Careers: Interviews
IT Priorities - Dr. Jamie Kaminski
This week, Stephen Ibaraki, I.S.P.,
has an exclusive interview with Dr Jaime Kaminski,
Senior Technology Analyst and Technical Briefings
Manager Xephon:
http://www.xephon.com
Dr. Kaminski is widely respected researcher and an
acknowledged international authority on the IT
industry for Xephon which is the world's leading
producer of special IT consultancy reports, reviewed
professional journals and international IT
conferences held in London.
*****
Q: In the wake of the events of 11 September, there
have of course been significant impacts across all
industries, and IT is not exempt. How do you see the
industry being affected in the short term?
A. Stephen, first of all, thank you for having me
back to speak. Since we last spoke much has changed.
September the 11th has changed the way in which
Western society thinks about a range of issues. We
now live in a different world, in which the issue of
security has instantly taken on new and massive
significance. In the IT industry we could be at the
forefront of the defence against future cyber
attacks, so security issues have moved to the top of
the agenda .
Despite the unprecedented human tragedy and massive
physical damage caused at the World Trade Centre,
early reports suggest that most customer and
business-critical data appear to have been saved by
automated, and remotely located data back-up systems
in association with effective disaster prevention
strategies. However, the companies involved were
amongst the elite of world commerce, and their
back-up strategies are of the highest standard.
Not all companies have the same high standard of
preparation. Both security and backup issues can be
neglected. This is often because both require a
constant investment of time, money and resources,
but do appear to provide a significant return on
investment - they do not generate profit. In times
of economic slowdown companies may be tempted to cut
back on spending in these areas.
However, many companies now realize that data has
become their most critical asset and the survival of
their business depends on it. The value of data far
exceeds the value of the IT infrastructure that
supports it, and this is why the immediate impacts
of September the 11th will be associated with data
protection - in the form of enhanced security,
back-up and disaster recovery.
I think we can predict many short- and mid-term IT
impacts which are likely as a direct result of the
September 11 events. For example:
• Disaster recovery strategies will get
significantly more attention than they may have done
in the past. Back-up and recovery is now a
mission-critical priority for companies of all
sizes. Critical data should never be stored in just
one physical location: geographically dispersed
copies are essential. However, technologists tend to
think of disaster recovery in terms of ‘recovering
the mainframe’ or ‘recovering the Unix box,’ or
recovering a particular application or system. This
is a serious problem.
Most medium-to-large data centres today do not
represent a single architecture, but a sea of
different systems that have grown up over time. Some
legacy systems are decades old. They are integrated
with extensions and enhancements running on a
diverse set of platforms ranging from mainframes,
Unix, NT, and others. The important point to note is
that critical business processes supported by these
platforms almost always span platforms, and so are
dependent on systems and information maintained on
two, three, or more platforms. It’s all or nothing.
When a business process is supported by many
platforms and databases, the information stored on
the various platforms needs to be synchronized.
Otherwise there are likely to be coordination gaps
which will result in unpredictable errors ranging
from lost data to logical corruption that makes
recovery impossible.
• Increased awareness of disaster recover issues
will have an impact on vendors supplying this
sector. The key differentiator between vendors
offering backup/recovery solutions will be how
quickly they can recover your IT operations to
acceptable levels of functionality. The recovery
time offered by different vendors will become the
method of rating their services. Service Level
Agreements will have to provide details of
anticipated recovery times, in addition to what will
be recovered and who has responsibility for what. I
think we will also see increasing use of Storage
Service Providers in the enterprise. Their ability
to remotely outsource physical storage sub-systems,
particularly for hosting geographically remote data
vaults for back-up and recovery, could be crucial.
• We could see greater use of, and further research
into, back-up techniques such as mirroring,
snapshot, differential, incremental, and others
which minimise back-up and recovery times. We could
see greater implementation of wide-area SANs
(Storage Area Networks) to enhance server-less
backup and recovery capability over long distances.
• PC backup strategies will no longer be optional,
as the value of data on the single-user system is
significant. I think we may even begin to see this
implemented at the operating system level in the
mid-term future.
• I think we are also going to see changes in the
status of IT security staff.
Large companies will want to appoint a Chief
Security Officer, if they have not done so already,
and it’s generally good practice to have that person
report not to the CTO but direct to the CEO. The
Chief Security Officer will gain enhanced
responsibilities and status as will the staff and
teams responsible for data security. Many small and
medium-sized companies who do not already have
permanent IT security staff will acquire qualified
personnel. This could lead to a skills shortage in
this sector in the short to mid term. We are likely
to see more emphasis placed on the certification of
staff in security and disaster recovery roles.
Qualified staff are essential, because all it takes
is an improperly configured router or firewall to
allow hackers in.
