CIO

2010 Hot Tech Jobs

“Everyone knows someone who loves Honda” commercial in context with Honda Facebook is a prime example how social network channels have changed today’s business.  If any IT executives still thinks that social networking platform is for kids and teenagers, wake up! You have already missed lots of opportunity, try to speed up and catch on.

Social network is integral in today’s sales and marketing for almost all products and services.  Customization of a product or service based on each individual requirement is not a new concept and it has been discussed and implemented in isolation. The challenge faced before was to approximate each individual’s requirements and social network is an approach to approximate individual’s requirement. Once the requirements are understood, social networks are again used to influence individual customers to buy the given product or service. There are quite a few books written to leverage social network to promote and market products and services. To summarize, in today’s challenging market, it is obvious and evident that social network plays major role in selling product and services to consumers and some cases, even to big corporations.

Given this context, current economical circumstances, growth potential, emergence of cloud computing, compliance conformance requirements,

The following IT jobs will have high market demand in 2010..

1. Enterprise Architect – (Thorough understanding of business process management, business strategy, IT strategy, portfolio management, social networking tools ,techniques and its business application and etc)
2. Security Officer/Analyst (Audit, compliance,policy management, Threats from social networking, Identify Management Strategy,proactive incident avoidance – data loss prevention)
3. Network Engineer – (SAN/IPS/BGP/SONET/DNS/Firewall/Load Balancer/NetCache devices/SSL Accelerator/SMTP/SNMP/High availability/Disaster recovery/..)
4. Cloud Architect ( Cloud operating system – like VMVare, Business cloud)
5. Application Architect – (open source technologies,blog – wordpress, blogspot, facebook, youtube, SaaS, twitter, GoogleWave, web services, Rich Internet application – AJAX/Adobe Flex/Microsoft Silverlight)
6. Information Architect (Data Mining, Dataware house, Reporting, business intelligence, text minig, search optimization)
7. ERP specialist (SAP, PeopleSoft, JD Edward, Oracle financial, Banking – Fidelity, FiServ, Shaw, Phoenix, Hartland, and etc) 
8. Vendor/Contract Management ( ITIL)
9. Program/Project Management (PMBOK, PRINCE frameworks)
10.Smart Phone Application Architecture & Design – (iPhone, BlackBerry, etc)

Technical Architecture Components

In general, infrastructure or data center cost is around 35-40% of an over all IT cost. Due to the high cost absorption in that area, it is prudent for any senior executive in the IT organization to have a better handle on the infrastructure cost.  The industry lacks uniformity in the cost management of IT as a whole and it applies to infrastructure/data center cost. The various cost management structure are available to manage the over all IT cost and it depends on the size and type of an organization. However, the general principle remain the same.

IT infrastructure cost  looked closely for IT cost optimization by every chief information officers. It is essential, particularly during this economical climate, to look the infrastructure cost distribution and study the alternative approaches for cost and competitive advantage. Chief Enterprise architects are directed by CIO and other senior executives to develop an IT infrastructure cost optimization program. To accomplish it, the enterprise architect must understand the high level information of  various components of  infrastructure and develop a technical architectural strategy.  Technical architectural strategy defines the future state and provides a foundation, the blueprint, for the infrastructure/data centre cost optimization program.

For any future state analysis and definition, the current state is studied and understood before a road map is developed to reach the future state.  1. To study the current state, itemize the various components of technical architecture and the service rendered in each components.

