News from National -- Current Articles
IT Priorities - Dr. Jamie
Interview by S. Ibaraki, I.S.P.
This week, Stephen Ibaraki, I.S.P., has an exclusive interview with Dr
Jaime Kaminski, Senior Technology Analyst and Technical Briefings Manager
Dr. Kaminski is widely respected researcher and an acknowledged international
authority on the IT industry for Xephon which is the world's leading producer
of special IT consultancy reports, reviewed professional journals and
international IT conferences held in London.
Q: In the wake of the events of 11 September, there have of course been
significant impacts across all industries, and IT is not exempt. How do you
see the industry being affected in the short term?
A. Stephen, first of all, thank you for having me back to speak. Since we
last spoke much has changed. September the 11th has changed the way in which
Western society thinks about a range of issues. We now live in a different
world, in which the issue of security has instantly taken on new and massive
significance. In the IT industry we could be at the forefront of the defence
against future cyber attacks, so security issues have moved to the top of the
Despite the unprecedented human tragedy and massive physical damage caused at
the World Trade Centre, early reports suggest that most customer and
business-critical data appear to have been saved by automated, and remotely
located data back-up systems in association with effective disaster
prevention strategies. However, the companies involved were amongst the elite
of world commerce, and their back-up strategies are of the highest standard.
Not all companies have the same high standard of preparation. Both security
and backup issues can be neglected. This is often because both require a constant
investment of time, money and resources, but do appear to provide a
significant return on investment - they do not generate profit. In times of
economic slowdown companies may be tempted to cut back on spending in these
However, many companies now realize that data has become their most critical
asset and the survival of their business depends on it. The value of data far
exceeds the value of the IT infrastructure that supports it, and this is why
the immediate impacts of September the 11th will be associated with data
protection - in the form of enhanced security, back-up and disaster recovery.
I think we can predict many short- and mid-term IT impacts which are likely
as a direct result of the September 11 events. For example:
• Disaster recovery strategies will get significantly more attention than
they may have done in the past. Back-up and recovery is now a
mission-critical priority for companies of all sizes. Critical data should
never be stored in just one physical location: geographically dispersed
copies are essential. However, technologists tend to think of disaster
recovery in terms of ‘recovering the mainframe’ or ‘recovering the Unix box,’
or recovering a particular application or system. This is a serious problem.
Most medium-to-large data centres today do not represent a single
architecture, but a sea of different systems that have grown up over time.
Some legacy systems are decades old. They are integrated with extensions and
enhancements running on a diverse set of platforms ranging from mainframes,
Unix, NT, and others. The important point to note is that critical business
processes supported by these platforms almost always span platforms, and so
are dependent on systems and information maintained on two, three, or more
platforms. It’s all or nothing. When a business process is supported by many
platforms and databases, the information stored on the various platforms
needs to be synchronized. Otherwise there are likely to be coordination gaps
which will result in unpredictable errors ranging from lost data to logical
corruption that makes recovery impossible.
• Increased awareness of disaster recover issues will have an impact on
vendors supplying this sector. The key differentiator between vendors
offering backup/recovery solutions will be how quickly they can recover your
IT operations to acceptable levels of functionality. The recovery time
offered by different vendors will become the method of rating their services.
Service Level Agreements will have to provide details of anticipated recovery
times, in addition to what will be recovered and who has responsibility for
what. I think we will also see increasing use of Storage Service Providers in
the enterprise. Their ability to remotely outsource physical storage
sub-systems, particularly for hosting geographically remote data vaults for
back-up and recovery, could be crucial.
• We could see greater use of, and further research into, back-up techniques
such as mirroring, snapshot, differential, incremental, and others which minimise
back-up and recovery times. We could see greater implementation of wide-area
SANs (Storage Area Networks) to enhance server-less backup and recovery
capability over long distances.
• PC backup strategies will no longer be optional, as the value of data on
the single-user system is significant. I think we may even begin to see this
implemented at the operating system level in the mid-term future.
• I think we are also going to see changes in the status of IT security
Large companies will want to appoint a Chief Security Officer, if they have
not done so already, and it’s generally good practice to have that person
report not to the CTO but direct to the CEO. The Chief Security Officer will
gain enhanced responsibilities and status as will the staff and teams
responsible for data security. Many small and medium-sized companies who do
not already have permanent IT security staff will acquire qualified
personnel. This could lead to a skills shortage in this sector in the short
to mid term. We are likely to see more emphasis placed on the certification
of staff in security and disaster recovery roles. Qualified staff are
essential, because all it takes is an improperly configured router or
firewall to allow hackers in.
