eWEEK Rountable: Regulatory compliance, security, data definition top IT pros' agendas.
eWEEK Labs recently put its finger to the wind to gauge how much IT organizations are spending and on what they are spending their budget dollars.
Technology Editor Peter Coffee and Executive Editor Deb Donston spoke with members of eWEEKs Corporate Partner Advisory Boardsenior IT professionals from a variety of industries and company sizes. The Corporate Partners said that the era of doing more with less is not over, but that they are being encouraged to actively look for new products and technologies that will provide solid return to their respective organizations. Theyre also looking for ways to derive more value from their data.
Two issues around which all technology planning must be done are regulatory compliance and, of course, security, the Corporate Partners saidwith the former coming into perspective and the latter proving frustratingly hard to define.
, chief technology officer, Johnson Graduate School of Management, Cornell University
, director of the instructional technology center at University of Minnesota, Crookston
, president, Dugger & Associates
, IT architect, Gannett Co.
, CIO, Miami Dade College
, director of IT, FoxHollow Technologies
, senior project manager, Aetna
, manager of technology support, Bare Escentuals
, product line manager, desktop and mobile, Duke Energy
eWEEK: Weve been hearing from some analysts that dollars are going to be flowing more freely as far as IT spending goes. Have budgets indeed opened up, and are you being encouraged to look for new ways to apply technology?
Were watching the economy, and were cognizant of the opportunities that are starting to appear. Were hopeful in regard to possible upturns, but were waiting.
From an IT standpoint, Id say that were prepared, as weve been requested to be, to take advantage of any new things that come along that make sense to our bottom line. Were very ROI [return on investment]-focused, and if something has good return, well certainly go after it and invest in it.
We had a lot of growth last year, so its a lot of managing that growth this year and looking at what will deliver value to the business.
We also now have interpretations of what the Sarbanes-Oxley Act means to the IT organization.
Are we going to find that IT gets more corporate governance responsibility loaded onto its plate or, alternatively, that IT people find themselves invited to meetings that they previously werent invited to or even welcome at now that corporate governance is addressed by the legal and financial people at the company? Can you give us the flavor of how a better understanding of SarbOx is actually affecting you in terms of contributions youre being asked to make?
On that side, its really an interpretation by our legal counsel and our auditors, who are coming back to IT and saying, Here are the things we specifically need to address, and thats kind of the way we prefer it to go. The auditors are driving some of that, as they should. Theyre the ones that are co-responsible for the results as given to the public. Its a good thing that theyre directly involved and making sure theyre protected, and so are we.
Is that creating any new burdens on you, or is it a matter of just documenting things in a slightly different way so that they have data available to them in the format they need?
I would say were just more rigidly enforcing what weve already been talking about and that weve already known about. A lot of things were internal control recommendations; now theyre internal control requirements.
Randy, what are the big tech agenda items of the year for you?
Mainly patch and security management. Every month theres a new major patch youve got to deal with. The other big thing, which you dont hear too much talk about, is user education. Youve got to make the users smarter so they dont launch the stuff theyre not supposed to.
So, the conversation we could have had a year ago or two years ago or even three years ago really hasnt changed a whole lot? Patch management is still terrible, and users still dont get it?
Smaller companies are the ones that are struggling with it because they dont have the resources to dedicate to it.
What are the IT priorities at Duke Energy, Kevin?
Were in the middle of a consolidation, so right now were totally focused on IT integration. Theres little opportunity for anything but consolidation on the right items right now.
The carrier-based wireless technologies have had the most impact on the most people in the company. We had our EvDO [Evolution Data Optimized] rollout in the third quarter of last year in the Carolinas, and thats done a lot for a lot of people.
Tom, your company makes medical devices, requiring IT support for high-tech design along with sales force automation and stringent regulatory compliance. How are you meeting rising expectations in those areas?