• We may also see the development of something along
the lines of a IT security rating. This would be a
number or grade that provides an indication of the
level of security for a product or the security of a
company. Such benchmarking of products would provide
consumers with a gauge as to the security of a
product in the same way that vendors use the
five-nines rating for system availability.
• I think we will see more countries providing
proper funding to set up internationally co-ordinated
computer crime units, possibly in close association
with national and international security agencies.
• The demand for bandwidth will accelerate, as
remote backup/recovery strategies are implemented
more frequently. The reduction in air travel will
increase the use of video-conferencing, and other
telecommunication methods which will further add to
bandwidth demands. However, there is a mass of
installed but unused bandwidth, so this is not a
major problem.
• One security sector that should receive a boost is
the biometrics industry. This sector has been
gaining momentum in the last year anyway, but the
recent events will make it part of mainstream
security. Early biometric devices were both
cumbersome to use and priced at a point which
prohibited their implementation in all but a few
very high security applications. However, in the
last decade the unit cost of biometric verifiers has
dropped rapidly. In 1993 the average price of a
biometric access device was $6000. By 1999, the
average price had dropped to around $500. Although
the rate of price reduction has slowed, some
fingerprint verification devices are available for
as little as $100 per access point protected.
Reductions in end-user costs will continue as
production volume increases and manufacturers
improve production.
Biometrics has two main methodologies: physical
biometrics and behavioural biometrics. Physical
biometric techniques include: fingerprints, iris
and/or retinal scan, voice verification, hand,
finger, and palm geometry, and facial recognition.
Behavioural techniques include signature dynamics
and keystroke dynamics. Generally speaking, physical
biometrics are more stable, as behavioural
biometrics are prone to change over time.
Biometric technologies are not a universal security
panacea, but they do work well in controlled,
closed-loop conditions, which makes the corporate
environment an ideal candidate for their widespread
use. The reduction in the unit cost of verifiers
will also increase customer takeup.
• Security providers targeting Internet virus
detection and prevention are becoming even more
critical to future success on the Internet, and will
have to deliver a new generation of security
solutions. Many IT security companies have been hit
by the same downturn in technology stock prices as
the rest of the industry. This should change as
security become the top priority of many companies.
Managing security properly is hugely complex,
expensive, and the difficulties are increasing.
Furthermore, new technologies bring new and
increased risks and the consequences of security
breaches become more severe. The impact of viruses
and associated attack mechanisms is now reasonably
well understood, at least so far as desktop systems
are concerned. Most enterprises have anti-virus
software installed, although many do not keep it
up-to–date, and do not have policies regarding its
installation and use. This stops these enterprises
from properly managing the risks incurred..
Security is a vitally important element in running a
successful business. The use of mobile devices,
particularly PDAs and mobile phones, is growing
rapidly, and many PDAs and handhelds are being
connected to enterprise networks. Given that
connectivity to desktop and enterprise systems,
including direct connectivity, is increasingly
necessary and commonplace, this opens up dangerous
routes into enterprise systems. There will also
increasingly be routes into other systems managed by
embedded operating systems, such as domestic
appliances, vending devices, in-car applications,
and so on. Of itself this need not be a problem, but
it is essential that the vulnerabilities be
recognized and suitable security policies
implemented.
Although the technical aspects of security are
complex and time-consuming to understand and
monitor, they are essential. Security is a process
and is about managing risk, not eliminating it, and
certainly not about handling it in ways which
undermine marketing initiatives or appropriate
working practices among staff. For this reason the
process of developing a security policy needs to
involve senior representatives of all major
departments. A first stage is to determine the use
needs and to identify, and grade, vulnerabilities.
Once sufficient information has been obtained,
appropriate policies can be established and
implemented, and the process kept current across the
different elements.
Q: What does your research indicate are the top ten
priorities for IT departments today?
A. Stephen, we have just completed out annual survey
of IS plans and have seen some interesting results.
Senior IT managers have classified their most
important priorities. These are, in order, (1)
customer relationship management, (2) application
integration, (3) Web-enabling existing systems, (4)
security, (5) business intelligence, (6) help desk
and call centre management, (7) improving service
levels, (8) e-commerce, (9) consolidation and
recentralisation, and (10) storage management. The
research was undertaken prior to September so the
enhanced security requirements do not yet appear.
In our survey of IS plans, Customer Relationship
Management (CRM) topped the poll, nominated among
the top five projects in 52% of sites. I would
suggest that this is a by-product of the
increasingly difficult business conditions,
especially in industries which are involved directly
with customers.
