I also chatted with a number of clients here about mobile workforce applications, and achieving ROI through a combination of a mobile app and some level of process change. Here in Australia it seems harder to change working practices than in some other countries. This resistance to change seems to be caused by a combination of cultural factors and perhaps more unionised workforces.

Another topic which came up a few times was workforce modelling, i.e. building a model of job roles and their mobile application and communication needs as a foundation for strategy and planning. A workforce model is a great way to take a snapshot of your mobile needs to serve as a basis for planning. But like all snapshots it gets out of date as the world evolves, so you need to revise it occasionally. And this was one of the points that came up; organisations were finding that the model they created a year or two ago was now well out of date and needed refreshing. Given that we started talking about the first generation of workforce models with many of our clients a couple of years ago I suspect this is quite a common situation. Is it time to refresh your mobile workforce model?

My other main impression of Sydney is that it’s too hot. Parts of the region today are predicted to get to 40C, which is way more than Brits are designed for. We’ve evolved to be waterproof, not fireproof.

————————————————————————————————————————-
In recent conversations with CIOs, portfolio management has been a recurring topic of interest, as IT organizations (ITOs) seek to optimize resource allocation and subsequently maximize return on investment. This also comes on the back of a recent CIO-CFO roundtable where the attending CFOs identified “transparency” as one of their greatest IT headaches. Visibility into the portfolio of work that consumes a large portion of IT resources helps facilitate that transparency and informed decision making.
————————————————————————————————————————-
Portfolio management has increasingly become a popular IT executive conversation topic, as ITOs attempt to yield the greatest value from their scarce resources (i.e., money and people).

There are two fronts to this discussion:
Project portfolio. Less mature ITOs are formalizing the discipline of project/program management (PPM) and building out capability to reduce scope creep and deliverable slippage, which also provides the basis for reporting a consolidated view of IT projects. One CIO of a manufacturing company in the Midwestern U.S. is initiating PPM in response to the CEO’s demands for “a consolidated view of work being performed by IT across the organization.”

Those with a formal program management office (PMO) are attempting to integrate the informational output of the PMO with IT governance arrangements, thereby placing a magnifying glass on resource consumption and providing the basis for educated decision making. As the CIO of a Midwestern U.S. agricultural products company put it, “Help to separate demand from supply by adding baseline information when selecting new work.”

Application portfolio. This comprises the analysis of the application set for risk, value and architectural relevance, and has been especially evident in large, complex organizations with historically decentralized or loosely defined IT accountability. In one example, the head of IT strategy and architecture for an insurance company in Chicago had responsibility for reviewing the application portfolio against the above criteria and then thinning out the portfolio where possible. He noted that “the issue is now one of IT governance because the tough decisions about application retirement must now be sold to the business users and implemented.”

In both examples of portfolio management, the recent economic slowdown has provided the impetus to move more forcefully to target immediate benefits through the reduction of risk, duplication and cost. While this is the equivalent of gathering evidence to present a case, most CIOs are not viewing these activities as a one-off, and are instead assuming that they will foster a permanent change in behavior toward IT resources. Beyond that, there are varying views of longer-term architectural-based benefits associated with cost, compliance and agility.

CIO CALL TO ACTION
• Assign review and recommendation responsibility for both project and application portfolios to a PMO to increase its role in overall IT governance.
• Perform a detailed audit of applications and rate for value vs. risk (cost and consequences), using consistent and balanced criteria. See the September 2006 Executive Programs report “High Value, High Risk: Managing Legacy Portfolios.”
• Develop application life-cycle scenarios that require increased attention to retire, replace or remediate, and seek input from architecture/standards groups.
• Consider involving the architecture group to help identify underlying architectural services that can be leveraged for common infrastructure or integration.
• Inject portfolio information into annual budgeting and planning cycles and key IT governance arrangements. The real value from either an application or project portfolio is not just the information it provides but the actions taken.
• Anticipate backlash, as enterprisewide portfolio management challenges feudal or functional power bases, and be prepared to allocate and adjust resources based on governance style.
• Begin portfolio management using simple tools (e.g., expanded spreadsheets) to quickly illuminate the key financial and risk information before exploiting more sophisticated models.

BOTTOM LINE
Both project and application portfolio management are powerful tools that can help facilitate rational discussion around the usage of IT resources. They also assist in advancing architectural objectives and in increasing agility. But the real value of a portfolio exercise emerges from the organizational actions taken; and thus inclusion with balanced IT governance arrangements is vital.