Were looking at three key areas. The first is operational excellence, so well be looking at change management automation around Sarbanes-Oxley and monitoring and reporting, particularly in the area of quality of service and synthetic transaction.
So, youre talking about ensuring process transparency by making sure that your procedure automatically documents as a byproduct anything that you change that could have governance implications?
Thats correct. The second area were looking at is performance managementreally, next-generation business intelligence, greater visibility into the business. So, were going beyond our Cognos implementation and looking at dashboards and customized portals. The third area is around informatics, particularly gene expression analysis, as part of our collaboration with Merck.
We look to you, Tom, for some of the first on-the-ground experience with some of these really high-intensity, high-throughput solutions because of some of the bioinformatics work that youre doing at FoxHollow. Are you actively working with grid-based or other highly distributed solutions?
This year, well be looking at virtualization. Well probably do some prototypes or proofs of concept in 2006. Well be looking at how to scale the hardware infrastructure, and well do that before we even consider something like grid computing.
Were also looking at mobile empowerment. Weve got 300-plus Treos in the company, and wed like to see about pushing out transactional systems.
Id also really like to see in the storage area where ILM [information lifecycle management] and SRM [storage resource management] are going to take off in 2006, if at all. ... I still havent seen really tangible products that can provide the functionality were looking for.
What do these products lack that youre looking for?
End-to-end integrationso, their ability to provide an IT manager with an end-to-end view or to let IT managers visualize how the data is being used throughout the company. Right now, theyre pretty much point solutions out there. You can get a piece of the picture, but you cant get the entire picture.
Francine, as an insurer, Aetna had a heck of a year last year.
Yes, and things are starting off pretty quick for January. We have hundreds of projects to tackle.
My area is program delivery, so Im working with my boss and several other managers to plan out the support for more than 100 projects in 2006, and thats less than 20 percent of the departments total workload. Some of this work involves help desk support for software applications that weve built in-house or acquired. Other projects involve new apps or making modifications to existing business systems.
How many people are we talking about?
There are about 3,000 people in our IT department.
OK, thats a little less terrifying. Are you working actively to implement technical solutions to problems of developer collaboration when youre trying to keep 3,000 people working on different projects?
Some teams use .Net; other teams use J2EE [Java 2 Platform, Enterprise Edition]. In addition, weve acquired various applications over the years. We are faced with the challenge of supporting many different technologies.
Do you see that platform diversity as a problem to be reduced in the long run or as just an artifact of people choosing the technology that best suited the project at hand?
Its really hard to force people into that situationwhere it has to be one or the other. In our organization, I havent heard that theres a huge value to be had in moving everyone to the same development platform.
Do you ever have the impression that platform choice is being influenced as much by the skill sets of the developers you have on hand as by the appropriateness of the platform to the task?
Its still best to decide based on whats appropriate for the project because we do have access to so many resources, and, fortunately, we can utilize the talent and the skills that we need to make the best decision.
What are your plans at Miami Dade, Karl?
Just coming in as CIO, there are definitely a few inherited programs that have come across my plate already.
I know that we need to take a look at the financial components of the ERP [enterprise resource planning] systems. We have been growing hereadding campuses. And our virtual college is something that I will be taking a look at this yearhow to better enhance students abilities to take advantage of distance learning.
About how many students are you serving?
The numbers that are being thrown at me are in the range of 170,000 students. And that includes, from what I understand, everyone whos ever taken a class. I think that thats the high-water mark. We have eight campuses at this point, all in Miami-Dade County.
With all the particularly personal data that you handle, are you finding yourself under stricter regulatory constraints?
Yes. I think thats the part thats overwhelming me. Im not from a higher-education background, and the laws and the auditing requirements are pretty hugemuch more than I expected. Im used to Sarbanes-Oxley from the corporate world. On top of that, there are many other state regulations that we have to comply with. So I need to get my arms around all that and how to apply the technologies.
Is this an area where you work a lot with people outside the IT department?
We work closely and often with many groups outside of IT, like business affairs, student services, academic affairs and human resources.
