Dealing with security is an important part of my job. From my perspective, I would like to make my servers as secure as possible while allow business to conduct their business without too much burden. It is always tricky to find the middle ground between the security and business, but the lacking of communications is the main problem. Just say no (seems like a very popular these days in all aspects of our society) without any explanations nor any constructive suggestions does bother me. I am glad Jeff is talking about the importance of security and communicates the reasons within his organization. Such communications are critical to understand and balance the needs of security and business. I believe there is at least one solution out for each problem in the IT field, but no solution is available for undefined problem. More importantly, Jeff is educating his peers within the organization so they can understand where his perspectives are coming from and work with him resolving any potential security issues. With cyber space crimes are increasing dramatically in the last few years and stores about security breaches appeared in the news are so damaging to the company, business and senior managers realize the importance of keeping company out of unnecessary spot light. I believe what business and other IT departments do expect security folks to communicate in understandable and plain languages so they can be addressed in the business processes and policies across the organization.
The other item I like Jeff talked about is to put security concerns in the processes so we don’t have to retrofit later. Different organizations have different processes to complete projects. Some leverage security staffs during the designing stage that put security issues up front. Our organization has a different approach to design a new application, involving architect team and project management team throughout the project’s life cycle. In our case, architect team is aware of some tools and ways to address technical security issues. However, not everyone on the team has the same level of security knowledge. In order to standardize security, it is necessary to provide security training so all team members have the necessary knowledge to apply security concerns in practices. From project management’s perspective, there should be a standard template that includes security as part of every project within the organization. Combining two teams and building a standard will ensure future projects to meet security requirements at the beginning and not have to rework when security becomes an issue that have to be addressed.
Tuesday, February 23, 2010
IT project ROI
Many people, including myself, have asked how you calculate ROI (Return on Investment) for IT projects. There are times when IT projects’ ROI can be calculated just like other non-IT projects. For example, you implement new software to automate a work process to replace the manual work done by employees. Your ROI is the saved labor cost divided by the cost of the project itself (Labor/Cost) either calculated annually or over a period of time, say five years. It seems pretty simple, at least in term of math’s concern. However, IT project ROIs’ are rarely that simple. Usually, you will have one or more IT administrator(s), who’s labor costs are much higher than your data processors’ labor costs, to manage the software, perhaps software annual maintenance costs, software upgrade costs with labor and outage costs (every three to five years at least), support costs with software vendors, along with implementation costs. What about the risk of failing projects? As I blogged before, only about one-third of the IT projects are considered as successful. If you add all the costs up, you will get a totally different ROI. Then the question is how do you justify IT projects?
There are two aspects we need to consider ROIs. Tangible and intangible benefits are both equally important in calculating ROIs. Tangible benefits, such as reduce costs and increasing revenue are much easier to put into numbers. If you reduce a number of employees needed to do the same work, you can calculate the labor savings easily. As for increasing revenue, you just need to add the revenue generated through the new implementation. The more difficult part is to calculate intangible benefits, for example, if the blizzard of the 2010 happened during the final week of Christmas shopping season and you don’t have an e-commerce presents. In another word, the risks of not having something need to be considered as well. Another intangible is convenience, for example check your balance of your 401K can be processed 24x7 on the web instead of contacting a customer service representative during the normal business hours. The trick is how to calculate those intangibles? Often, IT departments are put in charge of calculating ROI that I think it is a mistake and perhaps contributed to the low IT project success rate. Business units are benefiting directly from the IT projects so they should be one in charge of putting intangibles into dollar amount because they know how valuable the convenience is for their customers and so forth. IT department should be put into charge of calculating the cost side of the project since they know how to implement the projects and costs associated with software, hardware, labor, and time needed to implement. By working as a team, both IT and business are better off to get a better understanding of ROI and whether or not the project is worth to pursuit at the first place. I believe it will also improve the successful rate of the IT projects.