Business Impact:
Successfully implementing portfolio management – whether it be project, program or application – provides both short- and long-term benefits in better managing costs, including avoidance and investments (via a more architected approach), as well as outcomes.

Additional Insights
• “Management Update: Managing a Federated Architecture,” Burke, B., December 2007 (Research)
• “Toolkit Presentation: Applications Portfolio Management Starter Kit,” Duggan, J. et al, April 2007 (Research)
• “Make IT Demand Governance Easier: Use Project Portfolio Management,” Gerrard, M., October 2006 (Research)
• “Portfolio Management; CIO Desk Reference Chapter 10,” Handler, R., October 2009 (EXP Research)
• “High Value, High Risk: Managing the Legacy Portfolio,” Hunter, R., Aron, D., September 2006 (EXP Research)
• ““How the CIO Can Increase the Value of the Application Portfolio,” Kyte, A., February 2009 (Research)

Social networking, online chat, blogs and mobile services are among the leading-edge communication and networking technology phenomenon that have become increasingly embedded in the fabric of daily life for many people in terms of peer-to-peer (P2P) interaction and, to a certain extent, for retail banking.

Recent Gartner survey data indicates that some of these capabilities also have gained a foothold with commercial customers in several regions.

The challenge for banks is now twofold: (1) to make these capabilities an integral part of their services where wanted, and (2) to determine how to leverage these services to increase bank revenue with commercial customers.

The biggest names in software have been touting sales force automation (SFA) applications for years, and one of the fastest rising software companies of the last five years even named itself after this class of application. But is there any evidence that SFA is a differentiator to a business? Has it helped a company escape the downturn? Anticipate the downturn? Profit from the downturn? Or is it just the great equalizer, the low-bar to stay at parity with the competition? And if so, what is the fuss all about? And what is, then, a better determinant of business success?

We have been writing for 12 years that SFA is one of many dimensions of a customer strategy. We have written and presented over a thousand times that good understanding of customer intentions, personalized (or ‘persona-tized’) marketing messages and excellent customer service were equally important.

Just about every client realizes that it is the ‘before’ and ‘during’ and ‘after’ of the customer interaction that counts – not one in isolation. What the customer expects largely determines how they will ‘consume’ an experience. And you either shape these expectations or they get shaped for you by blogs, forums, and the buzz in the market.

And then there is the element of new media – Twitter and Facebook and SMS and web communities that operate entirely beyond corporate control, where no sales force can easily go.

We as organizations are so poorly designed to approach the challenge comprehensively (multi-channel, multi-department, and ‘outside-in’) that only a radical rethinking of the problem will shake senior management into making the required changes in how we go to market.

Any good examples of large enterprises who have done this are welcome, and in future blogs I will share some as well!

US Government Agencies Say Incidents Are a Daily Occurrence (November 10 & 11, 2009)

A CDW-Government survey of 300 US government IT professionals found that 44 percent of agencies noted an increase in the number of security incidents over last year.  Thirty-one percent of respondents said their agencies experienced at least one cyber security incident every day.  The top areas of concern reported by respondents were malware, inappropriate employee activity or network use, managing access for approved remote users, and data encryption.

Pescatore – I’m really worried about the 69% who *don’t* think they are having daily security incidents. Basically, a day without a security incidents is a day without any Internet connectivity and with no human beings using any computers that have any software running on them.

In 2008 Microsoft doubled down on ad management tools with its purchase of Rapt, the leading pricing and yield management solution for publishers, which it quickly integrated into the Atlas Publishing Suite. Now sources tell me that Microsoft is no longer taking new customers for Rapt, and its biggest customer, Yahoo!, recently informed analysts that it will be discontinuing its use of the product in favor of internally-developed solutions. Meanwhile, ad operations providers such as Operative, Solbright, and FatTail have closed ranks on pricing and yield management in their ad product suites.

A few weeks ago, Microsoft announced a partnership with open source ad server provider OpenX, an Atlas competitor. The announcement describes an arrangement where OpenX provides a “distribution channel for Microsoft monetization products” (read: ads) and, in return, gains “access to a new base of potential customers – via referrals from Microsoft – for its enterprise advertising technology and services.” Although Microsoft’s director of advertising business development Peter McDonald, commented obliquely that “the OpenX ad server technology might be more appropriate [than Atlas] for certain types of Web publishers,” the partnership nonetheless suggests a migration path for Atlas users should Microsoft decide to exit the ad server business.