The United States’ economy is in recession after a
long period of growth; despite several interest rate
cuts, high-tech industries in particular have seen a
sharp fall in demand. Consumer confidence remained
relatively high, though discretionary spending
inevitably became tighter, and consumer confidence
was not helped by rising unemployment. Echoes of
these troubles can be felt from the Far East to
Europe.
Worldwide, then, there is great emphasis on
attracting customers and providing satisfactory
service once they have been attracted. Customer
expectations across all types of industry have risen
sharply. Suppliers have to justify customer loyalty
every time there is customer contact. In some ways
there are also direct financial gains for suppliers;
electronic banking is an example, where the added
convenience (at least to some customers) of being
able to make contact with their own financial
accounts at their own convenience more than
outweighs the fact that the service provider sets up
a system and then lets the customer do most of the
work of administering the account. Effective CRM
systems obviously contribute to the perceived
standard of service provided.
Integration of applications
Integration of applications is the second highest
consideration identified in our research. Large
organizations are increasingly likely to provide a
wide range of goods or services, which require the
aggregation of IS-based services as seamlessly as
possible, while retaining availability, security,
and so on.
Providing customer service in a timely and
comprehensive way – whether via an employee or by
persuading or obliging customers to fulfil the
operator’s role themselves – demands widespread
availability of data and access facilities.
Web-enabling existing systems
Closely associated with application integration is
Web-enabling existing systems. Again CRM is surely a
factor, as companies attempt to give Web-attached
customers access to at least a proportion of their
traditional accounting and administrative systems,
and as Web-technology-based systems are used to
giving internal staff consistent and widespread data
access while taking advantage of the cost benefits
of Web technology.
Many organizations are finding that attachment of
existing systems to one another via the Web, and to
Web-based front ends, are lengthy processes. XML is
one of the tools which should reduce the effort of
providing interfaces, while also making them more
flexible and manageable, but it has become
established too late to offer its technical benefits
and significant savings to many of the early
adopters.
Security
As I said earlier, security maintains its fourth
position in a our research, but much of the data was
obtained prior to September 11th. We have monitored
the situation since then, and every indication we
have suggests that security is now the top priority.
Business intelligence and data warehousing
Business intelligence and Data Warehousing (DWH)
were rated fifth this year, compared to seventeenth
in 2000. As you can see, this is following the trend
of CRM, as companies push for advantage from very
specific initiatives such as personalized account
management and one-to-one marketing. More generally,
it is widely accepted that there is a strong drive
on in all sorts of organizations to derive the most
value from the corporate data.
Help desk and call centre management
Help desk and call centre management achieved sixth
place in our survey this year, compared with
fourteenth last year.
It is worth remembering that the implementation of
Web-based IS changes some aspects of user support on
both sides of enterprise boundaries. In providing
external users with some access to internal
applications and IS resources, organisations take on
an implicit responsibility for providing a level of
customer support (using ‘customer’ in the widest
sense). Conversely, help desk and call centre staff
are finding that a wider range of facilities is
available to them via Web-based technologies, both
to provide some first-line support without their
intervention and to equip their own operations with
a wider range of facilities.
The importance of CRM has already been emphasized
and this subject is clearly related to help desk
operation and managing call centres, with a view to
aiding the quality of service achieved by
customer-facing applications.
E-commerce (business-to-consumer)
Business-to-consumer e-commerce (B2C) has fallen
sharply from a clear first place in 2000. Presumably
there is some fallout from the well-publicized
problems being experienced by the dot-com-only
companies. This is unfortunate, as well-founded B2C
activity, particularly as an adjunct to conventional
business activity, bears very little resemblance to
the dot-com business model. In addition, while there
is a great deal of e-window shopping, the ratio of
hits to buys in many e-business operations
emphasizes the resources that need to be devoted not
only to establishing and maintaining a Web-based
marketing presence, but the difficulty of closing
and transacting sales, in anything like the same
volumes. However, we are seeing that B2C is now
well-established in many organizations, falling into
the category of applications which are well
understood and can be treated with normal priority.
Consolidation/re-centralization of systems
Consolidation/re-centralization of systems comes
ninth this year, a marginal step ahead from eleventh
last year. The operational and systems management
benefits of consolidating and/or centralizing IS
resources have been apparent for some years, with
the message being driven home by the nature and
seriousness of the problems experienced by many of
those pursuing distributed computing. While the
improving scalability of non-mainframe platforms
might have been expected to reduce the appeal of
consolidation, the converse has been true as the
attractions of centralization have been increased by
networking progress, allied to early moves towards
exploiting data sharing between server platforms,
especially with the aid of SANs.
