The White House issued a very timely page, which shows the self-reported progress of agencies toward meeting the open government requirements. Unsurprisingly, almost all agencies get the best compliance scores (“Meets Expectations”) on all they were required to do so far.

I have been browsing quite a few open government pages, and – although their layout varies – content is remarkably homogenous. In particular, again with few exceptions, it is relatively easy to get to both the open data sets and to the idea sharing page, which is powered – for most agencies – by Ideascale, a tool selected by GSA and used already in May 2009 during the first phase of the Open Dialogue, which ultimately led to the Open Government Directive itself.

The majority of agencies use IdeaScale, while some (such as the Department of Agriculture) use different tools and others (such as the Social Security Administration) offer alternatives, pointing out that IdeaScale runs on an external site and does not comply with federal policies about the use of persistent cookies. A waiver has been granted for the use of cookies in the context of open government initiatives: however it is interesting to note that not all agencies warn about this, while some do so quite explicitly (not being a lawyer, I wonder whether the waiver is enough).

It is too early to judge the value and innovation shown by ideas submitted and commented upon so far. There are still too few, with too few votes. It is evident that, in some cases, draft ideas have been put forward by agencies to stimulate dialogue: this is a good idea, as many people – who are not the usual suspects such as activists and advocacy groups – do need a solid starting point to start being engaged.

What struck me is that all those who use Ideascale and its template, show a bulleted list that looks like this:

Give us your ideas on how we can:

• Work better with others inside & outside the government
• Solicit feedback from the public
• Improve the availability & quality of information
• Be more innovative & efficient
• Create Social Security’s Open Government Plan. Learn More…

One would expect the “Learn More” link to go to a draft open government plan, but all of them pointed to the open government page. I would argue that, in order to more effectively engage people on building the plan, it would be great to have an evolving draft of the plan available for comment. This is clearly going to be the case after 7 April, by when the Plans are due (and as required by the directive), but there is no sign so far.

The only two exceptions I found were the Department of Transportation and the Dept of Health and Human Services.

The former positioned itself as a leader in open government compliance, by hosting an early event about how to develop plans. It does give access to a very early table of content for the plan, where it mostly outlines the intended methodology.

The latter provides a very clear layout, points to a blog rather than Ideascale to discuss (no comment yet though), and explicitly asks for comments on the Open Government Plan, although the current draft is no more than what the Directive already provides.

Finally, although this is not a beauty context, the page that I liked most was the one from NASA. It features an imposing countdown clock on the right hand side, which indicates days, hours, minutes and seconds to the deadline for idea submission. It also gives access to many NASA pages on social media, as well as a wealth of other information about iPhone apps, easy access to data sets, and so forth. On the other hand, isn’t it a bit easy to be cool if you have so much information that is already compelling to many people by its nature?.

The other one I would commend is indeed the one from the Department of Health and Human Services, because of its simplicity and its decision to take a different approach to sharing and discussion of ideas: something that, after having browsed over a dozen Ideascale pages, I found quite refreshing.

It seems to me that, although with different impetus and investment, all agencies have raised to the challenge. The proof of the pudding, though, will be in their Open Government Plans.

Which is why Gartner will be hosting a free webcast on March 1 on How To Develop and Leverage an Open Government Plan (I will post about it separately).

The theme for 2010 is “Think B4 U post!” (sic), with videos and posters aimed at reminding people of the potential consequences of posting embarrassing videos and pictures, or worse. Something that “seemed like a good idea at the time” often goes pretty wrong when populated across the Internet.

While the primary audience of Safer Internet Day is kids, the advice given also has relevance to enterprises. As so often happens, what is important to consumer users of social media, also apply to businesses:

Kids: Have you thought about what could happen if people you don’t know see what you are about to post?
Enterprises: Have you done an impact/risk assessment of what could happen if your social media sites are compromised?

Kids: Do you think about and use the privacy settings of the social networks you use?
Enterprises: Do you understand and effectively use the security and privacy protection capabilities of the collaboration products you use?

Kids: Do you know how much you can trust the people you “friend” into your network?
Enterprises: Do you understand the limits of trust with the partners you collaborate with?

Are you following the advice that you are giving your kids?