Components of technical/infrastructure architecture

  • Hardware
    • Servers
      • Distributed
        • WinTel
          • Linux
          • Windows
        • RISC
          • HP-UX
          • AIX
          • SGI
          • SUN Solaris
      • Mainframe
        • MVS
        • AS/400
    • Disk arrays
      • SAN storage
      • NAS storage
      • Backup
    • Network
      • Logical
        • Extranet
        • Internet
        • Intranet
      • Physical
        • Network Appliances (SSL accelerators, Net Cache devices, XML appliance)
        • Network devices (Routers, Switches, VPN devices, Hubs, Firewall, Wireless,Intrusion prevention)
        • Telephony devices (Dialer, ACDs, IVRs, PBX)
      • External Connectivity
        • SFTP drop box
        • VPN Tunnel
        • T1 line
        • ANX
        • OC3/5 internet connectivity
        • Frames/MPLS
    • Desktop
      • PC
      • Laptop
      • Mobile devices (iPhone, BlackBerry, Smart Phones, pagers)
  • Software
    • System Software
      • Server operating systems
      • Network operating system
      • Storage operating system
      • Desktop operating system
      • Compilers, Interpreters
      • File system management (VSAM, GFS )
      • Name resolution system (DNS)
      • Email servicing system (SMTP)
    • Web infrastructure
      • Application Server
      • Web Server
      • Portal Server
    • Data Administration
      • Database server – OnLine Transaction Processing (OLTP)
      • Data ware house
      • Reporting
      • Business Intelligence
    • Office management
      • Microsoft Office/OpenOffice
      • Email client
      • Browser
      • Remote login
      • Security – Virus prevention
    • Service Layer
      • Business process server
      • Message broker
      • Connector – database drivers, bridges,
    • Monitoring and control management
      • Service monitoring
      • Device monitoring
      • Compliance management
        • Data Loss prevention
        • Login monitoring
    • Collaboration Management server
    • Document management server
    • Storage Management Server
    • Emergency Management Service
      • Disaster Recovery Management
      • Business continuity Management
    • Enterprise Resource Planning (it will expand based on the core business)
      • Financials
        • Accounting
        • Management Accounting
          • Cash flow management
          • Fund flow management
      • HR
      • Procurement
  • Data center Services
    • Power grid architecture
    • Power Distribution Units (PDUs)
    • Backup power –
      • Automatic generators
        • Cooling and backup cooling for generators
        • Fuel capacity and distribution management
    • Cooling and heating
      • Backup cooling and heating
    • Wiring management
    • Rack management
    • Physical security
  • Security Service
    • Directory Services
    • Identity Management Services
      • User provisioning
      • Authentication
      • Authorization
      • User management
      • User de-provisioning
    • Network Security
    • Intrusion prevention
    • Firewall protection
    • Layered protection
      • Zoning – web zone, app zone, database zone, messaging zone, Demilitarized zone, file exchange zone

The service offering in each area depends on an enterprise.  Some enterprise has internal teams to provide all these services  and some has outsourced all of them. Mostly, enterprises adopt a hybrid approach with both external service provider and internal teams.  2. Define the future state in terms of strategic objectives like IT simplification, cost optimization, adaptability, agility for new market segment and etc.  3. For each component of the infrastructure, perform a SWOT, cost and new solution analysis and define the road map.

Amazon cloud – A practical experience..

Being a strategist, enterprise architect, chief architect and a leader, I do not believe in setting direction without knowing or approximating the n th step. In one way, it is very mathematical in the approach as similar to dynamic programming. As dynamic programming used computer programs like computer chess programs, estimating the n th step is based on probable choices using intuition and facts. The facts has the highest probability for success than intuition and I prefer to use the fact when fact can be searched and found. Use intuition only when the facts can not be found.

Cloud computing is in every practical enterprise architect’s or IT strategist’s technology road map and the implementation of the cloud computing for any IT organization is the question of when. Cloud computing has enough cloud in the sky and in some area it is already drizzling and in some area it is more than drizzling. It is going to rain and as people say, when it rains, it pours. Same thing is applicable to cloud computing. It is going to rain all over and when it rains, it is going to pour.

To be proactive for any future requirement for the organization (like I did with google apps on gmail), as an enterprise architect leader, I subscribed to the amazon cloud to set up an infrastructure for web hosting.

I would like to summarize my findings in an executive level.

  1. Set up an elastic amazon cloud for a web site is very easy and designed for a non technical person. (Obviously, it is very very easy to set up for a technical person)
  2. Select the stack you would like to have in the cloud. There are numerous infrastructure stack already available and ready to use (like wordpress, LAMP, Identity management and etc). It is also easy to create a custom stack for your use or promote it your stack for a public use.
  3. Create an elastic IP address for the stack created.
  4. Login to the clone (or instance) using ssh and do the necessary configuration
  5. Load the application
  6. Map the domain address to the elastic IP address
  7. If the traffic to the site increases, increases the number of clones (or instances) associated to the dynamic IP address
  8. It cost me $2.18 and my 30 minutes time (cost for my 30 minute is priceless!)

All the above steps were done in less than 30 minutes with out any prior training. The site was launched in 30 minutes. The above steps make me think, why an organization has to have an army of people to set up and support an infrastructure? CXO, if you are reading this blog, do not spend any more of your significant G&A budget on the infrastructure, ask your enterprise architect to look into cloud computing and save significant cost and divert your G&A into innovation, investment management and enterprise architecture!

Cloud Computing Architecture and its future..

Cloud computing concept continue to receive acceptance and its adaption increases exponentially.

I heard today from one of vendor representative that he grew up in the farm and growing up in the farm means he had to learn whatever required in no time to do farming. He confirmed my thoughts on how farm boys grow up in the farm. Cloud computing basically took the farm boy approach. Do whatever is required to do the job!

