What’s next. I am proud to present you the new CIONET: new website, updated community site, new brand & logo, new countries, new tagline and new positioning. We are CIONET, the biggest community of IT executives in Europe. Bringing together over 3,500 CIOs, CTOs and IT directors from wide ranging sectors, cultures, academic backgrounds and generations, CIONET’s membership represents an impressive body of expertise in IT management. CIONET’s mission is to feed and develop that expertise by providing top-level IT executives with the resources they need to realise their full potential. Faced with the rapidly changing role of today’s IT executive, CIONET not only helps its members keep up with the pace of change but empowers them to take an active role in shaping the future of their field, always challenging them with ‘What’s next’. Our community continues to expand rapidly and I am excited to welcome CIOs from Sweden, Portugal and Luxembourg. We are on course to grow in 2012 to over 4,500 members in 11 countries, supported by 100 business partners. In 2015, the shortage of IT workers in Europe is expected to rise to 700,000. This skill gap has major implications on the corporate IT function. In CIO City 2012 European Commissioner Neelie Kroes invited all CIONET members to join in a Grand Coalition for IT Jobs. Are you up to the challenge?
Hendrik Deckers Founder and managing partner CIONET International
Congratulations to the 2012 European CIO of the Year Award winners: José Manuel Inchausti of MAPFRE, Pieter Schoehuijs of AkzoNobel and Oliver T. Bussmann of SAP AG. Their stories are outstanding examples of the business value CIOs bring to their organisations. This issue of CIONET Magazine illustrates what’s happening in our community today. The IT organisation of the future is the driving force of business transformation, new digital business models and innovation. The current IT transformation is driven by BYOD strategies, outsourcing partnerships, social media, cloud computing and the need for soft skills. May the Force be with you.
3
CIO City 2012 predicts an increasing number of CIOs on the board in the coming years.
The IT organisation of the future During its second outing, CIO City took a look at the future of the IT organisation and the role of the CIO. More than 150 CIOs and IT directors gathered in Brussels to exchange ideas during this international CIONET event. The presence of a CIO on the board is a measure of the importance of IT. It often used to be the case that the role of chairman would be assumed by the CFO. More recently, this duty was assigned to the HR or marketing director. Now, the expectation is that we will see an ever increasing number of CIOs occupying the chairman’s seat at companies in the coming years. Some idea of what a CIO can contribute to his or her company was gleaned, for example, from the presentation of the candidates for the European CIO 2012 Awards. Neelie Kroes, Vice President of the European Commission and Commissioner for the Digital Agenda for Europe, had the honour of handing out the awards, as she did last year. She stressed that language should never be a barrier. CIOs must be able to learn from one another was Kroes’ message, as she underlined the importance of initiatives like CIONET and CIO City. “IT is of huge strategic importance”, she said. “IT is changing society. We must embrace this change even though it is some-
4
Event report CIO City 2012
Neelie Kroes, European Commissioner for the Digital Agenda: “IT is changing society. We must embrace this change even though it is sometimes difficult still to convince others to do so.” Martin Mocker from MIT Sloan: “It is important that a common language for both IT and business is created.”
times difficult still to convince others to do so.” Neelie Kroes stated that she regards broadband as the basic building block for any truly connected economy. High-speed broadband is essential for the cloud. This was also the finding of a survey into the business value of broadband that CIONET and INSEAD eLab conducted among a selection of European CIOs.
‘Competition is vital because this will compel the players to put more effort into innovation.’ A European IT policy Europe would like to see everyone have access to a network with a capacity of at least 30 Mbps by 2020. “Perhaps that should even be 100 Mbps”, said Kroes. In the meantime, Europe is investing seven billion euros in stimulating the broadband market. “Competition is vital because this will compel the players to put more effort into innovation.” Kroes is convinced that the cloud offers an important opportunity that might in time generate one million jobs and hundreds of millions in economic benefits. “It’s important that the cloud happens with Europe, not to Europe”,
will be the emergence of Generation Y in particular that will bring about change. “These are the people we refer to as digital natives”, explained Paul Redmond, Head of Careers & Employability at the University of Liverpool. “They have grown up in a world that has changed fundamentally, not just technologically, but economically and socially as well.” Where competition for jobs and careers always used to be confined to one area, GenY must do battle with the whole world: not merely with people of their own age from their own city or university, but with contemporaries from China and India, too. What is more, the young people
‘Now all sorts of things are happening simultaneously.’ of GenY have a very different mindset to their parents and grandparents. Paul Redmond: “They speak their mind on everything and are allergic to routine.” Generation Y therefore looks at work and career in a completely different way. These are young people who take it for granted that
6
Event report CIO City 2012
their employer will provide them with a dynamic career path. It was particularly fascinating to see the young professionals in the audience enter into dialogue with the CIOs present – typical representatives of Generation X – at Redmond’s instigation.
More than 150 CIOs and IT directors gathered in Brussels to exchange ideas during the second edition of CIO City.
The perfect storm New technology is fundamentally changing business. “Technology used to come upon us in waves”, said Pascal Matzke, analyst with Forrester Research. “One wave followed another: first the mainframe, then the PC, then the Internet. But now we have the cloud, mobility and big data, all sorts of things are happening simultaneously. We find ourselves in a perfect storm.” The success that the cloud enjoys today is not just down to the standardisation of the technology or the availability of devices. A crucial part in the story is played by the consumers who pick up the trend. “The consumer is not really interested in the underlying technology, but in what a solution has to offer in terms of added value.” In this sense, the cloud provides a new form of engagement with the consumer, who is a firm believer in having smart technology at home, at the office or
The emergence of GenY will bring about change.
MAPFRE is entering new markets and establishing new offices quickly.
IT supports rapid expansion MAPFRE is the largest insurance company in Spain and Latin America. It operates in eighteen countries, employs almost 33,000 people and generates revenues in excess of 23 billion euros. José Manuel Inchausti began his career with MAPFRE in 1988. One of his roles was as General Manager of the organisation in Colombia. Since 2007, he has been the group’s CIO.
'Focus, communicate and be proud of your work.'
José Manuel Inchausti, CIO at MAPFRE: “Thanks to the technological initiatives, the costs for IT have fallen by nine percent, freeing up more budget for innovation.”
IT plays an important part in the success of MAPFRE. Like many insurance companies, MAPFRE’s business has become heavily intertwined with IT. “We have developed a business process platform that we support with IT”, says José Manuel Inchausti. “This allows the business to enter new markets and establish new offices quickly.” MAPFRE also has a platform that provides consistent support for the relationship between business and customers via various channels. MAPFRE’s IT organisation is divided into two domains: demand and supply. On the demand side, the IT organisation looks at how it can meet the needs of the business, particularly through automation and optimisation of the business processes. The
8
Technology-Driven Category European CIO of the Year 2012
supply side of the IT organisation is responsible for, among other things, architecture, IT governance and supplier management. But the business too bears an important responsibility. José Manuel Inchausti: “Even though they are often heavily dependent on IT, the business units do remain responsible for their own efficiency.” The IT organisation provides advice and support, but it does not intervene of its own accord in the management of the business processes. Within each business unit a working group is charged with developing the business processes further, while the IT organisation supplies the necessary frameworks and tools.
Three learnings of José Manuel Inchausti 1. Focus. MAPFRE has brought knowledge relating to business intelligence, customer intel ligence, business processes, human capital and social media together in centres of expertise. 2. Communicate. MAPFRE uses social media to promote inter nal communication and cooperation. 3. Be proud of your work. José Manuel Inchausti is proud of the strong ethical principles of his employer.
Technology is assisting AkzoNobel with a radical transformation.