How about you, Michael? Where are you setting your sights in 06?
There are two major areas that I break out. One is continued growth from last year, just across the board. We saw significant amount of growth, and a significant investment put into our technology infrastructure last year, and were going to see more of that this year as the company grows.
That really is across the boardexpanding our voice-over-IP implementation, building out our all center. Really, just end to end.
Were actually using VMware currently, mostly in our labs right now. Were looking at moving that into production.
And the role that VMware technology would play for you is what?
It would basically allow us to better utilize our hardware. We have a number of small apps that dont necessarily need their own server, for example.
And youd be able to carve them out an execution environment that would suit their needs instead of dedicating a physical machine to them?
Exactly. Were using IBM BladeCenter blades right now, and those are fairly beefy. Were going to be able to make a much better investment by splitting them up for multiple apps.
Are you having issues with the cooling or power consumption of those blade servers?
No, because we dont actually have them in-house. Theyre sitting in a co-lo, and were very carefully monitoring their power consumption.
The co-location sites we use have stopped adding additional customers because the blade servers are killing them on power and cooling.
That has been a consideration, actually.
The second thing is compliance. SarbOx is a big one, but PCI [Payment Card Industry] as well, which affects retailers. Thats something were closely tracking, and will probably dedicate a fair amount of resources to this year. I view [these regulations] as best practices for security, anyway. PCI overlaps with SarbOx to some degree, but it is very specific about security requirements and whats expected in terms of your network and segregating data.
Do you find that your co-location provider is an active participant in these discussions about compliance? Because, to the extent that anything has to be physically isolated, they would have to be the implementers of that.
Yes, absolutely. That was one of the selection criteria.
So, the co-lo vendors are not only selling cycles and gigabits of storage, theyre having to differentiate themselves on knowledge of and ability to support your compliance with some pretty complicated and interlocking regulatory issues?
How about you, Bruce? Youre also in the higher-education area.
Were going to roll over our notebook suite again this year. Thats going to take place in August. We still have some issues with patch management and desktop management for that group, as well as for the desktops we have around here.
Generally, were feeling pretty good about the technologies that are in place, but its always good to look at innovations and developments that are available to us.
Have your ears pricked up at the $100 notebook computers that are being offered to developing countries?
Weve looked at them. The feature set that theyre talking about is really not attractive because of the diverse nature of higher education, and critical thinking activities are supported by applications that generally arent going to run on a thin client very well.
A common denominator for many of the applications were talking about here is bandwidth. Are we anywhere near the point of infinite supply at zero cost, or do we still find that no matter how much bandwidth we have, we always have to treat it as a scarce resource and manage our applications and our network traffic aggressively?
For us, charging for bandwidth is a very effective way of keeping things in check without sucking everything up.
Surefree bandwidth will be overconsumed just because theres always "one more thing."
Right. And, for the business side of the university, most people fit into the normal, monthly allocations.
In terms of wireless infrastructure, have there been any dramatic changes in what people are trying to do or how much theyre trying to do with wireless?
Were pretty much wholly built out in our area, and the build-out is continuing cross-campus.
And the build-out is 802.11 technologies?
Right. 802.11b and g. I think the central group is going to be rolling out 802.1x authentication sometime in the next couple of months to make sure that any data that flows over that network is properly secured.
Were pretty much built out, too, with 802.11. I dont see much change at all.
Well, folks, the elephant in the living room has yet to speak. Not one of you has even mentioned the word "Vista." No one has talked about having resources allocated or an agenda of evaluation of beta builds or anything for a rollout of a major new Microsoft client platform this year. Is that because everyone takes it for granted that theyll be looking at it, or because no one plans to look at it until 07?
Its a nonissue because theres no way youll be looking at it until 07?
Well look at it once they start to roll out new machines.
07. Were actually looking at upgrading the type of desktops and laptops we have, but were not going to do anything in 06.