Source: Marshall Rose (Dr. SNMP) in The Simple Times, October 1992

[Screen] The scene pans in from outside a nondescript office building through a tinted window and into a conference room filled with people sitting at round table.

Please read the italics text as if being spoken by British Naturalist Richard Attenborough.

“Each year between mid-January and mid-February managers from throughout your company migrate to corporate headquarters.

[Screen]  Cut to an airport baggage claim areas where people in suits are picking p their luggage and greeting co-workers.

Drawn from across functions, countries and business units, this unique collection of people meet to engage in the first right of the new year – the annual corporate kickoff meeting.

[Scene]  Cut to a view groups of smiling managers talking with each other in high-energy conversation.  Some exchanging a joke with a hearty laugh, others are locked in serious and thought provoking conversation.

“While they come from different industries, live in different countries and share different values, the =recipe for this corporate ritual is the same.”

[Scene]  Cut to a view of a senior executive – male, late middle age speaking in earnest while standing in front of a screen displaying the corporate logo.

Executives review the year passed and explain the strategy for the coming year.  Citing accomplishments, affixing reasons for poor performance and stating their outlook for the coming year the executive exerts control over the corporate agenda.  Like a mother regurgitating food for their young, the annual executive speech is the most visible expression of paternalism in the corporate.  Sometimes the message is one of tough love, but more often then not executives are coached to lighten the sting out of the message so as not to ‘break the spirit’ of the employees.

[Scene]  Cut between two people speaking in smaller groups:

• A younger executive, female, expertly dressed in the latest fashion, bright eyed and slightly overdosed on caffeine.
• An older executive, a male, slightly balding and a little out of shape, they talk with feeling and the comfort of experience.

Divisional managers repeat the strategy while recognizing last year’s high performers and holding them up as examples for everyone to emulate in the coming year.  Here they play the role of re-enforcer, guardians of the corporate culture and perhaps more importantly for the staff, the allocator of resources and arbiter of decision.

[Scene]  Pan away from the divisional managers to focus on the line managers and front line employees.  Show them listening intently to the divisional manager but passing furtive glances to each other.

Managers and staff listen intently giving attention as a form of payment in return for information and the much-anticipated corporate chicken dinner.  Staff knows that they will be asked to walk through team building activities that exercise corporate strategy.

[Scene]  Cut to a hotel ballroom with music and people milling about watching each other to see who is going to make the first mistake.

But they also look forward in anticipation to the off hours faux pas create another layer of stories that are the foundation of corporate culture.  Who will be the first to take the dance floor and fuel the rumor mill by their dance partner selection?  Who in their nervousness will drink too much, blurt out a truth that everyone believes but no one will give voice to.  Who is talking with whom and what does that mean to me?

You get the picture.

The annual corporate kickoff should be more than ritual, more than an activity we engage in simply because we have always done.  Tough economic times have eliminated much of the social aspects of the kick off, but it has increased the value of the value of this meeting immeasurably.  If you are planning or attending a corporate kickoff consider how you will get answers to the following questions:

• What are the real issues that will determine your success in 2010?  Back them up by data; demonstrate that you are willing to confront reality, despite how difficult that may be.

• What are the actions we will take to address these issues?  These are not the ideas creating through brainstorming that will perish on the flipchart.  These are the things we will hold each other accountable for; we will measure and deliver to create results.

• Who are the people that you need to create new relationships with?  The enterprise is a complex and social organism run by people.  Getting to know the people who will help you with the first two questions and maintaining

All kidding aside the value of the kick off is not in the rubber chicken dinner, nor in seeing Norm from Finance’s new dance moves.  It is on getting common understanding of issues and shared actions necessary for everyone’s mutual success.

Who knows perhaps Norm’s dancing lessons will pay off?

A man walks into a physician’s office and says “Doctor, it hurts when I use my computer.”

The physician replies, “then don’t use your computer.”

A dumb old joke or a wise observation on human nature?  I receive several calls a week from people looking for the best practices on managing cloud computing security and risks.  My quick response is that there ARE no best practices. That always leads to the question “well, what is everyone else doing?”  My answer to this is lengthier and more complex, but it still boils down to the fact that nobody knows what the best practices are going to be.  We have some ideas, but the only defensible statement is that this is a period of experimentation and it is too early for definitive conclusions.