There are two aspects we need to consider ROIs. Tangible and intangible benefits are both equally important in calculating ROIs. Tangible benefits, such as reduce costs and increasing revenue are much easier to put into numbers. If you reduce a number of employees needed to do the same work, you can calculate the labor savings easily. As for increasing revenue, you just need to add the revenue generated through the new implementation. The more difficult part is to calculate intangible benefits, for example, if the blizzard of the 2010 happened during the final week of Christmas shopping season and you don’t have an e-commerce presents. In another word, the risks of not having something need to be considered as well. Another intangible is convenience, for example check your balance of your 401K can be processed 24x7 on the web instead of contacting a customer service representative during the normal business hours. The trick is how to calculate those intangibles? Often, IT departments are put in charge of calculating ROI that I think it is a mistake and perhaps contributed to the low IT project success rate. Business units are benefiting directly from the IT projects so they should be one in charge of putting intangibles into dollar amount because they know how valuable the convenience is for their customers and so forth. IT department should be put into charge of calculating the cost side of the project since they know how to implement the projects and costs associated with software, hardware, labor, and time needed to implement. By working as a team, both IT and business are better off to get a better understanding of ROI and whether or not the project is worth to pursuit at the first place. I believe it will also improve the successful rate of the IT projects.
Sunday, February 21, 2010
Dream Job
Let’s face it, all of us in the class want to improve our chances of getting our dream jobs. That’s why the following points I got from reading the following article on Businessweek.com are helpful to share. The title of the article, “Landing Your Dream Job” (http://www.businessweek.com/managing/content/feb2010/ca20100218_464850.htm), lists several helpful processes to get your dream job. Normally, when I think of getting a new job, it always starts with writing a resume following by job search either through headhunter(s) or on my own. Never in my mind had I thought of building a process to land my dream job. The writer, Martin, Zalewski, uses his personal professional career to lay out a process to help readers to achieve their professional goal. Below are four steps from the writer and the way I understand them.
• Think of the present opportunity as a springboard for the job ahead, whether it be with the same employer or with someone new. Personally, I like to do different tasks or jobs since I got bore pretty easily. But for some people, they just like to do one job that they feel comfortable and they do well. I understand that you may fail while do something that you don’t know very well, but the learning process is a valuable lesson for later. The more you learn, the better you are prepared for your dream job.
• What am I capable of achieving? A big part of testing what your capabilities are is to take a risk to find out. People tend to feel comfortable doing what they know best, but lack the courage to explore their own potentials. From the employees’ perspective, they don’t want to take the initiatives to manage their own professional life and leave it to the manager to plan out for them. From the managers’ perspective, they sometimes behave in a selfish way of hiding their best performing employees to themselves and won’t let their employees to realize their full potential.
• Where do I want to be? Monetary reward is a part of motivation for many people, but it is not the only element. Accomplishments are important for some people so getting recognition is very important to them as well. To answer the question, you need to find out what are the most important to you personally and setup your career goal towards accordingly.
• How am I going to get there? Today’s business world is changing ever so fast, especially in the information technology field. Technologies change every 3-5 years so it is important to keep up with the latest knowledge about technology in addition to learn new skills necessary to achieve personal dream instead of dreaming about personal dream. Another point I think write got it right is the mentoring aspect of the development. Having someone who already went through the process is very helpful and provide a short cut to avoid some of the mistakes.
• Think of the present opportunity as a springboard for the job ahead, whether it be with the same employer or with someone new. Personally, I like to do different tasks or jobs since I got bore pretty easily. But for some people, they just like to do one job that they feel comfortable and they do well. I understand that you may fail while do something that you don’t know very well, but the learning process is a valuable lesson for later. The more you learn, the better you are prepared for your dream job.
• What am I capable of achieving? A big part of testing what your capabilities are is to take a risk to find out. People tend to feel comfortable doing what they know best, but lack the courage to explore their own potentials. From the employees’ perspective, they don’t want to take the initiatives to manage their own professional life and leave it to the manager to plan out for them. From the managers’ perspective, they sometimes behave in a selfish way of hiding their best performing employees to themselves and won’t let their employees to realize their full potential.
• Where do I want to be? Monetary reward is a part of motivation for many people, but it is not the only element. Accomplishments are important for some people so getting recognition is very important to them as well. To answer the question, you need to find out what are the most important to you personally and setup your career goal towards accordingly.