Closer to the customer AkzoNobel is the largest producer of paints and coatings in the world. The company operates in eighty countries. AkzoNobel has a workforce of 56,000 and realised revenues of almost 16 billion euros in 2011. Pieter Schoehuijs worked in a number of roles, including IT Director at BASF Catalyst and CIO at Church & Dwight, before his appointment as CIO at AkzoNobel in 2009. AkzoNobel’s IT department has approximately a thousand staff and a budget of 300 million euros. IT is important to AkzoNobel because the technology is assisting the company Pieter Schoehuijs, CIO at AkzoNobel: “As the CIO, I sit on steering committees with, among others, the CFO and the HR manager. Together, we look at what we can do to harmonise the business processes further.”
with a radical transformation: the integration of the supply chain with key customers and suppliers. When Pieter Schoehuijs joined AkzoNobel
'If operational tasks are outsourced an inflow of specialist talent is lost.' as CIO, he encountered a particularly heterogeneous application landscape. “There were literally thousands of systems present, and many more servers.” AkzoNobel had developed over the years out of fifteen different enterprises and entities. The company was keen to leverage the synergy potentials by bundling these into one group. In actual fact, Pieter Schoehuijs wanted to consolidate the entire group on one single ERP platform. However, to give the different business units the necessary room to manoeuvre still, AkzoNobel decided to limit itself to six ERP systems. “At the start of the project we had 183 ERP systems in-house. Today, that number has already been halved. This means that over the past three years we have shut down an average of two ERP systems a month. We will continue to do this for at least another four years, after
which we will be left with these six planned systems.” During this major consolidation operation, AkzoNobel is harmonising its business processes so the group can better integrate its supply chain with customers and suppliers.
Three learnings of Pieter Schoehuijs 1. Adopt a flexible attitude. The role of the CIO is changing, partly under the influence of the cloud and the consumeri sation of IT. 2. Orchestrate. The task of the CIO is shifting towards the management of information flows, in combination with an in-depth understanding of the business processes. 3. Keep the door open. If opera tional tasks – such as network management – are outsourced an inflow of specialist talent is lost, with potentially disastrous consequences.
European CIO of the Year 2012 Business Process-Driven Category
9
SAP runs SAP.
A good example SAP is a German enterprise that develops business software, which it markets to 183,000 customers worldwide. The company employs almost 55,000 people spread over more than 75 countries. In 2011, SAP generated revenues of 14 billion euros. Oliver Bussmann has been the CIO at SAP since 2009.
The silos of the IT department were transformed into an agile organisation. Oliver Bussmann, CIO at SAP: “We grew to become our own largest reference customer. This has enabled us to be on the ball even more quickly when it comes to improving our products and services.”
IT is not just what SAP sells, it is also something the company itself uses particularly intensively. Oliver Bussmann has performed an optimisation exercise on various fronts. He focused first of all on the operational aspect, which included increasing the availability of the systems for SAP’s 15,000 developers. IT is also involved in a major transformation operation. “Our aim is to post a turnover of 20 billion in 2015”, says Oliver Bussmann. “At the same time, we want to increase our margin from 30 to 35 percent.” In order to achieve these results, SAP is also counting on the innovative capabilities of its own IT department. Oliver Bussmann has transformed the silos of the IT department into an agile organisation able to satisfy the plans for the business. Bussmann’s most important accomplishment has been the ‘SAP runs SAP’ programme. As a result of this, SAP itself is now the software company’s number one reference customer. Oliver Bussmann: “This means that we are best placed to know how to improve our products and services.” A central aspect of the programme is the close relationship between the IT department and SAP’s development team. The IT department provides the developers with regular feedback, which they
10
Client-Driven Category European CIO of the Year 2012
can immediately translate into software improvements. Whenever new products or services are available, SAP starts using them first, generally six to twelve months before the rest of the market. The programme also explores possible synergies with other technologies. One outcome of this is that SAP’s IT department already now supports more than 15,000 iPads.
Three learnings of Oliver Bussmann 1. Look for the added value of IT. In three years, SAP transformed its IT organisation from a black box into a force that drives real and profound change. 2. Think like your customer. SAP grew to become the larg est customer for its own soft ware. This gives the company an insight that all other customers enjoy. 3. Know your customer. In 2011, Oliver Bussmann had 250 meetings with CIOs and IT managers of customers that themselves want to achieve more using SAP.
Observations of European Commissioner for Digital Agenda Neelie Kroes at CIO City 2012.
CIONET welcome to join the Grand Coalition European Commissioner for Digital Agenda Neelie Kroes was a prominent guest at CIO City 2012. These are some of her observations. It was really nice today to meet the members of CIONET again – IT leaders from businesses around Europe, showing what new technology and systems can do for businesses. I’d asked them to give me evidence about what the ‘digital agenda’ means for them: like what fast broadband can do for their business. And the report they have compiled with INSEAD is great reading. It shows the positive difference of fast connections. And the great things they can do to boost their business if they do have consistently fast broadband – like getting all those great cloud benefits. They also let me know some of the things we could do to help out Europe’s businesses – like promoting open competitive telecoms markets, and cutting excessive data roaming charges. I’m committed to delivering both of those – despite pressure from certain parts of the telecoms sector to actually reduce levels of competition.
Common challenges And we got to discuss the common challenges facing us – on the one hand as policymakers in the Commission, on the other as those responsible for managing huge IT systems in the private sector. In particular I highlighted to them the huge opportunities of IT employment in the year to come. And it’s clear that CIOs are already aware of these issues – in particular that increasing outsourcing means they are not always able to train IT staff for the long term.
‘The report the CIONET members have compiled with INSEAD is great reading.' Neelie Kroes, author of this blog, is European Commissioner for Digital Agenda.
Win-win So I invited them to join me in a grand coalition for IT jobs. I am glad they agreed with me that this would be a win-win. On the one hand, doing justice to today’s young people by providing them with the tools to access future opportunities; on the other, ensuring businesses will get the human resources they are going to need for sure in the future. Plus I was there to reward some of the most successful CIOs – people who have shown what IT can deliver for big businesses. Well done to all of them!
European Commissioner’s blog
11
A great example of what IT can bring to a country.
Singapore, a pilot nation At the CIO City 2012 event last April, commissioner Neelie Kroes met with Ms Choy Peng Wu, Group CIO of the Neptune Orient Lines. Ms Wu is also the former government CIO of Singapore and was the ‘Asia Pacific CIO of the Year’ in 2011, conferred by IDC. Ms Wu was one of the keynote speakers at the CIO City event. Given her background both in public administration and the private sector, CIONET took the opportunity of Ms Wu coming to Europe to set up a meeting with commissioner Kroes to discuss the Asian experience and to share their views on IT. Choy Peng Wu, Group CIO of the Neptune Orient Lines: “IT-enabled education is a great 'social leveler' where poorer families now get the same access to information and opportunities.”
12
Event report CIO City 2012
A great ‘social leveler’ At the end of the meeting Ms Wu concluded that in Singapore eSkills are just assumed by government, organisations and citizens to be there. This conclusion did not come by itself and was not easy. As early as 1981 Singapore established a 'National computer board'. Its objective was to exploit and export IT and bring Singapore in the 21st century. Initially, the government lead the way and the first ten years were used to show by example, automate the government and learn. After those ten years effort was made to automate the interactions with government and support SMEs to use IT. And online filing of your income tax is just a two-minute
exercise which gets a time reward above paper based filing which one has to hand in earlier.
Singapore shows IT can bring prosperity to a nation. Also eSkills education starts early in life in Singapore. Every library and all primary schools have broadband access and at least 15 PCs per classroom, there are common PCs in the school labs and there is a requirement that at least 30% of the normal school curriculum should be IT enabled. Furthermore, a major investment is made to train teachers in the use of IT. Ms Wu sees ITenabled education as a great 'social leveler' where poorer families now get the same access to information and opportunities. Afterwards, commissioner Kroes indicated to be very satisfied with the meeting. Europe and the rest of the world can learn a lot from Singapore. It is a pilot nation and a great example of what IT can bring a nation: prosperity and being prepared for the 21st century. Frits Bussemaker, Partner CIONET The Netherlands, is the author of this article.
CIO Mette Bakke developed her role in line with the evolution of WW group.
150 years of shaping the maritime industry The global maritime industry group Wilh. Wilhelmsen Holding (WW group) has changed a lot during its 150-year history, often being well ahead of the others. Mette Bakke, senior vice president and CFO of the group’s maritime services organisation has been in the centre of this change for the past 15 years. Mette is also the group’s chief information officer, responsible for IT, finance, strategy and human resources. Her background includes a degree in finance and a lot of leadership experience. As the IT function has been automated and standardised, her area of responsibility has expanded. It’s a trend in this field and a hot topic at CIONET these days.
IS Lite
Wilhelmsen Maritime Services is today a global integrated service group covering all time zones.
