CIPS logo

Canadian Information Processing Society

 

CIPS logo

 

News from National -- Current Articles

11/15/2001 1:26:38 PM
IT Priorities - Dr. Jamie Kaminski
Interview by S. Ibaraki, I.S.P.

This week, Stephen Ibaraki, I.S.P., has an exclusive interview with Dr Jaime Kaminski, Senior Technology Analyst and Technical Briefings Manager Xephon: http://www.xephon.com

Dr. Kaminski is widely respected researcher and an acknowledged international authority on the IT industry for Xephon which is the world's leading producer of special IT consultancy reports, reviewed professional journals and international IT conferences held in London.

*****
Q: In the wake of the events of 11 September, there have of course been significant impacts across all industries, and IT is not exempt. How do you see the industry being affected in the short term?

A. Stephen, first of all, thank you for having me back to speak. Since we last spoke much has changed. September the 11th has changed the way in which Western society thinks about a range of issues. We now live in a different world, in which the issue of security has instantly taken on new and massive significance. In the IT industry we could be at the forefront of the defence against future cyber attacks, so security issues have moved to the top of the agenda .

Despite the unprecedented human tragedy and massive physical damage caused at the World Trade Centre, early reports suggest that most customer and business-critical data appear to have been saved by automated, and remotely located data back-up systems in association with effective disaster prevention strategies. However, the companies involved were amongst the elite of world commerce, and their back-up strategies are of the highest standard.

Not all companies have the same high standard of preparation. Both security and backup issues can be neglected. This is often because both require a constant investment of time, money and resources, but do appear to provide a significant return on investment - they do not generate profit. In times of economic slowdown companies may be tempted to cut back on spending in these areas.

However, many companies now realize that data has become their most critical asset and the survival of their business depends on it. The value of data far exceeds the value of the IT infrastructure that supports it, and this is why the immediate impacts of September the 11th will be associated with data protection - in the form of enhanced security, back-up and disaster recovery.

I think we can predict many short- and mid-term IT impacts which are likely as a direct result of the September 11 events. For example:

• Disaster recovery strategies will get significantly more attention than they may have done in the past. Back-up and recovery is now a mission-critical priority for companies of all sizes. Critical data should never be stored in just one physical location: geographically dispersed copies are essential. However, technologists tend to think of disaster recovery in terms of ‘recovering the mainframe’ or ‘recovering the Unix box,’ or recovering a particular application or system. This is a serious problem.

Most medium-to-large data centres today do not represent a single architecture, but a sea of different systems that have grown up over time. Some legacy systems are decades old. They are integrated with extensions and enhancements running on a diverse set of platforms ranging from mainframes, Unix, NT, and others. The important point to note is that critical business processes supported by these platforms almost always span platforms, and so are dependent on systems and information maintained on two, three, or more platforms. It’s all or nothing. When a business process is supported by many platforms and databases, the information stored on the various platforms needs to be synchronized. Otherwise there are likely to be coordination gaps which will result in unpredictable errors ranging from lost data to logical corruption that makes recovery impossible.

• Increased awareness of disaster recover issues will have an impact on vendors supplying this sector. The key differentiator between vendors offering backup/recovery solutions will be how quickly they can recover your IT operations to acceptable levels of functionality. The recovery time offered by different vendors will become the method of rating their services. Service Level Agreements will have to provide details of anticipated recovery times, in addition to what will be recovered and who has responsibility for what. I think we will also see increasing use of Storage Service Providers in the enterprise. Their ability to remotely outsource physical storage sub-systems, particularly for hosting geographically remote data vaults for back-up and recovery, could be crucial.

• We could see greater use of, and further research into, back-up techniques such as mirroring, snapshot, differential, incremental, and others which minimise back-up and recovery times. We could see greater implementation of wide-area SANs (Storage Area Networks) to enhance server-less backup and recovery capability over long distances.

• PC backup strategies will no longer be optional, as the value of data on the single-user system is significant. I think we may even begin to see this implemented at the operating system level in the mid-term future.

• I think we are also going to see changes in the status of IT security staff.
Large companies will want to appoint a Chief Security Officer, if they have not done so already, and it’s generally good practice to have that person report not to the CTO but direct to the CEO. The Chief Security Officer will gain enhanced responsibilities and status as will the staff and teams responsible for data security. Many small and medium-sized companies who do not already have permanent IT security staff will acquire qualified personnel. This could lead to a skills shortage in this sector in the short to mid term. We are likely to see more emphasis placed on the certification of staff in security and disaster recovery roles. Qualified staff are essential, because all it takes is an improperly configured router or firewall to allow hackers in.