Technology vendors, users groups, and governmental agencies are all anxious to provide some leadership in this area. Once the cloud dust clears, its possible that some technique or technology that is new today will be considered the ‘best practice’ for ensuring low risk use of cloud computing for the processing of sensitive data. Until then, temper your expectations.

The various forms of cloud computing are all new.  It is a computing model with many hypothetical vulnerabilities,  and when used as a multi-tenanted externally-provisioned service, it is undoubtedly the case that entire classes of failure have not yet been considered.

There are always people willing to experiment with new things, and some of them succeed brilliantly. Others are only remembered as case studies. Anything new has to be considered as having a high level of risk until the risk specifics are adequately understood, and the best practices for assessing and controlling them are well demonstrated and generally accepted.

There is no secret best practice for commercial cloud computing risk assessment that hasn’t been publicized. Learning more about the practices of other organizations is interesting and even useful, but no amount of today’s survey data can provide practical guidance as to how you can determine the relative ’security’ of a service offering that is based on cloud computing. The fact that it is difficult or impossible to learn ‘what everyone else is doing’ should provide grounds for caution.

At this point in time, the Information Security profession cannot provide a definitive answer as to the relative level of risk associated with the use of multi-tenanted commercial cloud computing offerings.

If you want to use something new, then use it, and be aware that you are experimenting. My advice would be to limit use to relatively low-sensitivity processes and data, but ultimately, this is a business decision. The pain of this choice is inherent in the act; no relief exists today.

If you must have a reasonable and defensible certainty as to the  security of computing model, let alone a service business model, then don’t use something that is so new that nobody knows how to assess it.

The 2010 BrandBowl, a Twitter-based ad competition produced by the Mullen Ad Agency and Radian6, a social media measurement company, declared Doritos and Google the winning advertisers, and I was not alone in feeling gratified that Google chose to open its coffers to CBS on this occasion, and produced an ad that not only effectively romanced its search product, but also (as David Card pointed out in a tweet) gave new hope to copywriters all over the world.

Last year I wrote about how advertisers like E*Trade had fumbled keywords like shankapotamus, turning over their traffic to folks like me. This year E*Trade got the message and bought milkaholic, and a number of other advertisers followed suit.

But the spot I want to talk about didn’t even make the #brandbowl top 10, despite featuring Beyonce, the Twitter Bird, and a host of other online icons. Unless I miss my mark, most of America had no idea what to make of it. Here it is:

It’s tempting to enumerate the many reasons why this ad is a failure from a creative standpoint – basically, it’s a cacophony of clashing and contradictory metaphors and idioms with no clear brand promise or value proposition – but it’s nonetheless noteworthy in its attempt to go mainstream with the message of Internet on your TV. And therein lies a tale of interest.

We are reminded that, a year ago, Yahoo! made headlines announcing its platform for TV widgets, called Yahoo! Connected TV, at CES2009, to be supported by four major TV manufacturers (Samsung, Sony, LG, and Visio). Yesterday, Yahoo was featured on the Vizio widget bar, but like all of the other manufacturers, Vizio has chosen to brand its own widget platform – VIZIO Internet Apps (VIA) – and give Yahoo tenant status. This is rapidly leading to a condition where each manufacturer has its own proprietary widget platform, which, needless to say, is a path to doom for the whole idea.

Meanwhile, Canoe Ventures (remember them?) and CableLabs announced the completion of a new (yet-to-be-fully-revealed) standard called EBIF IO6 (“IO6” for short) which extends the original EBIF specification to cover widget-like applications that are delivered outside the context of an individual show or channel (“unbound” in industry parlance). That puts the standard on an apparent collision course with the manufacturer’s Internet-connected TV aspirations, and is sure to make for an interesting race to critical mass.

This appears to be a good-news, bad-news story. The bad news is that developers and content providers will not have a single platform to target with applications for some time. The good news, however, is that the race is (back) on, and that the service providers and manufacturers have little choice but to accelerate their efforts if they’re to have any chance at achieving critical mass in the marketplace before their opponents. Nothing like competition to bring out the in us.

The big question, of course, remains: what are these magical TV widgets that are going to engage consumer interest in new sets and services? After all, tweeting on a smartphone during the game didn’t seem so bad. Oops, there’s the whistle, seems like we’re out of time….