14
CIO view CIONET Norway
The Gartner Group’s ‘IS Lite’ model encompasses this phenomenon, showing how a governance model can be used when developing a global IT organisation. It closely resembles Maslow’s Needs Hierarchy model, starting with basic needs and ending with self-actualisation – all within an infrastructure. The IS Lite model has three components: Driving innovation, including strategic planning, architecture
design and business requirements definition. Delivering change, including system development and support of user changes. Supporting infrastructure, includ ing desktop support and data centre and network operations. In the WW group, this model has been the basis for how the IT function is organised. It has proven to be successful. Its governance roots give it added power in collaboration with business areas, strategic vendors and sourcing partners alike.
Leadership Mette explains that she has developed her CIO role in line with how the company has evolved and her leadership experience has grown. It has been quite a ride, she says! From 2005 to the present, revenue from maritime services has grown from MUSD 150 to MUSD 1,000. The company has grown and now has 400 offices in 71 countries supported by 5,500 employees and with the capability to deliver in 2,200 ports in 125 countries. Wilhelmsen Maritime Services is today a global integrated service group covering all time zones. Global processes and structures have been established to ensure that the IT organisation delivers, for example,
the Balanced Scorecard methodology. Mette describes how the skills and experience of her different roles enable her to lead an efficient and streamlined organisation. Leadership is a key word in this context, she emphasises. The company vision, shared values and basic philosophy all link the employees together and strengthen their efficiency and ability to develop. This is part of the Wilhelmsen group culture
‘There is a clear trend towards organisations that are multi-functional and prepared for centralisation, combining different services.’
Various types of competence, combined with the employee’s ability to absorb new competence will be a key for the future, Mette says. “There is a clear trend towards organisations that are multi-functional and prepared for centralisation, combining different services. Leadership in knowledge-based companies will demand new skill sets.” Judging from experience so far, Mette's type of background and experience may be a good model for others to use when the time comes to find tomorrow's CIO.
The organisation and its supporting processes must be built for change.
and closely linked to the WW group brand, the proud W flag. The group culture and shared values make it possible to handle many complex issues at the same time. In her management role, Mette focuses on leadership to inspire, influence and initiate productive change within people and processes.
Change management The changing CIO role is most easily seen when discussing the future of the company. No matter which direction one looks, the pace of change is increasing all the time. The organisation and its supporting processes must be built for change.
Mette Bakke, CFO/CIO Wilhelmsen Maritime Services: “Leadership in knowledge-based companies will demand new skill sets.”
CIONET Norway CIO view
15
addressed. Understanding before signature how each party will respond to problems is actually a good way of discovering how parties will work together on a daily basis and how resilient the relationship is likely to be.
Managing the relationship actively Stagnation is a risk and demonstrating improvement through outsourcing is an important success factor. Sound governance processes can ensure transformation stays at the top of the vendors’ agenda. There are many examples of problems arising, despite service levels being met, because outsourcing appears to have stopped adding value to the client’s business. Benchmarking can help, and regularly testing suppliers’ financial and service performance against others in the market will bring out aspects that would otherwise fester under the surface. Jeremy Smith, managing director at major benchmarking consultancy Maturity, says regular price benchmarking ensures competitiveness, even when the service changes over time. “If the vendor tries every route open to him to avoid undertaking a benchmarking exercise, there is usually a reason – and that reason is not that the price is too low”, he says. Contracts are often concluded
where both parties have very specific objectives. The term of many agreements can be five years or more, and business priorities can change significantly over much shorter periods, causing major shifts in the risk profile. Renegotiation is infinitely preferable to termination for all parties involved.
Recognising IT is a people business Having the right people in place is possibly the most critical factor. Experience on both client and vendor sides of the negotiation is an increasingly important part of an IT professional’s career resume. Confrontation is easy; successful long-term relationship management needs professionals with a sustained and balanced view of priorities. Smith says longevity of the vendor’s account team is a factor which is often overlooked. “In many of the cases where we have found unhappy relationships, the vendor’s account lead or team is changed on a basis which is too frequent. Whilst it is obviously good to see change occasionally – with a professional handover, to ensure fresh ideas and motivation – overfrequent changes will lead to frustration on both sides.” Chris Tiernan of Grosvenor Consultancy Services, who has been advising buyers of outsourcing services for
more than 20 years, says the key to success is three-fold: “Having realistic expectations of suppliers’ capabilities to deliver, of your own staff and advisors’ abilities to secure favourable contractual terms, and a requirement to manage the relationship through its lifetime.” As externally-provided IT services become increasingly critical to business performance, a balance of expectations, governance and management will help to ensure sustained and successful outsourcing partnerships.
Having the right people in place is possibly the most critical factor.
CIONET UK CIO view
17
Growing popularity of Bring Your Own Device raises new challenges.
Impact and experience Bring Your Own Device (BYOD) is a hot topic for CIOs. The request from users is getting higher and higher but numerous are the issues, which were discussed at the seminar dedicated to BYOD by CIONET France a couple of months ago. Which issues do CIOs have to deal with? There are matters from a management standpoint (How to handle diversity and security?), from a legal standpoint (Who owns data?) and, finally, from an HR standpoint (Where is the frontier between business and private life?). At its seminar CIONET France invited several experts to present two interesting views on that matter.
Security and Business organisation Above the security aspect, the BYOD has several consequences on the business organisation and more specifically on the telecommuting organisation. BYOD is not revolutionising teleworking, already widely used thanks to the Internet and to laptops, but it modifies employee’s behaviour. The frontier between private and professional spheres is more diffused when we use the same device. The employee is able to get connected to professional tools at any moment. Since then, do we need to count working hours made on secondary terminal?
HR issues
BYOD is not revolutionising teleworking, but it modifies employee’s behaviour.
18
Special feature CIONET France
First, our media partner Silicon.fr, met with David Remaud (SPIE Communication) to get an overview on this topic. “One of the issues of BYOD is to enable access to all the company’s information system applications”, says David Remaud. “Numerous applications are now accessible thanks to a basic browser, which make them compatible with the majority of equipment and existing OS. For those, requiring the use of client software said ‘heavy’, the desktop virtualisation may turn out to be an effective alternative and allow to respond to portability and even security issues.”
Furthermore, to avoid hyperconnectivity, often source of stress, managers and collaborators will have to respect a labour framework regarding the use of computer tools. It may, sometimes, be important not trying to impose standards regarding personal equipment, which stay, by definition, chosen and set following the user’s will. It is necessary, then, to avoid creating discrimination between collaborators who want to/can buy a smartphone, a tablet PC or a laptop and the others.
BYOD at Electricité de France Electricité de France launched its experimentation a year ago, for 100 users of a business department. Being members of CIONET France, Bruno Lambert, Director of the Shared Services Centre at EDF and Jean-Michel Sarda, Department Director explained us their project. This is the feedback demanded Electricité de France got, both from the users and the IT department:
Bruno Lambert, Director of the Shared Services Centre at EDF, launched a BYOD experiment for 100 users.
The legal aspects The legal aspect is also of paramount importance in a BYOD policy implementation. Regarding internal policy, it is smart to revise the good use charter of computer tools as a complement to company’s rules and regulations. Equipment and data they contain but also insurance responsibility notions are to be considered. Which procedure, which solution when equipment containing professional information is damaged or stolen with confidential data? “Questions regarding the BYOD notion are numerous, but answers still remain uncertain. Like any new phenomena resulting from society and its practices, this change will be progressive and will need to be supervised within companies. In addition, to make their information system always more flexible, companies will have to integrate this new trend in their facilities and applications’ transformation plans”, concludes David Remaud.
Request from the users: To have different terminals adapted to their tasks and contexts. Demand of the ‘Generation Y’ staff. IT expectations: Value of IT (‘state of the Art’). To take into account terminal diversity (smartphone, tablet PC, laptops) for employees and for providers accessing to the EDF IS. To introduce a new activity model generating cost reductions (support of the workstation by the user itself). To integrate experience feedback in the design of the future workstations offered by the company. During this experiment, EDF had to take into account various key issues: Security Anti-virus Access, Control HR & Legal The BYOD offer is an alternative offer to the company’s standard one, we can’t constrain an employee. A barrier between professional and personal data must be granted. The co-financing conditions must be determined (acquisition of hardware, software, maintenance and insurance contracts is necessary). The use, in a professional context, of the hardware and soft- ware owned by the user must be checked. A mutual engagement convention must be created before any implementation (duration, security obligations, obligation in terms of working hours, sanction in case of no respect). Change management Measuring the IT management activity impact (and in particular self-care). Adapting IT management processes: Assistance, repairing Telecommunication agreements Licences management
CIONET France Special feature
19
INSEAD & CIONET survey presents the view of 110 CIOs from over six European countries on broadband.