• We may also see the development of something along the lines of a IT
security rating. This would be a number or grade that provides an indication
of the level of security for a product or the security of a company. Such
benchmarking of products would provide consumers with a gauge as to the
security of a product in the same way that vendors use the five-nines rating
for system availability.
• I think we will see more countries providing proper funding to set up
internationally co-ordinated computer crime units, possibly in close association
with national and international security agencies.
• The demand for bandwidth will accelerate, as remote backup/recovery
strategies are implemented more frequently. The reduction in air travel will
increase the use of video-conferencing, and other telecommunication methods
which will further add to bandwidth demands. However, there is a mass of
installed but unused bandwidth, so this is not a major problem.
• One security sector that should receive a boost is the biometrics industry.
This sector has been gaining momentum in the last year anyway, but the recent
events will make it part of mainstream security. Early biometric devices were
both cumbersome to use and priced at a point which prohibited their
implementation in all but a few very high security applications. However, in
the last decade the unit cost of biometric verifiers has dropped rapidly. In
1993 the average price of a biometric access device was $6000. By 1999, the
average price had dropped to around $500. Although the rate of price reduction
has slowed, some fingerprint verification devices are available for as little
as $100 per access point protected. Reductions in end-user costs will
continue as production volume increases and manufacturers improve production.
Biometrics has two main methodologies: physical biometrics and behavioural
biometrics. Physical biometric techniques include: fingerprints, iris and/or
retinal scan, voice verification, hand, finger, and palm geometry, and facial
recognition. Behavioural techniques include signature dynamics and keystroke
dynamics. Generally speaking, physical biometrics are more stable, as
behavioural biometrics are prone to change over time.
Biometric technologies are not a universal security panacea, but they do work
well in controlled, closed-loop conditions, which makes the corporate
environment an ideal candidate for their widespread use. The reduction in the
unit cost of verifiers will also increase customer takeup.
• Security providers targeting Internet virus detection and prevention are
becoming even more critical to future success on the Internet, and will have
to deliver a new generation of security solutions. Many IT security companies
have been hit by the same downturn in technology stock prices as the rest of
the industry. This should change as security become the top priority of many
Managing security properly is hugely complex, expensive, and the difficulties
are increasing. Furthermore, new technologies bring new and increased risks
and the consequences of security breaches become more severe. The impact of
viruses and associated attack mechanisms is now reasonably well understood,
at least so far as desktop systems are concerned. Most enterprises have
anti-virus software installed, although many do not keep it up-to–date, and
do not have policies regarding its installation and use. This stops these
enterprises from properly managing the risks incurred..
Security is a vitally important element in running a successful business. The
use of mobile devices, particularly PDAs and mobile phones, is growing
rapidly, and many PDAs and handhelds are being connected to enterprise
networks. Given that connectivity to desktop and enterprise systems,
including direct connectivity, is increasingly necessary and commonplace, this
opens up dangerous routes into enterprise systems. There will also
increasingly be routes into other systems managed by embedded operating
systems, such as domestic appliances, vending devices, in-car applications,
and so on. Of itself this need not be a problem, but it is essential that the
vulnerabilities be recognized and suitable security policies implemented.
Although the technical aspects of security are complex and time-consuming to
understand and monitor, they are essential. Security is a process and is
about managing risk, not eliminating it, and certainly not about handling it
in ways which undermine marketing initiatives or appropriate working
practices among staff. For this reason the process of developing a security
policy needs to involve senior representatives of all major departments. A
first stage is to determine the use needs and to identify, and grade,
vulnerabilities. Once sufficient information has been obtained, appropriate
policies can be established and implemented, and the process kept current
across the different elements.
Q: What does your research indicate are the top ten priorities for IT
A. Stephen, we have just completed out annual survey of IS plans and have
seen some interesting results. Senior IT managers have classified their most
important priorities. These are, in order, (1) customer relationship
management, (2) application integration, (3) Web-enabling existing systems,
(4) security, (5) business intelligence, (6) help desk and call centre
management, (7) improving service levels, (8) e-commerce, (9) consolidation
and recentralisation, and (10) storage management. The research was
undertaken prior to September so the enhanced security requirements do not
In our survey of IS plans, Customer Relationship Management (CRM) topped the
poll, nominated among the top five projects in 52% of sites. I would suggest
that this is a by-product of the increasingly difficult business conditions,
especially in industries which are involved directly with customers.