• How am I going to get there? Today’s business world is changing ever so fast, especially in the information technology field. Technologies change every 3-5 years so it is important to keep up with the latest knowledge about technology in addition to learn new skills necessary to achieve personal dream instead of dreaming about personal dream. Another point I think write got it right is the mentoring aspect of the development. Having someone who already went through the process is very helpful and provide a short cut to avoid some of the mistakes.
Management Style II
We had a class about management style earlier and everyone wrote a blog about it too. When I read this blog on Harvard Business Review (http://blogs.hbr.org/corkindale/2010/02/why_good_people_skills_matter.html) titled, Why Good People Skill Matter in a Recession by Gill Corkindale, it reminded me how to manage employee and what to avoid. It is amazing how deep theory X management style is rooted in today’s business world. For some, threats and punishments are still the most effective ways to manage employees. The example from the blog, the female executive was ready to change her management style to better manage her employees until recession started. She abruptly changed the course of her direction and reversed back to her tough and abrasive style that annoyed to her peers and employees according to feedbacks. She fired employees using recession as excuses and made her employees harder by threatening to fire them so she didn’t have to deal with people management issues. As we discussed in class, such management style may work in the short term, but in a longer period, such style will not work well in today’s business environment. What surprised me the most was that, she understood that she needed to change her management style in order to advance her career in her company. Whatever reasons she was not doing herself any favor for her either. Granted, the pressure of producing results are higher than in good time, employees are tend to work harder to justify their job security, but people are showing their true color in the high pressure situations. I believe she missed an opportunity to demonstrate her abilities that she was capable of being a good manager and inspirational leader to get the most out of her employees.
In the blog, Gill Corkindale also listed several draw backs of such management style. Employees will not have any loyalties to the managers and the organizations. Once opportunities are open, those employees will leave their organizations. The second draw back is that manager will lose the trust of the employees. The third draw back is that work quality will be poor since employees who are not motivated will not care about their work quality as long as they get the job done. Perhaps there is another very important reason such management style won’t work is that over the long run, employees will become less creative and the organizations will become less competitive in the market place.
Gill Corkindal listed several guidelines on how to manage in the blog during the recession. The below are directly quoted from the blog I think is worth reading:
“
• Be visible. Walk around, hold meetings and speak in small groups
• Be as open, honest, fair and decent as possible Be serious and realistic but remain positive and hopeful for the future
• Keep people in the picture even when there is little concrete news. Share as much information as you are able — in person, in meetings and through frequent updates — about the challenges the company is facing and how it is performing. If you don't know what's going on, say so.
• Give people frequent opportunities to discuss and ask questions about the situation
• Be a role model. Do your job well and stay positive. This will ensure there is a positive mood in the office and that morale is high so people can work with fewer distractions.
• Engage your staff — leverage their expertise, involve them in decisions and remind them of the shared responsibility to pull the organisation through the crisis.
• Encourage and motivate people through positive feedback and extra help if they are struggling. Don't be over-critical as this may backfire on you.
• Let your people know how much you value them. This can be done through positive feedback, recognition and rewards such as small gifts or flexible working. If people feel they are valued, you will have their loyalty and support.
• Keep an eye on your peoples' health and wellbeing. Recessions are stressful
• Ensure that you have good training and development programmes in place — these are a good investment for the future and will pay dividends when the organization has come through the recession. Coaching and mentoring also foster self-reliance and self-worth, which are important factors when it comes to keeping motivation high. “
In the blog, Gill Corkindale also listed several draw backs of such management style. Employees will not have any loyalties to the managers and the organizations. Once opportunities are open, those employees will leave their organizations. The second draw back is that manager will lose the trust of the employees. The third draw back is that work quality will be poor since employees who are not motivated will not care about their work quality as long as they get the job done. Perhaps there is another very important reason such management style won’t work is that over the long run, employees will become less creative and the organizations will become less competitive in the market place.
Gill Corkindal listed several guidelines on how to manage in the blog during the recession. The below are directly quoted from the blog I think is worth reading:
“
• Be visible. Walk around, hold meetings and speak in small groups
• Be as open, honest, fair and decent as possible Be serious and realistic but remain positive and hopeful for the future
• Keep people in the picture even when there is little concrete news. Share as much information as you are able — in person, in meetings and through frequent updates — about the challenges the company is facing and how it is performing. If you don't know what's going on, say so.