Another clue lies in the way Microsoft has evolved its description of PubCenter. In April, Microsoft described PubCenter as “the convergence into a single platform of the many systems we’ve developed and acquired…[including] technologies and tools provided by the former Atlas and Rapt solutions, as well as a self-serve offering.” Today, the PubCenter (beta) site offers “select web site owners the chance to place advertising from the Microsoft network on their web sites.” No word of convergence.

I’ve frequently advised publishers, vendors, and advertisers to be wary of the conflicts created by companies that offer both media campaign management tools and media under the same roof, so Microsoft’s decision to favor its media business over its ad server business might be a wise one. Still, $6 billion was a lot to pay for DoubleClick’s chief rival. And Google, for its part, seems to be well on the way to making its largest acquisition pay dividends.

Collins work is a place to start in answering this question.  Collins in fact invited CIOs to assess their leadership skills and get materials from his web site http://www.jimcollins.com.  There you will see the characteristics of Level – 5 leadership which are essential to any executive and probably more so for the CIO.

No one can know if a CIO has gone from good to great without working with him or her in depth and seeing their track record.  All of us are great for time-to-time, but sustained greatness is something different.  Building on those thoughts here are a few others more around signs that are indicative that a CIO might be great in no particular order:

Great CIOs have great teams.  This is often the last thing mentioned in lists comparing good to great, but it should be the first thing.

Great CIOs are business leaders and see business results. How you introduce yourself says much about your focus and self-identity.

Great CIOs understand IT’s leverage points in their business model. They describe their company in terms of its fundamentals, the things that drive earnings per share, market success and customer choice.

Great CIOs communicate clearly. They take complex issues and speak about them without over simplification.

Great CIOs ask good questions. They recognize that they do not have all the answers and that every answer or plan can be strengthened with good questions.

Good CIOs have many of these same characteristics, but there is something different about the ones who are great.

Greatness in a CIO is not a function of the company they work for, the salary they earn, the size of their title or other factors.  There are great CIOs at small companies and not so great CIOs at big companies.

The points raised above require some additional explanation and therefore the subject of additional blog posts.  However, to get the conversation started.  What else makes a great CIO?

The issue came to light  in October when a plague of phony insertion orders compromised major publisher sites including The New York Times, Foxnews.com, The Huffington Post, and Gawker, culminating in Starcom MediaVest Group’s request for a Federal investigation (see MediaPost or AdAge coverage). Fraudulent practices range from malware distribution, which appears to be on the rise (see Click Forensics’ alarming report, declaring that click fraud perpetrated by botnets, a result of malware distribution, has risen sharply) to the grey-hat technique of the month, “invisible advertising.” (Is it fraud? You decide. But it certainly isn’t the kind of thing that’s going to ease any brand-conscious minds.)

On the defensive side, AdSafe Media has set itself up to provide rating and filtering services for advertisers, which could help solve the website half of the problem (MediaPost), while sell-side optimizers such as The Rubicon Project, PubMatic, and AdMeld have been promoting their abilities to help publishers filter the advertising side. (PubMatic, incidentally, held an Ad Revenue conference of its own on October 8th which I attended and found quite good; see recap here.)

The bottom line is, major brands are going to continue to be skittish until these incidents calm down, but the incumbent leaders on the publishing and media agency sides should smell an opportunity here. Their common adversary, comprised of certain ad networks that are widely seen as depressing prices and arbitraging profits out of the system, is arguably also contributing to a general climate of low security by removing personal contact and active scrutiny from the marketplace. But the fact that premium players have also recently been successfully targeted suggests that they need to do more to distinguish themselves as safe – and thus worthy of premium pricing and greater spending allocations.

Publishers and agencies have a chance to take the upper hand on this issue, but they’ll have to move quickly. They need solid solutions of their own before someone like Google takes the reigns.

———————————————————————————————————————-
During a recent Gartner meeting with several members, the turnaround-style CIO members discussed that they are not afraid to take some risk, and doing so has paid off with improved service and a modernized IT environment. In 12 months, one CIO was able to “rip and replace” all infrastructure systems, and, in the process, over 90% of all enterprise services were upgraded, replaced or retired.
———————————————————————————————————————-

One of the executives we engaged is the CIO of a $1 billion federal R&D organization specializing in energy research, supporting 4,000 staff, 10,500 systems and 6,000 scientific users per year. He recently executed a three-year turnaround (i.e., IT modernization program) and shared with us the nature of the initial challenge, approach, success factors and business impact.