Enhancing the business value of broadband INSEAD & CIONET proudly present the survey ‘Enhancing the business value of broadband: Recent views from Chief Information Officers’. The broadband survey narrates key insights from CIOs on enhancing the business value of broadband. As a result of the successful collaboration on the 2011 European CIO of the Year awards and the 2011 IT-Enabled Leadership Report between CIONET, INSEAD eLab and her team, Neelie Kroes, Vice President of the European Commission and European Digital Agenda, requested that CIONET and INSEAD eLab conduct a survey on the business value of broadband. The online assessment was completed by 110 CIOs from over six European countries, representing a variety of sectors.
Four major insights The findings uncovered four important sets of insights with regards to enhancing the business value of broadband. They include: 1. the impacts of having greater broadband connection speeds (rather than simply having access to broadband); 2. the key drivers of future demand for greater broad band connection speeds;
20
Broadband CIONET Survey
3. the challenge faced by many CIOs of managing across locations with different connection speeds; 4. barriers to adoption that CIOs believe the European Commission could help remove.
The European Commission could help remove barriers to adoption. Conclusion Drawing from these insights, commissioner Kroes concluded: “This study shows that broadband delivers for businesses – whether it is by helping staff work collaboratively, or by giving access to important new resources like the cloud.” Commissioner Kroes further expressed her desire “to continue strengthening collaborative and constructive engagements going forward so that the European Commission can best enable its organisations to operate and innovate competitively.”
Enhancing the business value of broadband Recent views from Chief Information Officers
INSEAD and CIONET joined forces and produced an in-depth survey on the insights of CIOs on the business value of broadband. Download the report here: cionet.info/broadbandvalue
Results from the 2012 CIONET & INSEAD eLab survey of European CIOs on the business value of broadband
What’s next.
Big companies can’t innovate – we don’t believe so, says Danone.
Innovation can happen In large organisations, not everybody with a good idea will succeed in getting it to the attention of senior management. And without that, there is probably very little chance that this idea will ever turn into a competitive advantage for the company. Michael Kollig, EMEA CIO of Danone, knows that: “As a more senior employee in the organisation, I have the opportunity to create awareness with the right people, which increases the likelihood that something will happen with my ideas.” But what happens if you are an apprentice or junior staff member? Usually, they are too remote from senior decision-makers and thus, the hurdle for their ideas to be discussed is really high limiting the chance that they will ever make it. “An idea at the beginning is like a small plant, it needs protection and watering to grow strong enough to withstand the adverse environment”, says Kollig. “At the same time, it’s often the young people in our organisation who have plenty of new, out of the box ideas about the use of technology, based on their daily experiences with it.” That’s why Danone Information Systems (DAN’IS) initiated a worldwide innovation process. Inspired by a similar approach in one of the business regions within Danone, the roll-out of the innovation process
22
CIO view CIONET Germany
has been started. It is based on the Game Changer Methodology, which is also used successfully by organisations like Shell (The Game Changer Methodology is a flexible process
'It’s often the young people in our organisation who have plenty of new, out of the box ideas about the use of technology, based on their daily experiences with it.' to incorporate innovation in normal working practices). Initially, the global IS organisation of Danone will be piloting the process, facilitated by Michael Kollig and his team. If that proves successful, the intention is to extend the approach to other parts of the Danone organisation and eventually also to open the process for external stakeholders.
So how does it work? Every member of the global IS staff can introduce ideas on an internal platform (you may call it Danone’s internal ideas social network). Other staff members are encouraged to
comment, like or dislike the ideas, so that popular ideas are becoming easily identifiable. It’s really an internal crowdsourcing approach. Basically, there are no limitations to what type of ideas can be proposed, but they have to fulfil the following principles: They need to be relevant for Danone. There needs to be a clear reason why Danone should do it. A business potential is feasible. Other than that, it’s an open field. So what happens with all these ideas, which are continuously created and qualified by like/dislike buttons? A team of ‘internal venture capitalists’, with funds and resources provided by senior management of Danone IS at their disposal, will pick the most promising ideas. The creators of the ideas remain the owners and will drive the development. “This is very important to us; we want to give the innovator all the required room to develop his or her idea.” Leaves the question: When can they work on it? Is it late nights and early mornings? No it isn’t. Part of the decision to implement this innovation process included agreement amongst all involved people managers in the global IS organisation, that the people who work on their ideas are partially released of their daily tasks.
“Obviously, this is a significant investment, but we are convinced that the measureable ROI will be significantly higher, while we increase employee satisfaction and involvement at the same time.”
tant that innovation can happen”, says Mr Kollig. And for that, the Chief Innovation Officer needs to operate outside of the traditional hierarchy of the organisation to make innovation happen.
However, like all projects, it depends on the buzz created around it. “We need to promote this to keep the momentum.” There will be incentives to participate, video broadcasts and peak events to continuously create awareness for this project. And while the main communication line is a social media environment, there will be room for face-to-face meetings. This includes info events at the local sites and workshops, where the creators of the best ideas will be invited to discuss and develop their concepts. It’s also considered to include ’gamification‘ elements like leader boards in the process to keep it attractive and motivating.
What’s next?
CIO = Chief Innovation Officer? Is it logical that the CIO drives such an innovation process? It depends. The CIO is the person in the organisation who has probably the ‘broadest’ understanding of the internal processes and usually knows all projects and procedures. Furthermore, it is the responsibility of the CIO to provide enabling technology for the company to improve its competitive positioning. For that, he needs to understand the requirements of the internal and external customers. Combine all of that with the natural affinity for new technology and the CIO looks like the ideal candidate to be the Chief Innovation Officer. “It’s not really important whether innovation is driven by the CIO, it’s impor-
Can this innovation process be compared with a typical IT project? “Usually the outcome of a regular IT project is known at the beginning, the question mark is more about when is it ready and how much did it really cost.” In this case, the project contains a high level of risk regarding the outcome. “Let’s talk about the result next year”, says Mr Kollig. As we are curious how this great project will evolve, we agreed that we will come back on this Danone initiative in our CIONET magazine next year. Danone is one of the world leading companies in healthy nutrition. With the four business divisions fresh dairy products, baby food, waters and medical nutrition and brands like Activia, Actimel, Evian, Volvic, Milupa, Nutricia and Cow and Gate it generated globally 19.3 billion euros sales in 2011.
The CIO must provide enabling technology for the company to improve its competitiveness.
Michael Kollig, EMEA CIO of Danone: “An idea at the beginning is like a small plant, it needs protection and watering to grow strong enough to withstand the adverse environment.”
CIONET Germany CIO view
23
social media and information security management. The percentage of enterprises currently investing in these technologies and practices is presented in the picture (p 24). Cloud solutions are maturing to the point where enterprise IT leaders are giving them a longer look. They might be under internal pressure to ‘go to the cloud’, but smart IT leaders are taking measured steps that make practical and economic sense for the business. Enterprises are becoming more trusting about moving auxiliary work to the cloud, but are still hesitant to move mission-critical work there because of security and control concerns. But, as cloud service providers continue to demonstrate their reliability, scalability and security, CIOs are considering them for more purposes. Mobility has eliminated the boundaries of space and time. Customers are always connected, and companies can interact with them at any time. The implications cannot be overstated. With information about products becoming as important as the products themselves, almost every company is now in the business of creating and delivering ‘content’ – information that is personal, relevant and timely when accessed by customers.
Social media impact The scale of the impact of social media can be staggering; real-time information amplifies the network effect. Social media represent a relatively new channel for engaging and conversing with customers, prospects and employees in an open and transparent environment. These channels incorporate the basic components of a social interaction – listening, talking and asking questions
– and they use a variety of platforms and tools in lieu of, or in addition to, face-to-face interaction. The essence of social media is to listen, ask questions, talk and engage with peers. Social media leverage the power of the Web to find, to engage and to build relationships with peers, and it is no secret that the relationship between businesses and their customers has changed dramatically, as has marketing, sales and customer service planning. Any enterprise that is not using social media may be shut off from its customer and prospect base for marketing, brand management, service and support, and education.