• We may also see the development of something along the lines of a IT security rating. This would be a number or grade that provides an indication of the level of security for a product or the security of a company. Such benchmarking of products would provide consumers with a gauge as to the security of a product in the same way that vendors use the five-nines rating for system availability.

• I think we will see more countries providing proper funding to set up internationally co-ordinated computer crime units, possibly in close association with national and international security agencies.

• The demand for bandwidth will accelerate, as remote backup/recovery strategies are implemented more frequently. The reduction in air travel will increase the use of video-conferencing, and other telecommunication methods which will further add to bandwidth demands. However, there is a mass of installed but unused bandwidth, so this is not a major problem.

• One security sector that should receive a boost is the biometrics industry. This sector has been gaining momentum in the last year anyway, but the recent events will make it part of mainstream security. Early biometric devices were both cumbersome to use and priced at a point which prohibited their implementation in all but a few very high security applications. However, in the last decade the unit cost of biometric verifiers has dropped rapidly. In 1993 the average price of a biometric access device was $6000. By 1999, the average price had dropped to around $500. Although the rate of price reduction has slowed, some fingerprint verification devices are available for as little as $100 per access point protected. Reductions in end-user costs will continue as production volume increases and manufacturers improve production.

Biometrics has two main methodologies: physical biometrics and behavioural biometrics. Physical biometric techniques include: fingerprints, iris and/or retinal scan, voice verification, hand, finger, and palm geometry, and facial recognition. Behavioural techniques include signature dynamics and keystroke dynamics. Generally speaking, physical biometrics are more stable, as behavioural biometrics are prone to change over time.

Biometric technologies are not a universal security panacea, but they do work well in controlled, closed-loop conditions, which makes the corporate environment an ideal candidate for their widespread use. The reduction in the unit cost of verifiers will also increase customer takeup.

• Security providers targeting Internet virus detection and prevention are becoming even more critical to future success on the Internet, and will have to deliver a new generation of security solutions. Many IT security companies have been hit by the same downturn in technology stock prices as the rest of the industry. This should change as security become the top priority of many companies.

Managing security properly is hugely complex, expensive, and the difficulties are increasing. Furthermore, new technologies bring new and increased risks and the consequences of security breaches become more severe. The impact of viruses and associated attack mechanisms is now reasonably well understood, at least so far as desktop systems are concerned. Most enterprises have anti-virus software installed, although many do not keep it up-to–date, and do not have policies regarding its installation and use. This stops these enterprises from properly managing the risks incurred..

Security is a vitally important element in running a successful business. The use of mobile devices, particularly PDAs and mobile phones, is growing rapidly, and many PDAs and handhelds are being connected to enterprise networks. Given that connectivity to desktop and enterprise systems, including direct connectivity, is increasingly necessary and commonplace, this opens up dangerous routes into enterprise systems. There will also increasingly be routes into other systems managed by embedded operating systems, such as domestic appliances, vending devices, in-car applications, and so on. Of itself this need not be a problem, but it is essential that the vulnerabilities be recognized and suitable security policies implemented.

Although the technical aspects of security are complex and time-consuming to understand and monitor, they are essential. Security is a process and is about managing risk, not eliminating it, and certainly not about handling it in ways which undermine marketing initiatives or appropriate working practices among staff. For this reason the process of developing a security policy needs to involve senior representatives of all major departments. A first stage is to determine the use needs and to identify, and grade, vulnerabilities. Once sufficient information has been obtained, appropriate policies can be established and implemented, and the process kept current across the different elements.


Q: What does your research indicate are the top ten priorities for IT departments today?

A. Stephen, we have just completed out annual survey of IS plans and have seen some interesting results. Senior IT managers have classified their most important priorities. These are, in order, (1) customer relationship management, (2) application integration, (3) Web-enabling existing systems, (4) security, (5) business intelligence, (6) help desk and call centre management, (7) improving service levels, (8) e-commerce, (9) consolidation and recentralisation, and (10) storage management. The research was undertaken prior to September so the enhanced security requirements do not yet appear.

In our survey of IS plans, Customer Relationship Management (CRM) topped the poll, nominated among the top five projects in 52% of sites. I would suggest that this is a by-product of the increasingly difficult business conditions, especially in industries which are involved directly with customers.