• Give people frequent opportunities to discuss and ask questions about the situation
• Be a role model. Do your job well and stay positive. This will ensure there is a positive mood in the office and that morale is high so people can work with fewer distractions.
• Engage your staff — leverage their expertise, involve them in decisions and remind them of the shared responsibility to pull the organisation through the crisis.
• Encourage and motivate people through positive feedback and extra help if they are struggling. Don't be over-critical as this may backfire on you.
• Let your people know how much you value them. This can be done through positive feedback, recognition and rewards such as small gifts or flexible working. If people feel they are valued, you will have their loyalty and support.
• Keep an eye on your peoples' health and wellbeing. Recessions are stressful
• Ensure that you have good training and development programmes in place — these are a good investment for the future and will pay dividends when the organization has come through the recession. Coaching and mentoring also foster self-reliance and self-worth, which are important factors when it comes to keeping motivation high. “
Friday, February 12, 2010
Bring out the best without crisis
I just read an article posted on businessweek.com (http://www.businessweek.com/managing/content/feb2010/ca2010029_389441.htm, the article is from Harvard Business Review) titled Crisis Response Factors-Without a Crisis. To summarize the article, the author, Ron Ashkenas uses people and organization respond to the earthquake in Haiti as an example of how organizations could use the power of the three human response factors, Urgency, Empathy, and Innovation, to get tasks and projects accomplished quickly. In nature disaster like the earthquake in Haiti, the three factors comes together to respond to the human tragedy. First, we realize the urgency of the responses that could determine the life and death of tens of thousands of Haitians; second, we are connected to the people when we see the devastations on the news and TVs and empathize with them; third, we find new ways to get things done bypassing the normal procedures. The article further discusses how to sustain the three factors within the organizations.
I found this article is very helpful in today’s business world, especially in large organizations. Too often, IT projects failed (more often than you think, the latest from CHAOS Report 2009 indicates that only 32% of the IT projects are successful). There are many reasons for the failures, but the three factors mentioned above are some of the important reasons behind the failures. In big organizations, different departments have their own priorities. The mentalities of your top projects are not mine is so often seen in projects large and small. For example, business and security have different goals of their own. Business wants easy access to information while security wants to secure information. How do you resolve this conflict? Perhaps looking back to the Haiti earthquake will give us a clue. Business and security will come together to find a solution when both share the same urgency. Personal performances in large organizations are largely determined by the accomplishments within the department instead of the whole organization. Recently, perhaps not too far ago, during the banking crisis, some people defended their bonus (very big) by stating that they made money for the banks and they were not responsible for crisis that required federal government to bail out the whole banking system. They did not see themselves as part of organization and did not care about success or the failure of the organization. In another word, they did not empathize with the company. When people are in the crisis mode, they tend to think fast and find ways to the solutions. In the normal project, people tend to lack the urgency and go through regular procedures. While procedures are necessary to follow, but innovation thinking can bring efficiency and improve existing procedures.
I totally agree with author’s statement that in order to bring out the best performance, managers need to find a way to bring employees to the crisis mode without a crisis happening and build it into long term success of the organization.
I found this article is very helpful in today’s business world, especially in large organizations. Too often, IT projects failed (more often than you think, the latest from CHAOS Report 2009 indicates that only 32% of the IT projects are successful). There are many reasons for the failures, but the three factors mentioned above are some of the important reasons behind the failures. In big organizations, different departments have their own priorities. The mentalities of your top projects are not mine is so often seen in projects large and small. For example, business and security have different goals of their own. Business wants easy access to information while security wants to secure information. How do you resolve this conflict? Perhaps looking back to the Haiti earthquake will give us a clue. Business and security will come together to find a solution when both share the same urgency. Personal performances in large organizations are largely determined by the accomplishments within the department instead of the whole organization. Recently, perhaps not too far ago, during the banking crisis, some people defended their bonus (very big) by stating that they made money for the banks and they were not responsible for crisis that required federal government to bail out the whole banking system. They did not see themselves as part of organization and did not care about success or the failure of the organization. In another word, they did not empathize with the company. When people are in the crisis mode, they tend to think fast and find ways to the solutions. In the normal project, people tend to lack the urgency and go through regular procedures. While procedures are necessary to follow, but innovation thinking can bring efficiency and improve existing procedures.