Enterprises are still hesitant to move mission-critical work to the cloud because of security and control concerns. Our Information Security Management research captures the evolution of this practice. Throughout the intervening years, the protection of IT assets has evolved from technology safeguards into a full-time management discipline. Today, large organisations employ Chief Information Security Officers (CISOs) along with dozens of security architects, analysts and operators. Furthermore, security management is continuing to advance from a tactical IT task to a strategic set of formal policies and procedures that are tightly integrated into the business. Social networks and digital devices are being used to engage with governments, businesses and civil society, as well as friends and families.
People are using mobile and interactive tools in general to determine who to trust, where to go and what to buy. At the same time, businesses are undertaking their own digital transformations, rethinking what customers value most and creating operating models that take advantage of what is newly possible for competitive differentiation. Nowadays, the challenge for businesses is how fast and how far to go on the path to digital transformation. In June, CIONET Italy organised its CIOsummit, where CIOs met a panel of CEOs and founders of Italian enterprises whose brands have acquired global recognition. They held a challenging debate on how business and IT can enhance collaboration and synergy better in a world where individuals and companies are embracing the digital revolution.
Mobility has eliminated the boundaries of space and time.
CIONET Italy Special feature
25
Francisco García Morán, Director General for Informatics at the European Commission, explains its ambitious strategy.
Is the Digital Agenda for Europe on course? The Digital Agenda for Europe was adopted in 2010. Francisco García Morán, Director General for Informatics at the European Commission, explains how the strategy was developed and sheds light on its future. What are the objectives of the Digital Agenda for Europe? “The European Commission adopted the Digital Agenda for Europe (DAE) in May 2010 as a strategy to take advantage of the potential offered by the rapid progress of digital technologies. The DAE is part of the overall Europe 2020 strategy for smart, sustainable and inclusive growth and comprises 101 specific policy actions (78 actions to be taken by the Commission, including 31 legal proposals and 23 actions proposed to the Member States) intended to stimulate a virtuous circle of investment in and usage of digital technologies. To monitor progress, we have set 13 key performance targets, we have taken stock every year and we have published the results on the DAE scoreboard.” What have been the main achievements since then? “Our last measurement was in 2011, and the picture at that moment was that progress in achieving the key performance targets had been promising but mixed. On the positive
26
Special feature CIONET Spain
side, regular Internet usage has risen rapidly, including among disadvantaged groups, as has sporadic use, leaving fewer and fewer non-users. Citizens use eGovernment more and more, including interactively, and are rapidly taking to buying online, as are SMEs. Basic broadband is increasingly available, even in the remotest corners. Finally, the market share of LED lighting is expanding swiftly. In all these areas, the targets will be met early if current trends persist. On a couple of other targets progress is insufficient, albeit real. Citizens’ uptake of cross-border eCommerce is barely growing. SMEs are only gradually starting to sell online. Access and subscriptions to very high-speed broadband remain concentrated in a few places for the moment. Roaming prices have fallen, but only slowly. And public investment in R&D has not risen. In all these areas, the targets will not be met if current trends persist.” Trust and security are two important areas for the DAE. What is being done there? “The growing use of IT increases our need for trust and security in it. It is estimated that half of Internet users have refrained from at least some major online activities due to security concerns. Therefore, trust and
‘Identifying and fighting cybercrime is one of our top priorities.’ security is a key area for the Digital Agenda. Identifying and fighting cybercrime is one of our top priorities, as is enforcing the right to privacy and to the protection of personal data – fundamental rights in the EU. Member States are best placed to protect their own infrastructures, but we are currently concentrating much of our effort on critical infrastructure protection and on strengthening the CERT community in Europe. We are also working with the public and private sectors to properly secure new technologies and business models, such as those arising from the adoption of cloud computing. I would also like to mention the role of ENISA, the European Network and Information Security Agency, in preventing, detecting and responding to network and information security problems.”
One of the DAE’s projects is the eGovernment Action Plan. What are the objectives in that field? “The eGovernment Action Plan 20112015 is helping public authorities to use information and communication technologies to offer better services at a lower cost, while making life easier and better for individual citizens and businesses in terms of improved access to public services. It is supporting the transition to a new generation of open, flexible and seamless eGovernment services at local, regional, national and EU levels, where users can actively shape the online public services that suit their needs best.
‘We want to create the necessary conditions to ensure longterm prosperity and growth in Europe.’ Francisco García Morán, Director General for Informatics at the European Commission: “Our goal is to increase the use of eGovernment services to 50% of EU citizens and 80% of EU businesses by 2015.”
Our goal is to increase the use of eGovernment services to 50% of EU citizens and 80% of EU businesses by 2015 and to ensure that a number of key public services are available online so that entrepreneurs can set up and run a business from anywhere within the EU independently of their original location and so that citizens can more easily study, work, reside and retire anywhere within the EU. National governments will play a central role in the implementation of the Action Plan whilst the Commission’s main responsibility is to improve the conditions for the development of cross-border eGovernment services. The Action Plan builds on the Malmö Ministerial Declaration and contains measures grouped into four categories: empowering users, contributing to the internal market, enabling the effectiveness and efficiency of governments, and putting in place pre-conditions for developing eGovernment, such as eSignatures and eIdentification. Concrete examples of Action Plan measures include implementing once-only secure registration of data with government and developing the EU-wide use of national electronic identities (‘eID’) to smooth crossborder procedures, such as starting a company abroad, moving home or work abroad, arranging your pension online if you retire to another country, or registering at a foreign school or university.” What are the Commission’s priorities and projects for the coming years? “Our goal is to create the necessary conditions to ensure long-term prosperity and growth in Europe.
The Europe 2020 strategy and the Digital Agenda for Europe contain the framework we think is needed to ensure smart, sustainable and inclusive growth. Just to give you an example, the Commission has recently proposed the ‘Connecting Europe Facility’ (CEF), which plans to fund 50 billion euros worth of investment to improve Europe’s transport, energy and digital networks. Targeted investments in key infrastructures will help to create jobs and boost Europe’s competitiveness at a time when Europe needs this most. Of the 50 billion euros, it foresees that almost 9.2 billion euros will go into supporting investment in fast and very fast broadband networks and pan-European digital services, leveraging other private and public investments as well. In the area of digital infrastructure, our target for 2020 is that all broadband access will be at speeds of at least 30 Mbps with at least 50% of households subscribing to speeds above 100 Mbps. As regards digital services, the money would be used for grants to build infrastructure needed to roll out eID, eProcurement, electronic health care records, eJustice and customs-related services. The money would serve to ensure interoperability and meet the costs of running the infrastructure at European level, linking up Member States’ infrastructures. And, internally, we are working on an ambitious eGovernment initiative, called eCommission 2012-2015, with which we want to lead by example in the transformation of European public services.”
CIONET Spain Special feature
27
The cloud is still a hot topic in IT but the challenge is shifting.
Managing cloud vendors The cloud remains one of the main hot topics in IT. But the subject of the debate appears to be shifting. It is no longer about whether a business should move to the cloud but about how. Managing the relationship with cloud vendors represents the most important new challenge. The use of cloud services is framed within a contract. Only, contracts for cloud services often deviate in practice from the obligations that used to be standard between a client and an IT provider. “A contract in the cloud often looks really simple, but it is still very much a binding document, of course”, says Ywein Van den Brande, lawyer and founder of Crealaw, a law firm specialising in technology and new media. “You can enter into an agreement with a cloud provider with just a couple of clicks. But even so
28
Event report CIONET Belgium
it is still important to go through the content of the contract thoroughly beforehand. Without a sound contract you will not have a leg to stand on, especially if something happens to go wrong with the service afterwards.” According to Van den Brande, a contract needs to include not just the general and specific terms, but also clear information on SLAs, the acceptable use policy and the privacy policy. A number of points require special attention. “Quite a few cloud contracts state that the provider can amend the agreement unilaterally and without any announcement”, explains Ywein Van den Brande. Obviously, as a client you should be extremely wary about this. The same goes for the description of the quality offered. Cloud providers very
‘We do not see the cloud as the Holy Grail, but it is helping us move forward.’ Ywein Van den Brande, lawyer and founder of Crealaw: “You can enter into an agreement with a cloud provider with just a couple of clicks. But it is still important to go through the content of the contract thoroughly beforehand.” Paul Danneels, CIO at VDAB: “Even in the cloud you have to avoid vendor lock-in and, at the same time, make sure you have a good exit strategy.” Jean-Luc Robins, CRM Manager at SWIFT: “In the cloud you can never be one hundred percent in control. That’s why it is important to establish a relationship with your vendor that is built on trust.”
rarely offer cast-iron guarantees and tend to rely on a description that is rather more vague like ‘best effort’. In connection with these guarantees, you might want to consider at the same time whether it would be logical to conclude an agreement with a strictly defined SLA. Ywein Van den Brande: “This too requires careful thought. Does it make sense to demand a 99.9 percent uptime? How are you, as the client, going to monitor this? What kind of compensation can you demand if the service level has not been met?” As a client, it is important that you have an exit strategy right from the outset. “You need to pay close attention to the provider’s liability or lack of it, to the options for terminating a contract, to the security and recovery of data, and so on.”