The United States’ economy is in recession after a long period of growth;
despite several interest rate cuts, high-tech industries in particular have
seen a sharp fall in demand. Consumer confidence remained relatively high,
though discretionary spending inevitably became tighter, and consumer
confidence was not helped by rising unemployment. Echoes of these troubles
can be felt from the Far East to Europe.
Worldwide, then, there is great emphasis on attracting customers and
providing satisfactory service once they have been attracted. Customer
expectations across all types of industry have risen sharply. Suppliers have
to justify customer loyalty every time there is customer contact. In some
ways there are also direct financial gains for suppliers; electronic banking
is an example, where the added convenience (at least to some customers) of
being able to make contact with their own financial accounts at their own
convenience more than outweighs the fact that the service provider sets up a
system and then lets the customer do most of the work of administering the
account. Effective CRM systems obviously contribute to the perceived standard
of service provided.
Integration of applications
Integration of applications is the second highest consideration identified in
our research. Large organizations are increasingly likely to provide a wide
range of goods or services, which require the aggregation of IS-based
services as seamlessly as possible, while retaining availability, security,
and so on.
Providing customer service in a timely and comprehensive way – whether via an
employee or by persuading or obliging customers to fulfil the operator’s role
themselves – demands widespread availability of data and access facilities.
Web-enabling existing systems
Closely associated with application integration is Web-enabling existing
systems. Again CRM is surely a factor, as companies attempt to give
Web-attached customers access to at least a proportion of their traditional
accounting and administrative systems, and as Web-technology-based systems
are used to giving internal staff consistent and widespread data access while
taking advantage of the cost benefits of Web technology.
Many organizations are finding that attachment of existing systems to one another
via the Web, and to Web-based front ends, are lengthy processes. XML is one
of the tools which should reduce the effort of providing interfaces, while
also making them more flexible and manageable, but it has become established
too late to offer its technical benefits and significant savings to many of
the early adopters.
As I said earlier, security maintains its fourth position in a our research,
but much of the data was obtained prior to September 11th. We have monitored
the situation since then, and every indication we have suggests that security
is now the top priority.
Business intelligence and data warehousing
Business intelligence and Data Warehousing (DWH) were rated fifth this year,
compared to seventeenth in 2000. As you can see, this is following the trend
of CRM, as companies push for advantage from very specific initiatives such
as personalized account management and one-to-one marketing. More generally,
it is widely accepted that there is a strong drive on in all sorts of organizations
to derive the most value from the corporate data.
Help desk and call centre management
Help desk and call centre management achieved sixth place in our survey this
year, compared with fourteenth last year.
It is worth remembering that the implementation of Web-based IS changes some
aspects of user support on both sides of enterprise boundaries. In providing
external users with some access to internal applications and IS resources,
organisations take on an implicit responsibility for providing a level of
customer support (using ‘customer’ in the widest sense). Conversely, help
desk and call centre staff are finding that a wider range of facilities is
available to them via Web-based technologies, both to provide some first-line
support without their intervention and to equip their own operations with a
wider range of facilities.
The importance of CRM has already been emphasized and this subject is clearly
related to help desk operation and managing call centres, with a view to
aiding the quality of service achieved by customer-facing applications.
Business-to-consumer e-commerce (B2C) has fallen sharply from a clear first
place in 2000. Presumably there is some fallout from the well-publicized
problems being experienced by the dot-com-only companies. This is
unfortunate, as well-founded B2C activity, particularly as an adjunct to
conventional business activity, bears very little resemblance to the dot-com
business model. In addition, while there is a great deal of e-window
shopping, the ratio of hits to buys in many e-business operations emphasizes
the resources that need to be devoted not only to establishing and
maintaining a Web-based marketing presence, but the difficulty of closing and
transacting sales, in anything like the same volumes. However, we are seeing
that B2C is now well-established in many organizations, falling into the
category of applications which are well understood and can be treated with
Consolidation/re-centralization of systems
Consolidation/re-centralization of systems comes ninth this year, a marginal
step ahead from eleventh last year. The operational and systems management
benefits of consolidating and/or centralizing IS resources have been apparent
for some years, with the message being driven home by the nature and
seriousness of the problems experienced by many of those pursuing distributed
computing. While the improving scalability of non-mainframe platforms might
have been expected to reduce the appeal of consolidation, the converse has
been true as the attractions of centralization have been increased by
networking progress, allied to early moves towards exploiting data sharing
between server platforms, especially with the aid of SANs.