Fifteen years ago, the PC support team use to install the operating system (windows 3.11,MS-DOS ) in each and every PCs and PC support cost use to be a significant cost in the IT shop. As repetitive mundane tasks mandates  innovation, solution like Norton Ghost solution were emerged and hence deployment made easy and drove the PC support cost down.

Cloud computing took the Norton Ghost solution to the server environment.  Like me, I can imagine most of the IT members spent significant time in  building the development, testing, staging and production environment for each application and spent  time to ensure that all the environment were build alike and still had environment behaved differently for unknown reasons. Cloud computing solves all theses problems.

Key components of cloud computing:

Utilizing the external storage in the server environment has been in use for quite a while. In some cases, like manufacturing production databases, selecting the apt external storage platform including hardware, storage operating system, connectivity and raid types plays a vital role in the system architecture.  Likewise, in the cloud computing, the storage and processing unit are physically separated and logically connected as and when required. It includes the boot volume too.  To manage both processing units and storage units, an external operating system called cloud computing operating system is used. There are vendors like vmware sells cloud computing operating system like vmware vSphere and there are open source cloud computing operating system like eyeOS

  • Processing Units
  • Storage units
  • Cloud computing OS
  • Network units

Architecture of cloud computing:

For external users

Have a OC3 or OC12 or OC48 internet link based on your requirement to connect to the internet for your data center. Have a cisco 7200 series and cisco ACE series for your first and second layers of your network. Have netcahce or ssl accelerator or intrusion prevention devices based on your requirements. Connect the internal vlan with blade server (HP) and storage units like EMC. Slice the EMC luns to have a preload images like Redhat, Windows with preloaded system software like application server, web server, domain name server, database server, director server and etc. Install the cloud computing operating system in the external boxes and link both processing and storage units. The cloud computing operating system manages both processing and storage units.

If there are requirements to connect stand alone servers, it can be connected in the internal vlan.

The architecture is straight forward and purposefully I’m not drawing it.

For internal users:

The same architecture expect OC3 internet link.

Cloud Computing Future:

The concept is very cost effective and efficient. Instead of building images for production servers with application server, web server, database server and etc.. the image will be elevated to more business unit image. Loan processing image, collection and customer service image, delinquency image, skip tracing image,  bankruptcy, treasury, securitization, point of sale and etc.  The technology cloud is in the phase of reaching maturity and business cloud is emerging. There is a huge potential for the players who get quickly into the business cloud.

Think about for a minute, if you are bank, why do you want to spend time on building IT infrastructure to process loan. Banks JUST want to focus on getting good papers, good customers and not worry about how the assets are stored, retrieved and processed. Whoever get into business cloud will lead that market segment for a while!!


Bright Future for Auto-Industry

Simplifying a complex problem by breaking into small solvable parts and using knowledge learned in a driving school during a fatal accident are simplification and abstraction techniques widely used in a practical  world. Have you ever noticed the behavior of a person during  a fatal accident? During an accident, provided the person is not seriously injured and able to think to their capacity, the capacity (volume) and capability (strength) of the person is fully utilized to face and over come the situation. The capacity, capability and the effective utilization of it during the crisis or fatal accident increases exponentially.  If some one deeply think about why most of the people become effective during the crisis is due to extreme focus the brain forces itself to get over the situation. That is ultimatum for some of existing meditation techniques and the same reason why some of the adventures sports like rock climbing are very attractive. It is a kind of enforcement mind brings to mind itself. But at the same time, mind does not perform the strategic analysis  to its best during the crisis mode and that is the same reason why the best supreme court lawyer hires another lawyer when they face a crisis.

How this is relevant to current auto industry?

Well, GM and Chrysler both have had faced a separate fatal accidents.  Both are utilizing their capacity, capability and utilizing it effectively. When it comes to survival, as Maslow theory in the management suggests, your basic needs becomes top most priority and enlightenment are out of focus.  The decisions and execution made in last few weeks generally would have taken decades in their corporate culture. Executive management totally understand how to move forward. With assistance with auto task forces, concessions with unions, agreement with debtors ,reduction in  dealer network, dropping a brand, focus on fuel efficiency and quality  are good signs for a great recovery.

Why a great recovery waiting for them?

Four years ago, US market sold 17.5 Million units per year. This year, industry is struggling to sell 10 Million units. The average car age in America today is 9 years old.  Car purchase is the second biggest purchase a consumer would make after the American dream of owning a house.  Consumer confidence is the key and it is and it will continue to gain slowly for next 9 months and rapidly after that.  The credit market is far better than it was 6 months ago with enough capital infusion to credit market. Introducing better credit standards, oversight and governance, the credit market is stabilizing. The moment a person believes their jobs are safe, the consumer confidence in stock market, retail purchase, credit market will raise and the consumer is going to donate their 10 years old car to charity and buy the fuel efficient (Hybrid, Diesel, Electric) car. Both GM, Chrysler are making tough choices now and getting  ready to meet the huge market demand in 18 months.