Flexibility takes priority Paul Danneels is the CIO at VDAB, the Flemish government service that matches the needs of companies that have vacancies with job seekers. “The challenge for us is to find a balance between supporting the business with more new IT initiatives and doing so within the budget available.” The cloud offers a wealth of possibilities here. Paul Danneels: “We do not see the cloud as the Holy Grail, but it is helping us move forward. For example, the cloud provides easy access to applications. The barriers are low, for the average citizen as well. In the cloud, gone are the days when bringing your own device was an issue. Everyone can make use of applications, regardless of time, place or device.” The cloud is also helping the VDAB to cut costs. The organisation has less need for infrastructure and can rely, via the cloud, on cheaper applications. For instance, the VDAB is currently switching to Google Apps for email and collaboration. And ‘Wegwijs’ – an application that provides regional job information – also runs in the
cloud. What is more, the personnel employed by the VDAB are using the tool Yammer. Paul Danneels has integrated the cloud into the VDAB’s IT roadmap. “The starting point was obvious: where can the cloud provide added value within our existing plan?” This enabled the VDAB to avoid any kind of vendor push. The organisation sought solutions to meet specific needs, adopting a proactive stance with regard to the business. Paul Danneels likens management of the relationship with providers of cloud services to the more traditional form of outsourcing. “They actually revolve around the same issues: service levels, security and access to data. Even in the cloud you have to avoid vendor lock-in and, at the same time, make sure you have a good exit strategy. Before we embarked on our collaboration with Google, we thoroughly tested how we might retrieve all our data from the cloud and bring it in-house again should it ever prove necessary to do so.”
The cloud is helping the VDAB to cut costs.
More smoothly than expected In the end, the VDAB migrated seven thousand users and the corresponding archive to Google Apps in just one weekend. Paul Danneels: “To be honest, that went more smoothly than we had expected.” The project has generated considerable cost savings for the VDAB and has also delivered high-level satisfaction among users. The latter, in particular, is an important point.
Full speed ahead to the cloud SWIFT is the platform that banks and financial institutions use to exchange information. The organisation migrated its old systems for case management to Salesforce.com. “We don’t believe you should necessarily begin small in the cloud”, says Jean-Luc Robins, CRM Manager at SWIFT. “The implementation of Salesforce.com is a big project.” SWIFT names cost-cutting as a motive for the migration. “There is no such thing as a zero footprint, of course, but the total cost of ownership of a SaaS solution has to be lower than that of on-premise software.” At the same time, with SaaS it all comes down to finding the right balance between price and content. Jean-Luc Robins: “Obviously, there is on-premise software that offers greater functionality, but the implementation and maintenance costs will also be much higher. With SaaS, we can rely on a more effective delivery, with greater agility and less complexity.” At the same time, SWIFT is aware of the limitations that come with a cloud service. Jean-Luc Robins: “You have to accept that in the cloud you can never be one hundred percent in control. For this reason, it is important that you establish a relationship with your vendor that is built on trust.”
CIONET Belgium Event report
29
IT transformation leads to new role of the CIO as a multiple services providers integrator.
Services included During the last two decades, the IT department’s role moved from being a producer of technology to a services go-between. The externalisation policies imply the CIO to be an integrator of multiple services providers and also allow him to propose a wider scope of services that match the enterprise business needs, says Ludovic Tassy, corporate CIO of Alain Afflelou. Today, with more than 1,000 optic shops in France, Switzerland, Spain, Luxembourg, Belgium, Morocco, Lebanon, Tunisia and the Ivory Coast, Alain Afflelou is a strong leader in its industry. In 2009, the IT department used to manage its infrastructure with a private cloud, with a single data centre. This system hosted the email services, an extranet and an EDI platform and had a limited disaster recovery plan. Today, the company has shifted the infrastructure management to a service provider. “Our group is moving very fast”, explains Ludovic Tassy, “and we needed to externalise the management of our platforms.” This decision had several objectives: mutualise the IT resources and optimise the infrastructure to reduce costs, become more agile thanks to virtualisation of the servers to be able to react more quickly to the fast-changing business require-
30
CIO view CIONET France
Ludovic Tassy, corporate CIO of Alain Afflelou: “The financial advantages are always stressed on in externalisation projects but they are not the only ones.” Philippe Rosé, Chief Editor of the French magazine ‘Best Practices’ and member of CIONET France Advisory Board, interviewed Ludovic Tassy.
ments, avoid the physical moves of the data centre. Finally, simplify and make more consistent the various contracts with a unified management of the assets and a fee-based contract model with the suppliers. “Before it was difficult to know when to finish a contract. Now, with the externalisation, we have got much more visibility”, explains Tassy.
Significant progress The project had four main parts: first, the externalisation of infrastructures (integrator plus hosting provider), virtualisation (with VMWare), IT consolidation and security (disaster recovery plan and data replication).
‘With the externalisation, we have got much more visibility.’ “The IT department became much more reactive thanks to this plan”, says Ludovic Tassy. “We made very significant progress in several fields.” Financially, the savings do exist but are limited. “The financial advantages are always stressed on in externalisation projects but they are not the only ones”, says Ludovic Tassy. “There are also benefits at the management
Going digital relies on executive and consumer alignment says Wellcome Trust head of IT Mark Bramwell.
Follow the leader
‘The whole concept of business IT innovation does not just sit with the CIO.’ Mark Bramwell, head of IT at charitable foundation Wellcome Trust: “The IT leadership role must not be undertaken in isolation.”
32
CIO view CIONET UK
Rapid growth requires a flexible architecture. So, how can CIOs establish the right kind of IT strategy that will allow the business to create a flexible enterprise architecture that meets the demands of the digital age? One thing is certain: technology chiefs must be at the forefront of organisational change. Annual Horizons research undertaken by IT leadership expert CIO Connect shows 97% of CIOs believe one of their key areas of strength is connecting technological possibility to business opportunity. IT leaders, then, are in a prime position to take advantage of the fast-changing nature of ITenabled business change. Mark Bramwell, head of IT at charitable foundation Wellcome Trust, recognises the role of CIO is about creating the right enterprise architecture strategy for the digital organisation, yet he also suggests the IT leadership role must not be undertaken in isolation. “Any prioritisation in difficult economic times needs to be led by business objectives”, he says. “Long gone are the days when the CIO sat alone; modern IT departments have to recognise that they are part of the organisation and must be totally aligned with the expectations of business customers.” Bramwell joined Wellcome Trust five
years ago. After 16 years at retailer WHSmith, who he joined straight from university, Bramwell moved to become head of IT development at the Trust, before becoming head of IT three years ago. “It’s a unique organisation, where you are working on something different – such as investment, research or finance – every day”, he says.
Delivering an IT strategy that is fit-for-purpose Looking back on his three years in the top IT job at Wellcome Trust, Bramwell says his key achievement has been the delivery of his first IT strategy. The back-to-basics programme, covering rationalisation, virtualisation, data centre technology and consolidation, has helped push the restructuring of the IT department, including some tough decisions around capability and customer service. Bramwell, for example, ran a twoyear virtualisation project to concentrate on system availability, which now stands at 99.97%. “Technology is all about service”, he says. “If people can’t use the IT you implement, then the CIO loses the invitation to be involved with making business decisions.” With the right footing in place, Bramwell is now turning his attention to this second strategy – and that
'Consumerisation is all about creating IT that is fit-for-purpose.'
approach to enterprise architecture is all about repositioning the IT department so that it can meet business expectations in the digital age. “Expectations are now very high – the bar has been raised and every outage is a major event. But that’s a healthy problem”, he says. Bramwell delivered 46 successful projects through 2011, and he says the biggest challenges are often around anticipating and meeting business expectations. “The bar has been set high now, and we must continue to deliver value through IT. You have to say that if the organisation wants a particular agenda, it has to work with the IT team”, says Bramwell. “The new strategy is all about realigning IT. The specific pillars cover information exploitation, information access, mobility collaboration and engagement. It’s not rocket science but it’s absolutely crucial. The enterprise architecture must be appropriate for business need – and that could be cloud based or even more disparate, with apps set up for access across many locations.”