The United States’ economy is in recession after a long period of growth; despite several interest rate cuts, high-tech industries in particular have seen a sharp fall in demand. Consumer confidence remained relatively high, though discretionary spending inevitably became tighter, and consumer confidence was not helped by rising unemployment. Echoes of these troubles can be felt from the Far East to Europe.

Worldwide, then, there is great emphasis on attracting customers and providing satisfactory service once they have been attracted. Customer expectations across all types of industry have risen sharply. Suppliers have to justify customer loyalty every time there is customer contact. In some ways there are also direct financial gains for suppliers; electronic banking is an example, where the added convenience (at least to some customers) of being able to make contact with their own financial accounts at their own convenience more than outweighs the fact that the service provider sets up a system and then lets the customer do most of the work of administering the account. Effective CRM systems obviously contribute to the perceived standard of service provided.


Integration of applications

Integration of applications is the second highest consideration identified in our research. Large organizations are increasingly likely to provide a wide range of goods or services, which require the aggregation of IS-based services as seamlessly as possible, while retaining availability, security, and so on.

Providing customer service in a timely and comprehensive way – whether via an employee or by persuading or obliging customers to fulfil the operator’s role themselves – demands widespread availability of data and access facilities.

Web-enabling existing systems

Closely associated with application integration is Web-enabling existing systems. Again CRM is surely a factor, as companies attempt to give Web-attached customers access to at least a proportion of their traditional accounting and administrative systems, and as Web-technology-based systems are used to giving internal staff consistent and widespread data access while taking advantage of the cost benefits of Web technology.
Many organizations are finding that attachment of existing systems to one another via the Web, and to Web-based front ends, are lengthy processes. XML is one of the tools which should reduce the effort of providing interfaces, while also making them more flexible and manageable, but it has become established too late to offer its technical benefits and significant savings to many of the early adopters.

Security

As I said earlier, security maintains its fourth position in a our research, but much of the data was obtained prior to September 11th. We have monitored the situation since then, and every indication we have suggests that security is now the top priority.

Business intelligence and data warehousing

Business intelligence and Data Warehousing (DWH) were rated fifth this year, compared to seventeenth in 2000. As you can see, this is following the trend of CRM, as companies push for advantage from very specific initiatives such as personalized account management and one-to-one marketing. More generally, it is widely accepted that there is a strong drive on in all sorts of organizations to derive the most value from the corporate data.

Help desk and call centre management

Help desk and call centre management achieved sixth place in our survey this year, compared with fourteenth last year.

It is worth remembering that the implementation of Web-based IS changes some aspects of user support on both sides of enterprise boundaries. In providing external users with some access to internal applications and IS resources, organisations take on an implicit responsibility for providing a level of customer support (using ‘customer’ in the widest sense). Conversely, help desk and call centre staff are finding that a wider range of facilities is available to them via Web-based technologies, both to provide some first-line support without their intervention and to equip their own operations with a wider range of facilities.

The importance of CRM has already been emphasized and this subject is clearly related to help desk operation and managing call centres, with a view to aiding the quality of service achieved by customer-facing applications.

E-commerce (business-to-consumer)

Business-to-consumer e-commerce (B2C) has fallen sharply from a clear first place in 2000. Presumably there is some fallout from the well-publicized problems being experienced by the dot-com-only companies. This is unfortunate, as well-founded B2C activity, particularly as an adjunct to conventional business activity, bears very little resemblance to the dot-com business model. In addition, while there is a great deal of e-window shopping, the ratio of hits to buys in many e-business operations emphasizes the resources that need to be devoted not only to establishing and maintaining a Web-based marketing presence, but the difficulty of closing and transacting sales, in anything like the same volumes. However, we are seeing that B2C is now well-established in many organizations, falling into the category of applications which are well understood and can be treated with normal priority.

Consolidation/re-centralization of systems

Consolidation/re-centralization of systems comes ninth this year, a marginal step ahead from eleventh last year. The operational and systems management benefits of consolidating and/or centralizing IS resources have been apparent for some years, with the message being driven home by the nature and seriousness of the problems experienced by many of those pursuing distributed computing. While the improving scalability of non-mainframe platforms might have been expected to reduce the appeal of consolidation, the converse has been true as the attractions of centralization have been increased by networking progress, allied to early moves towards exploiting data sharing between server platforms, especially with the aid of SANs.

Storage management

The volumes of data involved in today’s enterprise IS are huge and rising rapidly. This is scarcely a new phenomenon, as the financial results of storage hardware and software vendors have shown since the middle of the last decade, at least until the third quarter of 2001. The implementation of SANs may have focused attention on storage management, opening up new avenues for integrated management of storage across the enterprise IS environment. Though SANs certainly offer – or at least promise – some solutions, particularly in administering large server populations, managing storage still poses real challenges.