I totally agree with author’s statement that in order to bring out the best performance, managers need to find a way to bring employees to the crisis mode without a crisis happening and build it into long term success of the organization.
Monday, February 8, 2010
Legal Issues/Information Security
Record keeping is one of the most important in IT. By law, companies are required to keep emails and other electronic documents for seven years in case of legal procedures either started by the companies themselves or against the companies. The difficulty of record keeping is how to identify what to keep and what not to keep. Too often, for the sake of simplicity, companies keep all electronic records. Then here is the problem of cost of storing them. With more information are in digital formats, the volumes of the information are increasingly growing and storing all information are getting more expensive both in terms of storage space and labor cost.
The second issue is to how to secure companies data and propriety information from unauthorized access both external and internal threats. There are two aspects of securing company data; one is to setup ACL (access control list) that only allows certain authorized personal to have access to the data and denies all others’ accesses. The second half of the information protection is auditing and threat detections. ACL can be broken given enough time to the hackers using methods such as brute force. In order to prevent such attacks, reviewing auditing log and deploying hacking detection technology will enable company to catch hackers in action and send out alarms when such attacks are happening in the real time.
When data security is breached, which will happen sometimes, companies need to have a policy to deal in such an event. First is to assess the scope of the damage to gauge the situation. Second is to contain the damage and prevent to spread to other part of security breach, i.e. user account privilege has access to other important data. Third is to investigate the incident and find the source of the attack and the root cause of the security breach. Forth is to improve security procedure to prevent future similar attacks.
Intellectual property can be the critical part of the companies’ competitive advantages. I remembered a in 2006, administrative assistant of the executive from inside Coca-Cola tried to sell Coca-Cola’s trade secret to Pepsi. She was turned in by Pepsi and Coca-Cola avoided a disaster outcome. Had she found a buyer with intent to get into the beverage business, who knows how much damages she could cause, maybe billions of dollars? How did she get the information is an important lesson to learn in today’s business environment and a case study of information security.
The second issue is to how to secure companies data and propriety information from unauthorized access both external and internal threats. There are two aspects of securing company data; one is to setup ACL (access control list) that only allows certain authorized personal to have access to the data and denies all others’ accesses. The second half of the information protection is auditing and threat detections. ACL can be broken given enough time to the hackers using methods such as brute force. In order to prevent such attacks, reviewing auditing log and deploying hacking detection technology will enable company to catch hackers in action and send out alarms when such attacks are happening in the real time.
When data security is breached, which will happen sometimes, companies need to have a policy to deal in such an event. First is to assess the scope of the damage to gauge the situation. Second is to contain the damage and prevent to spread to other part of security breach, i.e. user account privilege has access to other important data. Third is to investigate the incident and find the source of the attack and the root cause of the security breach. Forth is to improve security procedure to prevent future similar attacks.
Intellectual property can be the critical part of the companies’ competitive advantages. I remembered a in 2006, administrative assistant of the executive from inside Coca-Cola tried to sell Coca-Cola’s trade secret to Pepsi. She was turned in by Pepsi and Coca-Cola avoided a disaster outcome. Had she found a buyer with intent to get into the beverage business, who knows how much damages she could cause, maybe billions of dollars? How did she get the information is an important lesson to learn in today’s business environment and a case study of information security.
Friday, February 5, 2010
iPad or iBust?
Apple just unveiled its latest product iPad not too long ago and planned to make it available to general public in a few months. Its previous new products, iMac, iPod, iTune, and iPhone, won praises from users as well as commentators. The recent earnings reflected the success of those products. Because of the popular products, Apple has held up better than most of the other technology companies both in terms of finance and stock price. In fact, its stock price reached five year high earlier this year. What about the new iPad? How does it impact Apple’s financial?