Supporting the digital enterprise Bramwell, who spoke to CIO Connect following an HP IT leadership panel analysing Economist Intelligence Unit research, says technology
chiefs have to recognise that there is a huge expectation around the support of consumer services. People often use multiple devices and the personal cost of computing has become much higher. Bramwell estimates desktop support costs were about £500 to £600 a year five to six years ago and now stand at about £1,750 to £2,000 today, given the extensive use of mobile technologies, such as smart phones and tablet devices. Cost is an issue, then, but Bramwell also believes CIOs must find a way to support consumerisation. “I don’t think CIOs have the luxury of sitting back and ignoring the trend”, he says. “We have a tech-savvy board and IT is very important to the business. We take technology extremely seriously.” He gives the example of an initiative started 18 months ago that led to the deployment of 130 Apple iPads to help executives in the business run paperless committees. Bramwell says performance issues are the key to creating a digital strategy that is fit-for-purpose. Employees need to know what they can expect in terms of IT provision, whether that is in relation to the desktop or mobile devices. “We’ve looked to decrease operational costs, but we want to be smarter, regardless of where that impetus comes from”, he says, before returning to
the issue of outcomes-driven IT. “The whole concept of business IT innovation does not just sit with the CIO – technology is an enabler but the exploitation is just as important and that responsibility lies with the business”, says Bramwell. When it comes to key current trends in IT innovation, he suggests the creation of a tangible business case of consumerisation is not straightforward but that CIOs must get strategic. “We’re embracing regardless of return on investment because of the time and productivity benefits”, he says. “As a business, we’d prefer our staff to be working rather than updating their Facebook profiles. But consumerisation is all about creating IT that is fit-for-purpose.” This is an edited version of an article by Mark Samuels in the spring 2012 edition of CIO Connect magazine. If you are interested in finding out more about the IT leadership network or our Horizons research, please visit: www.cio-connect.com
CIONET UK CIO view
33
Partnership CIONET Spain and IE Business School aims at sharing knowledge in search of wisdom.
A perfect couple CIONET Spain believed from the outset that establishing a partnership in the academic world was the way to go. It has now concluded a partnership with top business school IE Business School. Sharing knowledge in search of wisdom – this, in a nutshell, is one of the key objectives that we at CIONET have been pursuing to set ourselves apart from the rest. Like in every community, sharing is one of CIONET’s main principles, which we apply to all our members’ knowledge, to real-life experiences – not just the really good ones, but also the really bad ones – and to strategies that are defined jointly to guarantee that companies recognise the new role of the CIO and its importance to the future of the business. At present, Spain is seriously strug-
‘IE was the ideal setting for an atmosphere where we combined knowledge, experience, wisdom and willingness.’
34
Special feature CIONET Spain
gling with the economic crisis. Nevertheless, we remain optimistic in spite of the negativity due to the qualifications and talents of Spanish IT professionals. For all these reasons, CIONET believed from the beginning in the need to establish the right partnership in the Spanish academic world. And we came across the perfect partner: top business school IE Business School, headquartered in Madrid. CIONET and IE Business School have recently formalised a collaboration agreement that goes well beyond a formal contract and aims to bring IT industry knowledge to all economic agents through the definition of a new paradigm and a distinctive business model for the country based on competitiveness and innovation. Silvia Leal, IE Manager of IT Academic Programmes, Antonio Crespo, Managing Partner of Quint Wellington Redwood (also an IE partner) and Mona Biegstraaten, Country Manager of CIONET Spain, explain what to expect from the partnership. What, so far, has been your experience of the collaboration between IE and CIONET? Mona Biegstraaten: “Perhaps the most outstanding and surprising thing in the relationship between
CIONET and IE has been the spontaneity and naturalness about the way we have built our collaboration. We started with a common vision, but instead of formalising a structured framework straightaway we let daily events and empathy guide us… When you have a common objective, and share a series of values and principles, everything flows with ease.” What specific activities have you performed in collaboration? Mona Biegstraaten: “There have been plenty of them, and in different areas. There are two that spring to mind. Our event ‘Giving our small grain of sand’ broadly achieved its objectives. IE was the ideal setting to create an atmosphere in which we combined knowledge, experience, wisdom and willingness. In fact, afterwards we created the ICT Observatory, in which we have progressively included relevant industry experts, which ties best practices to theory and vice versa.” Has there been any collaboration with IE students? Mona Biegstraaten: “Of course. One of the programmes we launched last year, within the Information Systems Management Master, was about involving students in real CIO challenges. To this end, several working groups were set up to develop
specific projects for CIOs in big companies – like Vodafone, Lilly and Repsol.” You are now launching a new programme in IT management. What is it about? Silvia Leal: “We have realised that the IT labour market provides a wealth of opportunities to carve out a professional career in IT services management. However, companies are having difficulty meeting this demand for labour. That is why we have decided to launch our Advanced Programme in IT services management."
One objective is to strengthen the relationship between the academic environment and real-life experiences. IE Business School is a very innovative organisation… Is the Advanced Programme in IT services management an innovative offering? And why? Silvia Leal: “Of course this new academic programme is an innovative offering for the market. The labour market is calling out for professionals with experience in the field, but it also needs networked individuals with official accreditations. Such a profile is not easy to achieve. That is why we have decided to launch the programme on a long-term basis in collaboration not only with CIONET, but also with AMPG and Quint – all of which are, in our opinion, key players in this field. Through this collabora-
tion, the programme will provide students with the knowledge to obtain three important accreditations: ITIL, Lean and Sourcing Foundations.” Quint Wellington Redwood is one of the key partners for this programme. What is Quint’s contribution? Antonio Crespo: “Over recent decades (this year we are celebrating our 20th anniversary), Quint has developed extensive experience of IT management and governance challenges, allowing us to build a body of knowledge that can be adopted and adapted in different markets, for different industries. In addition, the strength of our two main divisions, Consulting and Education, creates a best-in-class combination of practice leadership and thought leadership. For this pioneering programme, we have brought in new frameworks, methodologies and best practices, such as Lean IT and Sourcing Governance. As an APMG Authorised Training Provider, we also provide students who want to progress in IT management
with access to the most recognised certifications in this field that are also the most sought-after by employers.” What value does this programme generate for CIONET and IE? Mona Biegstraaten: “This programme has various objectives. Firstly, it is about shortening the distance between companies – or rather business executives – and technology and its reality, including, of course, the value this can generate. Another objective is to strengthen the relationship between the academic environment and real-life experiences."
Mona Biegstraaten, Country Manager of CIONET Spain (left), Antonio Crespo, Managing Partner of Quint Wellington Redwood and Silvia Leal, IE Manager of IT Academic Programmes shared their experiences of the collaboration between IE and CIONET.
CIONET Spain Special feature
35
CIONET Italy and Nextvalue® survey reveals needs to improve control and strategic principles in Information Security.
The next management practice In a world in which information is increasingly digital and companies’ interaction with the market, staff members and external co-workers is evolving rapidly, the IT risk reaches beyond the boundaries of the IT department to become a risk for the entire organisation or for the business. This has been exacerbated in part by new technologies and operating models, such as enterprise mobility, cloud computing and social media, which tear down traditional borders and dismantle the IT security paradigms that have been used to date. What we have discovered from the 214 CIOs, CSOs, CISOs and security managers of the top Italian enterprises that participated in the survey carried out in the first few months of 2012 by Nextvalue®, the Italian research partner of CIONET, is a real need to improve control in any organisation and to apply, at a strategic level, the Governance, Risk Management and Compliance principles that align IT security operations more successfully with the business. Information security has become a management discipline and requires the right balance between daily operational aspects and strategic aspects. They probably have a long way to go but Italian companies, especially the top ones, are ready to undertake this
36
Special feature CIONET Italy
Leonardo Casubolo, Chief Security Officer of the Kion Group: "Security has to be regarded as a maturity element that confers quality and guarantees trustworthiness." Marco Goria, Chief Information Security Officer (CISO) of Ferrero: “Placing someone in charge of security is becoming common practice in Italian companies.”
process in much the same way as other European companies. An integrated approach to the issues of Governance, Risk Management and Compliance (GRC) has been adopted by just 10% of the panel, but the good news is that this number will double in 2012, according to the survey participants. The investment required for this kind of project is medium/high on average and may, in some cases, reach a sum of one million euros. 44% of the companies that participated in the survey have Chief Security Officers (CSOs) or Chief Information Security Officers (CISOs). In many cases, these professionals are not at the right hierarchical level yet, though banks and public bodies are more advanced here. There is also a very strict correlation between the presence of CSOs and CISOs and of dedicated structures with major relevance of the security issue and related spending, which is usually above average. The CIO decides on security governance in 74% of cases, though the role of CSOs and CISOs is growing in importance.