Data on enterprise servers is relatively well managed, including effective hierarchical management. Non-mainframe servers have not been so well served in the past. Those which are brought into the enterprise data management regime are beginning to feel the benefits of SANs and now have facilities comparable with those on the mainframe; the comments immediately above on consolidation/re-centralization are relevant to this topic. However, managing desktop-held data has proved to be particularly hard, and the rise of mobile computing adds another dimension to the difficulties.

These are the principal issues being pursued by enterprises today . As you can see Stephen, we have seen a radical change in the top ten priorities of IT managers compared to the same period last year. The dominance of Customer Relationship Management and other e-commerce and e-business related activities implies that e-business initiatives are gaining maturity. Initial deployment has been undertaken and now companies are undertaking secondary and tertiary activities associated with improving service levels to gain competitive advantage.


Q: Consider this a blank slate. Please make any statements or comments about the IT field unedited and unrestricted.

A. The recent events in America have come at the end of a two year period in which IT managers have had to cope with unprecedented levels of change. Eighteen months ago, the Y2K spending freeze ended and the focus of most large companies shifted rapidly towards exploiting e-commerce to build and maintain competitive advantage. This, in turn, drove the IT skills shortage up to unprecedented levels; prompted concerns over scalability which were met in many cases by heavily over-specified systems; and pushed the fundamentally routine issue of system security onto the board-room agenda.

Following the subsequent dot-com crash, and the slow-down in economic activity worldwide, business sentiments towards e-commerce seem to have moved to the other extreme. Recessionary pressures have squeezed IT spending, and now the top concern is cost justification and measuring the return on investment of new and existing IT projects. Evidence of this focus on cost management is clearly provided by research this year by Xephon.

Our research indicates that financial restrictions are now the main obstacle to future progress in IS departments, ahead of ‘shortage of staff/skills’ (which had been the top challenge in the three previous years). In fact 71% of our respondents placed cost constraints among their three greatest challenges, while staff shortages are now a major issue at 60% of sites, compared with a 78% peak last year. ‘Cost’ is most significant in the USA, which has suffered the effects of recession somewhat earlier than other parts of the world. The signs are, though, that many other countries, including most of Europe, are experiencing a similar tightening of purse-strings.

At the same time that cost concerns are looming large, our research department has identified another interesting trend among the large corporates which participate in our research. When we asked respondents about the key projects that they are undertaking, we found that e-commerce per se has slipped down the list of priorities, from first and second place (for B2C and B2B respectively) last time, to seventh and eleventh place this year. While many of the infrastructural issues are still in the top ten – application integration, security, Web-enabling existing systems – the place of e-commerce has been usurped by customer relationship management (effectively a ‘new’ entrant in the list of priorities), while business intelligence is gaining prominence again, particularly in the USA.

Initial interpretation of this data might suggest that e-commerce in the enterprise is following the same dramatic rise and fall as the dot-coms. However, we believe that we’re now seeing a maturing of Internet-based applications, with last year’s discrete projects gradually being absorbed into the IT infrastructure. And now that companies are beginning to open up their back-end databases and information resources to Web front-ends, they are in a much stronger position to exploit business intelligence and CRM tools, which tend to rely heavily on the sharing of customer information between dissimilar applications on heterogeneous platforms.

All of this suggests that the role of internal IS is more critical than ever in large companies, as managers re-assess their earlier e-business resourcing decisions, focus more specifically on integrating Web front-ends with back-end database and transaction servers, and look at ways of improving performance across the most critical customer-facing applications. Indeed, IS managers see their influence within the organization continue to grow. And, while resources are universally tight, the signs are that the fundamental changes to business processes that have occurred as a result of the first wave of e-commerce development are still having considerable impact within the organization.

Nevertheless, for many companies it will still take a considerable time for the real financial benefits of e-commerce, particularly in terms of utilizing customer data and achieving efficiencies through the supply chain, to reach the balance-sheet. In the meantime, the challenge must be to persevere with long-term IT projects while the pressure for short-term cutbacks becomes more intense. This will inevitably test the resolve of those IS managers who are enjoying greater influence over strategic decisions.

News from National | Archives | Search

 

 

 

Copyright © 2000, 2001 Canadian Information Processing Society All rights reserved. Terms of Use Privacy Statement