Until then, sit tight and be part of the touch choices and move Detroit to new 2011++ future.

Yes I hear you.., I have not written a blog for almost a month.. that is mainly due to my last few weeks focus on completing  the graduate course on Linear Algebra. I had my finals yesterday and thinking about, should I take Dynamical Systems and Choas theory in summer. It will definetely help to model the current economical situation!!!

IT Finance Management Framework – Part 2

Understanding how the IT budget process fit into the overall corporate finance is essential to grasp the big picture.  The following figure illustrates how the IT G&A operating budget fits into the over all corporate finance.

it_ga_budget2

IT organization must decide the technique suitable for the budget cycle. To select the best suited techniques the organization must make them self familiar with the available options. Let me list the various widely used technique available to create the IT G&A operating budget.

  • Static Budget – Presents one forecast for a given time frame and does not change for budget cycle
  • Flexible Budget – Budgeted Revenue and cost are adjusted during the budget cycle
  • Incremental budget – Previous year actual are taken as the base line and added or deleted additional cost for current year
  • Zero Based budget – Begins from ground up
  • Top Down budget – Each directors are given a budget task to align to CIO budget target
  • Participatory Budget – Developed as a collaboration with all directors (generally very difficult to make it practical)

There are other budgeting technique like activity based budgeting, Kaizen budgeting and etc. Kaizen  is a type of incremental budget with cost effectiveness target are given to each directors. To make the framework complete, I understand the widely used budgeting technique must be captured and it will eventually.

For this version 0.1, I want to start with zero based budget since I like the concept. It is very practical and gives an opportunity to each director or even senior manager or manager level to challenge every activities and look for some level of business case. Zero based technique can be used if it is top down budget and budget task are given by CIO to each director. Let me start with ZBB.

Zero based budgeting must be done in the manager or team leader level and rolled up to director and CIO level.  It requires the manager or team lead to understand the business and forecast the work required to keep the systems lights on, enhancements and G&A project.

it-finance-mgmt-how-to

The cost for lights on, enhancement and projects are will be incurred by employee, contractor, purchase servie, software cost & hardware cost. Each manager or team lead under each director will forcast for lights on, enhancement and project in terms of employee, contractor, purchase service, software cost and hardware cost.

The training required to perform the forecast will be the starting session of next part of this initial IT Financial Framework.

IT Vendor Risk Management

IT vendor risk management is a component of over all IT risk management. In my previous blog on over all IT risk management, there is a comment from pmhut  to expand each component of the IT risk management.  Let me expand my thoughts on IT vendor risk management and provide a framework to develop the IT vendor risk management.

Steps to develop a IT vendor risk management plan:

  1. Develop a consolidated list of all IT vendors
  2. Categorize the vendors broadly
  3. Prioritize the vendors in each category based on the type of business you are in. For instance, if IT supports retail business, the Point of Sale is key functioin and the vendors supporting that line of business is very critical to the day to day operation. It will have top most priority than any other vendors.)
  4. Identify the potential risk of the vendors
  5. Analyze the potential risk of the vendors
  6. Develop residual risk matrix
  7. Monitor the residual risk matrix and repeat from step 4.
  8. Report the residual risk matrix to CIO office periodically.

Step I: Develop a consolidated list of all IT vendors

Get a IT vendor list from corporate purchase/procurement department. Make sure the following information are available

  • Account representative contact information – Office Phone, cell phone, snail address, email address
  • Investor contact information – Depends on the type of the company – corporate, partnership, properitary and etc
  • Client list

Step II: Categorize the vendors

Types of vendor involved in a typical IT organization.

  • Sourcing provider
    • Alliance provider (like out sourcing provider)
    • Human resource provider for in sourcing. It is generally for time and material model for 6 months to 1 year engagement
    • Consultant provider for insourcing. It is generally for time and material model for a specialized role for a very short time.
  • Software provider
    • Enterprise software system provider (like SAP, Peoplesoft, Fidelity and etc). Enterprise software system depends on the type of business.
    • Office software (like MS Office,and etc)
    • Specialized software provider  (for instance, in the financial industry, quantum is a specialized treasury software provided)
  • Service provider
    • Infrastructure service provider (in most cases, it includes all the system software like OS, database and etc)
    • Research consulting service provider (market research and etc – like gartner.com, executiveboard.com)
    • Specialized service provider (depends on type of business – credit score card development provider and etc)

Step III: Prioritize the vendors

Prioritize the vendors based on their dependencies to the core IT operation. It depends on the business you are in. If there is alliance provider to performing lights on support to an IT organization, then that provider play a vital role in IT operation. For an instance, if it is financial administration company (like financial out sourcing) then their enterprise application like SAP financial plays a major role to perform their core operation. 