From what I heard, there have been lots of disappointments for iPad. I talked to some Apple lovers and read some commentaries like Tom Kaneshige from CIO.com (http://www.sfgate.com/cgi-bin/article.cgi?f=/g/a/2010/01/28/urnidgns852573C400693880002576B90032026A.DTL). My impression is that iPad doesn’t generate nearly as much as positive reactions or followings than other products from Apple. The general complaints are that the product itself is not technologically advanced which is a departure from Apple tradition. People love Apple for the technology, design, and fashion. Now people are pointing to the shortcomings of the iPad. From Tom Kaneshige’s article above, he listed four issues (I heard more than that) with iPad.
1. iPad uses LCD, an outdated technology that is on its way out. I had a friend who got a LED TV last month that has much better picture and uses much less power than LCD. According to the article, Apple uses LCD because 10” OLED won’t be available until later this year. LCD drains battery much quicker than OLED and shortens the battery recharge intervals.
2. iPad doesn’t come with a camera. All new laptops come with a camera. For people who used to use video chatting and participate in video conference, the lack of such popular feature is a no go. Maybe customers can buy a camera and plugged it on to the iPad, but integrated hardware always preferred than add on hardware.
3. iPad uses 1024-by-768 pixel resolution instead of HD output 1280-by-720 that can be outputted to a HD TV. HD TV is the way to go so missing it is a big deal. The rational for going with 1024-by-768 is cheaper. People who buy Apple products are not your typical Wal-Mart shoppers, buying stuffs on the cheap side.
4. iPad doesn’t support flash. Flash is one of the most important features on the web. Watching movies on Hulu, Crackle, and live broadcast events on the internet is a huge part of mobile device. This counter Jobs’ claim that iPad offers the best web browsing experience. You can make the judgment yourself.
How does iPad help or hurt Apple financial is hard to predict, but my personal guess is that it is not going to be successful as other products from Apple introduced in recent years. Perhaps Apple releases iPad just to generate a buzz in public and offers a better iPad later in its version 2 of the iPad. I am sure someone will disagree with me and point out the other side of iPad. Are you buying an iPad when it comes out?
From what I heard, there have been lots of disappointments for iPad. I talked to some Apple lovers and read some commentaries like Tom Kaneshige from CIO.com (http://www.sfgate.com/cgi-bin/article.cgi?f=/g/a/2010/01/28/urnidgns852573C400693880002576B90032026A.DTL). My impression is that iPad doesn’t generate nearly as much as positive reactions or followings than other products from Apple. The general complaints are that the product itself is not technologically advanced which is a departure from Apple tradition. People love Apple for the technology, design, and fashion. Now people are pointing to the shortcomings of the iPad. From Tom Kaneshige’s article above, he listed four issues (I heard more than that) with iPad.
1. iPad uses LCD, an outdated technology that is on its way out. I had a friend who got a LED TV last month that has much better picture and uses much less power than LCD. According to the article, Apple uses LCD because 10” OLED won’t be available until later this year. LCD drains battery much quicker than OLED and shortens the battery recharge intervals.
2. iPad doesn’t come with a camera. All new laptops come with a camera. For people who used to use video chatting and participate in video conference, the lack of such popular feature is a no go. Maybe customers can buy a camera and plugged it on to the iPad, but integrated hardware always preferred than add on hardware.
3. iPad uses 1024-by-768 pixel resolution instead of HD output 1280-by-720 that can be outputted to a HD TV. HD TV is the way to go so missing it is a big deal. The rational for going with 1024-by-768 is cheaper. People who buy Apple products are not your typical Wal-Mart shoppers, buying stuffs on the cheap side.
4. iPad doesn’t support flash. Flash is one of the most important features on the web. Watching movies on Hulu, Crackle, and live broadcast events on the internet is a huge part of mobile device. This counter Jobs’ claim that iPad offers the best web browsing experience. You can make the judgment yourself.
How does iPad help or hurt Apple financial is hard to predict, but my personal guess is that it is not going to be successful as other products from Apple introduced in recent years. Perhaps Apple releases iPad just to generate a buzz in public and offers a better iPad later in its version 2 of the iPad. I am sure someone will disagree with me and point out the other side of iPad. Are you buying an iPad when it comes out?
Subscribe to:
Posts (Atom)