The CIO noted that his business colleagues were extremely supportive: “As a team, we had an opportunity to make a major impact on how they conduct business and how they work with other organizations. The leadership wanted to embark on transforming their organization in numerous areas within a very short period of time.”

The CIO further stated that “there were many challenges to overcome, both from a culture standpoint and a technology perspective. One of the most difficult decisions was moving forward on a ’single-stack’ IT solution versus implementing a ‘best-in-breed’ IT solution for each process or IT challenge, and in doing so, there was no shortage of challenges.”

Nature of the initial challenge:
• Unknown number of computers and unknown IT costs
• Hundreds of applications written in a variety of languages and technologies
• Disjointed end-user application experience and communication
• Unknown number of IT staff spread over approximately 20 IT departments
• Concerns around the growing challenge of attracting and retaining the brightest staff and scientists
• Weak performance monitoring
• Inconsistent communication and collaboration among staff

How did the organization do IT?
The CIO told us that he “directed the IT staff and vendor partners to develop small project teams of skilled experts that were isolated to modernize a discrete, manageable handful of highly visible enterprise applications one at a time and often in parallel. These small teams of experts depended on each other, and trust was established very quickly as a result. The decision to standardize to a single-stack proved to make a considerable difference in the ability to deploy rapidly, and the technologies worked much more seamlessly.”

There were multiple critical success factor (CSF) outcomes:
• Consolidated all IT staff into a single IT organization
• Consolidated hundreds of applications based on a standard methodology
• Standardized computers and enterprisewide technical, business and data architecture
• Created a standard and documented approach for application development
• Modernized the IT environment to improve knowledge sharing, and automated processes for efficiency through:
o Collaboration tools: instant messaging, unified communication, desktop VTCs
o Knowledge management tools: portals, blogs, visual enterprise search engines, expertise location
o Email services: improved IT services by providing 3GB email inboxes with integrated voicemail

BOTTOM LINE:
CIOs must make significant IT changes to transform the way data is stored, how knowledge is captured, and how it is shared and communicated internally (to staff and LOB clients) and externally to business partners and customers.

Business Impact:
By modernizing and transforming IT, cross-disciplinary collaboration is at an all-time high and people are able to rapidly identify who has specific domain knowledge and how to partner to address mutual interests and improve efficiency and effectiveness (productivity, profits, revenue, customer retention/up-sell, market share and EBITA).

Additional Insights:
• “How the CIO Intersects With Other C Suite Roles” (Research)
• “Case Study: CIO Phil Pavitt’s Development as a Change Leader” (Research)
• “The Enterprise CIO’s Role in Business Process Improvement” (Research)

Make no mistake: Midsize organizations do security differently than the big guys do, and tendencies (and sophistication levels) differ across geographies. Witness the following “key findings” from the research:

• Western European midsize companies have had higher security budgets in 2009 than BRIC organizations.
• BRIC countries show a propensity to invest more on hardware security products but less on staffing.
• Suite products and single-vendor reliance continue to be important to midsize companies. Outsourcing is expected to grow. Smaller organizations are less likely than their large enterprise counterparts to take a “best-of-breed” approach to security.
• Data security and privacy and infrastructure protection — not regulatory compliance — are still the primary drivers of midsize IT security spending.
• Midsize companies make more purchases through indirect channels than enterprises, buying directly from vendors less frequently.
• Because of limited security staff and granular senior-level budget control, midsize business leaders — more than IT professionals — drive and influence security purchasing decisions. Among the smaller BRIC companies, about two-thirds (66%) had the board of directors or the involved in IT security policy decision making, compared to 54% of their larger counterparts. Among European midsize respondents, 52% had these senior managers involved, versus 37% of larger companies.
• Symantec is the most-popular provider of MSS and security tools, but local players play a significant part.

This report provides a breakdown of respondents’ security budgets (including spending buckets) for 2009, and projected change for 2010; spending drivers; legislative/regulatory influences; organizational budget/spending decision makers; and preferred solution form factors, channels, and vendors.

We also provide advice to vendors looking to serve the midsize market.

The report is available here to Gartner customers.