C’mon folks, we all know the old cliche… but trite or not it is still true.. you cannot tell if you are winning if you do not know the score.  Clearly the industry as a whole has a lot to learn about measurements and metering for services (Gartner clients, see Measuring the Value of SOA) but we have to at least try, because without some objective measurement it is difficult to argue for any investment, nor is it possible to constrain expectations, and we all know what happens when expectations outpace our ability to deliver.

As a result, cloud-related research was a major topic during our most recent set of recovery and continuity content planning meetings for 2010. One particularly hot topic was the extent to which cloud services could become a one-stop solution for midsized business that are already stretching their in-house IT resources to the maximum.

Today, the recovery and continuity management approach of choice for many of these businesses is little more than the use of managed backup services. Coincidentally, this aligns very well with storage cloud providers’ sweet spots.

However, backed-up data is of little use if it cannot be restored. Compatible server and storage equipment, as well as a supporting data center, are also needed. This is one of the main reasons why so many small and mid-sized organizations feel that they are unprepared to fully recover. For this and other related reasons, recovery-in-the- cloud services that support managed backup, restoration, testing and operations failover can become one of the future bright spots in what is otherwise a largely dormant industry. One key reason is the “always-on” nature of the cloud, making both recovery and failover testing far more flexible and actionable than is currently the case with more traditional shared subscription services. However, this service segment is extremely nascent and unfortunately its potential benefits are currently shrouded by far more questions than concrete answers at this point.

Would this class of cloud service be of interest to your organization? If so, what service functionality, price points and provider maturity would be needed in order to get your attention?

In the meantime, I’ll give you my personal take.

I listened to Hasso Platter’s conference call, while sitting in the Frankfurt airport. I’m on the way to a presentation on SAP roadmaps for clients in Manchester (my slides now need some adjustment).

Hasso Plattner made it clear that it was his decision to change the CEO and he took some of the blame for the customer and employee dissatisfaction issues that have dogged SAP over the last couple of years. He even managed to go the offensive, positioning the new technologies his labs are working on. In a sense it was vintage Hasso. He spoke with passion, clarity and determination.

Today’s announcement highlights the vital role Hasso Platter still plays at SAP. SAP has been unable to find a successor to fill his boots. We will need to wait and see if the return to the two CEO model will work as it did with SAP’s founders. It is a tougher challenge this time around.

SAP succession plans were shook up several years ago when Shai Aggasi left SAP, and it has yet to really recover them.

SAP’s problems are as much internal as external. SAP’s workforce need a big hairy engineering goals and the room to innovate and take risk.  The field want to sell innovation, not maintenance. SAP needs to cut away the layers of bureaudisney that have stifled innovation moving from lab to customer. Growing margin doesn’t excite software developers or customers. SAP management seemed to forget that. It took Hasso to remind them.

SAP’s challenges are bigger than simply replacing the CEO. It needs to recover its geist. Today was the first step, but Hasso alone can’t restore SAP to its past growth.  The new co-CEO’s,  Jim and Bill, have much to do. This is complicated.

———————————————————————————————————-
Lean is a robust management discipline initially developed in manufacturing but now finding increasing currency with a growing number of CIOs implementing it within their IT organizations to reduce waste, increase agility and improve customer value. It works by focusing an enterprise, its people, processes and resources on only what customers value; systematically eliminating everything else as “waste”.

Early findings show there are two routes into Lean: Transformational Lean, which depends on a culture change for its enterprisewide impact and sustained improvement, and Focused Lean, which is shorter-term and more limited in its scope but is much quicker to implement.
———————————————————————————————————–

Lean is a popular management discipline among CIO to reduce waste, increase agility and improve customer value because it has been proven to work, and can be implemented with very little up front capital investment.

Lean has its roots in manufacturing, but is now being applied in many service industires such as banking, healthcare, government, equipment rental, public transport retail and so on.