The volumes of data involved in today’s enterprise IS are huge and rising
rapidly. This is scarcely a new phenomenon, as the financial results of
storage hardware and software vendors have shown since the middle of the last
decade, at least until the third quarter of 2001. The implementation of SANs
may have focused attention on storage management, opening up new avenues for
integrated management of storage across the enterprise IS environment. Though
SANs certainly offer – or at least promise – some solutions, particularly in
administering large server populations, managing storage still poses real
Data on enterprise servers is relatively well managed, including effective
hierarchical management. Non-mainframe servers have not been so well served
in the past. Those which are brought into the enterprise data management
regime are beginning to feel the benefits of SANs and now have facilities
comparable with those on the mainframe; the comments immediately above on
consolidation/re-centralization are relevant to this topic. However, managing
desktop-held data has proved to be particularly hard, and the rise of mobile
computing adds another dimension to the difficulties.
These are the principal issues being pursued by enterprises today . As you
can see Stephen, we have seen a radical change in the top ten priorities of
IT managers compared to the same period last year. The dominance of Customer
Relationship Management and other e-commerce and e-business related
activities implies that e-business initiatives are gaining maturity. Initial
deployment has been undertaken and now companies are undertaking secondary
and tertiary activities associated with improving service levels to gain
Q: Consider this a blank slate. Please make any statements or comments about
the IT field unedited and unrestricted.
A. The recent events in America have come at the end of a two year period in
which IT managers have had to cope with unprecedented levels of change.
Eighteen months ago, the Y2K spending freeze ended and the focus of most
large companies shifted rapidly towards exploiting e-commerce to build and
maintain competitive advantage. This, in turn, drove the IT skills shortage
up to unprecedented levels; prompted concerns over scalability which were met
in many cases by heavily over-specified systems; and pushed the fundamentally
routine issue of system security onto the board-room agenda.
Following the subsequent dot-com crash, and the slow-down in economic
activity worldwide, business sentiments towards e-commerce seem to have moved
to the other extreme. Recessionary pressures have squeezed IT spending, and
now the top concern is cost justification and measuring the return on
investment of new and existing IT projects. Evidence of this focus on cost
management is clearly provided by research this year by Xephon.
Our research indicates that financial restrictions are now the main obstacle
to future progress in IS departments, ahead of ‘shortage of staff/skills’
(which had been the top challenge in the three previous years). In fact 71%
of our respondents placed cost constraints among their three greatest
challenges, while staff shortages are now a major issue at 60% of sites,
compared with a 78% peak last year. ‘Cost’ is most significant in the USA,
which has suffered the effects of recession somewhat earlier than other parts
of the world. The signs are, though, that many other countries, including
most of Europe, are experiencing a similar tightening of purse-strings.
At the same time that cost concerns are looming large, our research
department has identified another interesting trend among the large
corporates which participate in our research. When we asked respondents about
the key projects that they are undertaking, we found that e-commerce per se
has slipped down the list of priorities, from first and second place (for B2C
and B2B respectively) last time, to seventh and eleventh place this year.
While many of the infrastructural issues are still in the top ten –
application integration, security, Web-enabling existing systems – the place
of e-commerce has been usurped by customer relationship management
(effectively a ‘new’ entrant in the list of priorities), while business
intelligence is gaining prominence again, particularly in the USA.
Initial interpretation of this data might suggest that e-commerce in the
enterprise is following the same dramatic rise and fall as the dot-coms.
However, we believe that we’re now seeing a maturing of Internet-based
applications, with last year’s discrete projects gradually being absorbed
into the IT infrastructure. And now that companies are beginning to open up
their back-end databases and information resources to Web front-ends, they
are in a much stronger position to exploit business intelligence and CRM
tools, which tend to rely heavily on the sharing of customer information
between dissimilar applications on heterogeneous platforms.
All of this suggests that the role of internal IS is more critical than ever
in large companies, as managers re-assess their earlier e-business resourcing
decisions, focus more specifically on integrating Web front-ends with
back-end database and transaction servers, and look at ways of improving
performance across the most critical customer-facing applications. Indeed, IS
managers see their influence within the organization continue to grow. And,
while resources are universally tight, the signs are that the fundamental
changes to business processes that have occurred as a result of the first
wave of e-commerce development are still having considerable impact within
Nevertheless, for many companies it will still take a considerable time for
the real financial benefits of e-commerce, particularly in terms of utilizing
customer data and achieving efficiencies through the supply chain, to reach
the balance-sheet. In the meantime, the challenge must be to persevere with
long-term IT projects while the pressure for short-term cutbacks becomes more
intense. This will inevitably test the resolve of those IS managers who are
enjoying greater influence over strategic decisions.
News from National | Archives | Search