 Lately, almost all organization utilizes the outsourcing company to provide lights on service to the core IT operation.

Step IV: Identify the potential risk of the vendors

Sourcing provider (includes alliance and out sourcing provider) is taken as an example and the associated risk are identified. The similar steps can be taken for other types of vendors.

Service level risk

Measure the performance of the provider against the objective set in the beginning of the engagement.  In some cases, the sourcing provider is selected to provide partnership or alliance to improve innovation or business consultation or value creation and few other cases, the provider is selected to provide the on going lights on support. In my example, I will assume the provider is selected to provide the on going lights on support. The typical performance measure for the lights on support are given below:

  • Service quality
  • Service delivery time
  • Missed service level
  • Response time
  • Resolution time
  • Problem repeatability rate

For an outsourcing engagements after the due diligence and contract and terms & conditions are agreed by all parties, there are two major phases. Transition phase and stabilization phases. The sample performance measure listed above will be used for the risk identification after the stabilization phase.

Receive the trend data for the performance measure and compare against the original agreement with the provider. Develop a variance analysis and repeat the cycle. If there is a negative variance in the measure for a prolonged duration then there is an issue. There is a risk that provider to continue under perform and impact the core IT operation.

Vendor Financial stability risk

I would not have come up with this as one of the potential risk item before Satyam scandal. I would not had  even considered it before the scandal. 

  • Participate in quarterly earning call
  • Study the provider balance sheet
  • Study the probability of liquidation or solvenacy
  • Identify your contribution percentage to the provider’s bottom line
  • Identify their auditors reputation

Vendor strategy risk

Request vendor to provide their corporate strategy and make sure their direction is aligned to your expectation of their service. If provider corporate strategy is to out of service business and sell software products, then organization currently receiving provider’s service need to know that. There is a risk that the provider will not focus on the service in near future and their service quality will deteriorate

Vendor cultural risk

It is a philosophical discussion. It depends on the philosophy you believe in. Few believes, same behavioural partners will lead into the strong longer marriage and few believe the opposite. I have an unpublished paper on “Q-learning algorithm for a quick and better mutal understanding of marital partners in the east Indian arranged marriage culture”. Two years after my arranged marriage (I saw my wife a week before my marriage) I wrote this paper. This paper assumes that both partners have commitment before the marriage that no matter what happens, they are going to make their marriage successful. 

I will leave the vendor cultural risk assessment up to your belief. Whatever your believe, the vendor cultural risk must be assessment.

Vendor Geo-political risk

Majority of the outsourcing players are from India. Geo-political risk for an outsourcing project has been a factor all the time. When it comes the analysis of the risk and probability of occurance, it used to score very low. In the recent past, as mentioned in my previous blog, it is elevated.

Vendor take over risk

In the financial world, when a small fish swims with strong cash gills, the big fish will swallow for good.

The above identified risks are  the major risks I could think of. There are few risks like provider employee retention and etc.. Those risk can be amplified based on type of organization you are in. I heard many times that business knowledge like electronic fund transfer knowledge will be lost if the provider keep losing their employees. In my opinion, those are very insignificant risk because eft can be learned by any programmer very quickly. However there are areas like 3D drafting package development out sourcing. Systems like this needs extensive analytical geomentry mathematical knowledge, programming language knowledge, device drivers knowledge and etc. It is very difficult to get people with all the skills. Mathematicians with extensive computer engineering hands on experience with executive level communication skills.  The initial training for these kind of development would take 8 – 10 months. These are rare cases and I’m not going to expand.

Step V: Risk analysis

All the above identified risk should have:

  • Probabaility of occurance
  • Cost of business impact if the risk becomes an issue
  • Risk treatment
    • Avoidance
    • Reduction
    • Transfer
    • Retention (accept it)
  • A plan for avoidance, redution and transfer risk treatments

Step VI: Residual Risk Matrix

The residual risk matrix is a consolidated vendor risk exposure to the organization.

Step VII: Monitor Residual Risk Matrix

A dedicated team and process to monitor the residual risk matrix of the organization.

Step VIII: Reporting

Report the RRM to the CIO, steering committe and operating committe of vendor management for a proactive informated decisions.