new employees, integrating the new business into existing systems, and completing all integration work within 90 days.

Engage Your Employees

First, focus on the people. Make sure that you answer their top three questions:

  1. Do I have a job?
  2. Who is my manager?
  3. What is my scope and responsibilities?

Until you answer these three questions, employees of the acquired company are not really listening and can’t focus on integration work. Be honest with employees, especially if you do not have a role for them, and provide assistance in finding a new role and incentives to work through transition period.

Migrate New Business into Existing Systems

Next, take a very aggressive approach to migrate the acquired company into your existing systems. With few exceptions, migrating acquired company systems over to your internal systems is much easier than investing a lot of time evaluating the acquired systems. Make sure that your existing systems have capacity to support increased volumes and additional businesses. This can be done as part of your IT readiness work well in advance of any M&A activities.

Have a 90-Day Plan

Finally, have a plan to complete all the integration work within 90 days of closing the deal.  Many IT tasks, such as e-mail, unified web site, and personnel systems can be completed on the first day of operation for the merged company. The remaining tasks should be aggressively planned for completion within 90 days. This approach positions your organization to take advantage of the newly merged company to develop new products and services and sell the expanded offering to your customers.

StrataFusion works with clients to develop their rapid M&A integration programs enabling them to improve the overall quality of their work as well as reduce costs.

Learn more about “Mergers and Acquisitions” in StrataFusion’s Knowledge Center and get to know our CIO/CTO Advisory practice.