CSOs and CISOs in action Leonardo Casubolo, Chief Security Officer of the Kion Group, a multinational company that works in the forklift sector, states that security has to be regarded as a maturity element
that confers quality and guarantees trustworthiness. He goes on to say that for correct management of all aspects it is pivotal to adopt an engineering approach based on best practices and standards that influence the structuring of activities and processes. He affirms that any organisation that has an excellent security management structure must separate roles. In this scenario, the CSO identifies the basic principles, defines the policy on a macro level, and provides the operative guidelines that are applied by the IT department.
Information security is becoming more and more of a critical factor and also a strategic investment for achieving better results. At multinational food company Ferrero, one of the duties of the CISO is to define the policies and security procedures that dictate who is responsible for Risk and Compliance Management, according to Marco Goria, Chief Information Security Officer (CISO) of Ferrero. He adds that the person in charge of security regularly attends meetings with a committee responsible for these aspects. These meetings result in a number of actions that have to be translated into activities and security projects. For the Board of the Fiera Milano Group, security is a necessary cost not just to protect company property
but also to comply with regulations, says Giuseppe Ingletti, Director of Infrastructures & IT Services for the group. He goes on to say that security management is placed in the hands of external suppliers. The objective here has been to identify different security control suppliers for the management of infrastructures and applications. Thus, he claims, by contrasting the interests of different suppliers, each becomes responsible for its own activities. He adds that they have kept overall security governance in-house – this involves the definition of guidelines and methods, as well as reporting and control activities.
Communicate, communicate, communicate Given this scenario, better internal communication and awareness of IT security risk becomes increasingly important for the success of an information security management strategy. Ingletti of Fiera Milano says that they are raising awareness among end users because they can be considered the weak link in the chain, triggering a loss of information with potentially serious consequences for the business. Ferrero, too, according to Marco Goria, has promoted campaigns and courses aimed at end users, attracting 1,500 participants among staff, to spread a security culture, achieving positive results in terms of increased awareness.
What’s next. Information security is becoming more and more of a critical factor and, in some cases, also a strate-
The CIO decides on security governance in 74% of cases, though the role of CSOs and CISOs is growing in importance. gic investment for achieving better results. According to Goria at Ferrero, placing someone in charge of security is becoming common practice in Italian companies; Casubolo from the Kion Group feels that the CSO should be a point of reference for all roles within a business. For this reason, it is pivotal to establish dialogue between the different functions within an organisation. We do not believe that companies can defeat cybercrime by themselves, but they have a few more options available to them. Without a strategy and a programme of information security management, the organisation is an easy target for cyberspace criminals and may be the object of the next sophisticated attack. It is hard for Chief Information Security Officers to guide their own companies down a safe path. Unfortunately, there is no other way. The 2012 Information Security Report is available in Italian on the CIONET.com website.
CIONET Italy Special feature
37
IT profession shifts from hard skills to soft skills.
IT evolves into demandsupply organisation Paul Slot has been the director of IT operations at KPN since 1 April. In his current role, he is responsible for the IT operation that KPN uses to deliver services to customers. His ambition is to transform the IT organisation into a demand-supply organisation that excels in operational excellence and compliance. “The market is constantly on the move, so in IT you have to be in a position to move quickly with it”, says Paul Slot. “It is the organisation that determines how we move with the market. A quick time-to-market and flexibility are essential. At the same time, it is important to keep an eye
Paul Slot, director of IT operations at KPN: “The business is developing all the time and it is important that the technology grows with it. The business is the innovation driver.”
on the costs, especially if revenues are under pressure.” At IT operations, the main priorities are operational excellence and compliance. The services have to support the business at an acceptable cost, comply with regulations and offer continuity.
‘The business is the innovation driver.’ “We provide the IT that is needed for the business to bring services for customers on the market. It is the combination of business and technology: the business is developing all the time, and it is important that the technology grows with it. The business is the innovation driver.” “Technical developments happen mainly behind the scenes; we are always looking for efficiency and flexibility here. This means that on the infrastructure side you look for solutions like cloud solutions and maximum virtualisation, and a strategic vision for the setup of data centres. Some things we do in-house, like the infrastructure. As for the applications, we have all kinds of partners.”
From hard skills to soft skills “As a CIO, you have three axes you can target: innovation, customer intimacy and operational excellence. By working more and more with
38
Special feature CIONET The Netherlands
partners, you can outsource the technology component. This allows us to focus more on innovation and customer intimacy. Our plan for IT right now is to make important progress in the area of operational excellence by bringing all the management organisations together in one large organisation. Our partners will supply the technology, while we concentrate on orchestrating the whole package.” Slot hopes this will raise the standard of the IT operations and optimise costs and supply. We are currently identifying the steps, including positioning the partners. What this actually means is that IT will become a demand-supply organisation. We already are to some extent – my predecessors took some major steps in this direction. It will have a huge influence on the organisation, at several levels. Some of the work will be transferred to suppliers, and that will have a direct impact on staff. Where previously they worked on the technology, at an operational level, now they will be managing suppliers. This calls for completely different skills. As a result, you will see fewer and fewer traditional IT professionals in the organisation; these will now be at the suppliers. It is a transition from hard skills to soft skills, like managing relationships.”
What do you do if the CEO tells you to just get it done?
F*** the governance? At a power lunch with several CIOs, one of them threw this issue on the table while looking at me knowing I have been a strong advocate of IT governance for years: “What do you do if the CEO tells you to get it done and f*** the governance? Well you probably go away and just do it no?” I should have been faster on my feet to say then and there that there are four good reasons why that was not necessarily the best response. These reasons are: Compliance. The probability is high that a compliance issue emerges in such a situation. However because of the small size and industry type of this company that may not have been a major problem. Efficiency. It is true that it is the prerogative of executives to make the trade-off between cost and timely results when get-it-done is more important for the enterprise. But then that should be very clear to all involved at the time of the decision. Risk. While compliance risks may be acceptable in this type of enterprise, there are other liabilities where governance plays an important role in keeping them under control, liabilities related to products, employee safety or continuing survival of the enterprise. There are legal standards a judge would use for what is acceptable and what is
reasonable, should a liability case emerge. Pointing out that the executive should consider what he will say to the judge when this occurs is a way to raise awareness. Effectiveness. It is clear that governance, in the case described, was not recognised as also a mechanism to help achieve effectiveness.
How did it get to this? The company is, on an international scale, an SME. Originally (and to some extent still) a family business, it is active in an industry where IT plays, comparatively, a less significant role than in similarly sized enterprises. The CEO took the position that he was the sole authority on governance. In this enterprise the balance of executive and ownership power rests in one person who probably thought more as an owner than as an executive. The CIO accepted he was the major effectiveness tool. It is true that leadership is a major governance mechanism even more in small organisations with short effective spans of control. The CIO did have a problem with the situation which reminds me of a similar case a friend of mine told me where his advice was sought about strong differences of opinion at management level and where he suggested the person to seek another job. This illustrates one version of the CIO acronym: Career Is Over!
However there is another version of the acronym I am reminded of because of the emerging role of the CIO as an influencer and educator. The CIO has to educate executives not only on the intricacies of technology and how it creates value for the enterprise but also about the necessary governance mechanisms that help make that happen. Therefore CIO also stands for Communication Is Obligatory! So, f*** the governance? Yes, but only if more than one of these conditions are true: you’re small, IT is not important and the CEO is the owner.
Erik Guldentops, Researcher and Lecturer in Enterprise Governance of IT has been an Executive Professor at University of Antwerp – Management School for many years after a career at SWIFT.
CIONET Belgium Special feature
39