Storage management
The volumes of data involved in today’s enterprise
IS are huge and rising rapidly. This is scarcely a
new phenomenon, as the financial results of storage
hardware and software vendors have shown since the
middle of the last decade, at least until the third
quarter of 2001. The implementation of SANs may have
focused attention on storage management, opening up
new avenues for integrated management of storage
across the enterprise IS environment. Though SANs
certainly offer – or at least promise – some
solutions, particularly in administering large
server populations, managing storage still poses
real challenges.
Data on enterprise servers is relatively well
managed, including effective hierarchical
management. Non-mainframe servers have not been so
well served in the past. Those which are brought
into the enterprise data management regime are
beginning to feel the benefits of SANs and now have
facilities comparable with those on the mainframe;
the comments immediately above on
consolidation/re-centralization are relevant to this
topic. However, managing desktop-held data has
proved to be particularly hard, and the rise of
mobile computing adds another dimension to the
difficulties.
These are the principal issues being pursued by
enterprises today . As you can see Stephen, we have
seen a radical change in the top ten priorities of
IT managers compared to the same period last year.
The dominance of Customer Relationship Management
and other e-commerce and e-business related
activities implies that e-business initiatives are
gaining maturity. Initial deployment has been
undertaken and now companies are undertaking
secondary and tertiary activities associated with
improving service levels to gain competitive
advantage.
Q: Consider this a blank slate. Please make any
statements or comments about the IT field unedited
and unrestricted.
A. The recent events in America have come at the end
of a two year period in which IT managers have had
to cope with unprecedented levels of change.
Eighteen months ago, the Y2K spending freeze ended
and the focus of most large companies shifted
rapidly towards exploiting e-commerce to build and
maintain competitive advantage. This, in turn, drove
the IT skills shortage up to unprecedented levels;
prompted concerns over scalability which were met in
many cases by heavily over-specified systems; and
pushed the fundamentally routine issue of system
security onto the board-room agenda.
Following the subsequent dot-com crash, and the
slow-down in economic activity worldwide, business
sentiments towards e-commerce seem to have moved to
the other extreme. Recessionary pressures have
squeezed IT spending, and now the top concern is
cost justification and measuring the return on
investment of new and existing IT projects. Evidence
of this focus on cost management is clearly provided
by research this year by Xephon.
Our research indicates that financial restrictions
are now the main obstacle to future progress in IS
departments, ahead of ‘shortage of staff/skills’
(which had been the top challenge in the three
previous years). In fact 71% of our respondents
placed cost constraints among their three greatest
challenges, while staff shortages are now a major
issue at 60% of sites, compared with a 78% peak last
year. ‘Cost’ is most significant in the USA, which
has suffered the effects of recession somewhat
earlier than other parts of the world. The signs
are, though, that many other countries, including
most of Europe, are experiencing a similar
tightening of purse-strings.
At the same time that cost concerns are looming
large, our research department has identified
another interesting trend among the large corporates
which participate in our research. When we asked
respondents about the key projects that they are
undertaking, we found that e-commerce per se has
slipped down the list of priorities, from first and
second place (for B2C and B2B respectively) last
time, to seventh and eleventh place this year. While
many of the infrastructural issues are still in the
top ten – application integration, security,
Web-enabling existing systems – the place of
e-commerce has been usurped by customer relationship
management (effectively a ‘new’ entrant in the list
of priorities), while business intelligence is
gaining prominence again, particularly in the USA.
Initial interpretation of this data might suggest
that e-commerce in the enterprise is following the
same dramatic rise and fall as the dot-coms.
However, we believe that we’re now seeing a maturing
of Internet-based applications, with last year’s
discrete projects gradually being absorbed into the
IT infrastructure. And now that companies are
beginning to open up their back-end databases and
information resources to Web front-ends, they are in
a much stronger position to exploit business
intelligence and CRM tools, which tend to rely
heavily on the sharing of customer information
between dissimilar applications on heterogeneous
platforms.
All of this suggests that the role of internal IS is
more critical than ever in large companies, as
managers re-assess their earlier e-business
resourcing decisions, focus more specifically on
integrating Web front-ends with back-end database
and transaction servers, and look at ways of
improving performance across the most critical
customer-facing applications. Indeed, IS managers
see their influence within the organization continue
to grow. And, while resources are universally tight,
the signs are that the fundamental changes to
business processes that have occurred as a result of
the first wave of e-commerce development are still
having considerable impact within the organization.
Nevertheless, for many companies it will still take
a considerable time for the real financial benefits
of e-commerce, particularly in terms of utilizing
customer data and achieving efficiencies through the
supply chain, to reach the balance-sheet. In the
meantime, the challenge must be to persevere with
long-term IT projects while the pressure for
short-term cutbacks becomes more intense. This will
inevitably test the resolve of those IS managers who
are enjoying greater influence over strategic
decisions.
|
|
|