Lean works by focusing an enterprise, its people, processes and resources on only those things valued by end customers, systematically eliminating everything else as “waste.” To do this, it applies five principles:
– Understand what your customers perceive as value and how you deliver it to them (the chains of activities that deliver value Lean calls ‘value streams’);
– Flow cleanly from start to finish rather than starting then stopping then restarting (for example too many application development projects seem to suffer from this);
– Make what is pulled by customers, don’t build solutions or provides feature that is in excess of the business requirements;
– Eliminate waste from your activities (Lean, reflecting its roots in Toyota Japan, uses three Japanese words to characterize waste types: muda – any activity that does not add value; mura – wasted caused by unevenness; and muri – waste caused by overstressing teams, individuals, plant and equipment);
– Seek continued waste elimination through continual improvement.

But Lean has its challenges. It requires robust leadership, which frequently has a personal cost to the leader. Persistent benefits and bigger payoffs require it to become an embedded way of working, which in turn relies on cultural change. As a result, Lean, as a transformation, is a massive multiyear exercise.

Early findings show there are two complementary ways into Lean for the CIO: for those CIOs committed to process improvement and with a target process identified, “Focused Lean” (an outcomes approach to Lean focused on delivering short-term performance improvements rather than lasting cultural change) is a low risk starting point that provides short-term business value and valid opportunity to prove Lean works in their existing culture.

For CIOs committed to the longer-term creation of a resilient organization and sustained performance improvement, Transformational Lean offers longer-term sustainable change with bigger performance gains than does Focused Lean, albeit at the cost of a longer harder implementation.

Lean also combines nicely with other business process improvement initiatives like BPR and Six Sigma, so can be used along side them, providing both additional tools and a unifying approach to process improvement.

CIO CALL TO ACTION
Lean is management discipline that offers the possibility to reduce waste, increase agility and improve customer value. The two complementary implementation approaches for Lean – Focused Lean and Transformational Lean – allow the CIO to choose the type of Lean best suited to their organization’s maturity and requirement.

BOTTOM LINE
If a CIO is looking for transformational change in their IT organization to create a low-cost, effective, agile and sustainable organization with an embedded culture of continuous improvement, then Transformational Lean offers a way in which this may be achievable.

Business Impact:
Lean is a powerful proven and effective management approach that creates and sustains a continually improving enterprise. It is gaining currency with CIOs because it offers a way to simultaneously improve cost, quality, speed and agility.

In addition, Lean also provides a very effective platform for team building and improved inter-team communication.

Please e-mail the authors with your comments:
Andy Rowsell-Jones: Andrew.rowsell-jones@gartner.com
Richard Hunter: Richard.hunter@gartner.com

Dan Miklovic: Dan.miklovic@gartner.com

Additional Insights:
“Success With Standards,” Dave Aron and Andy Rowsell-Jones (EXP Research), May 2006

“Improving Business Processes,” John P. Roberts and Andy Rowsell-Jones (EXP Research), May 2009

“Hype Cycle for Business Process Management, 2009,” Michele Cantara (Research), 20 July 2009

“Maturity Assessment for Application Organizations: Application Portfolio Management,” Jim Duggan (Research), 13 July 2009

“Maturity Assessment for Business Process Improvement Leaders: Six Phases for Successful BPM Adoption,” Marc Kerremans (Research), 3 September 2008

“Best-in-Class Lean Manufacturing Leverages IT,” Dan Miklovic (Research), 19 March 2008

“Findings: Lean ‘Lite’ Is Not Lean,” Dan Miklovic (Research), 1 May 2009

“Findings: In Lean, Process, Not Pretty, Is Key to A3 Success,” Dan Miklovic (Research), 1 May 2009

“Q&A: Moving Lean From the Plant to the IT Organization, Part 1,” Dan Miklovic (Research), 18 November 2008

“Moving Lean From the Plant to the IT Organization, Part 2,” Dan Miklovic (Research), 7 January 2009

“Moving Lean From the Plant to the IT Organization, Part 3,” Dan Miklovic (Research) 15 April 2009

“Understand How Methodologies Evolve Into Standards to Achieve Service Excellence,” Jim Longwood (Research), 26 May 2009

“How to Apply Lean Principles to ERP/Business Application Implementation and Support,” Pat Phelan and Dan Miklovic (Research), 26 June 2009

“Using Lean Principles to Improve Multisourcing
Disciplines,” Frank Ridder and Frances Karamouzis (Research), 17 July 2009

“Case Study: Denver Health Leverages ‘Lean’ for a Breakthrough in Enterprise Patient Scheduling Implementation,” Vi Shaffer (Research) 17 December 2008