A greyer shade of green
By James Hayes

28 April 2008

As veterans of many greener IT initiatives, techies are increasingly being turned to as corporate ‘carbon champions’, leading programmes for change action. ‘Green’ still carries a pejorative meaning in many management circles, but senior executives are keen to be quoted making eco-friendly noises regarding their organisations; so at what point does the green ideal blunt itself on the hard edges of commercial realpolitik?

This year sees the advent of two major conferences focused on the role of IT in the greening of the enterprise – the Green IT Summit (March), and Green IT 08 (May). A prevailing theme at both events is that looking at IT in isolation is a redundant notion – because enterprises rely absolutely on their IT infrastructures, an effective carbon control programme encompasses all aspects of their activity. The delegates attending these events are self-selecting: there to learn more about current perceived models of best practice and engage in debate over what green IT initiatives are practical, all of which are as vapid as hot air expelled from a data centre’s outlet vents.

Some spiky divisions are already forming among proponents regarding how to inculcate a green IT mindset in colleagues who may be indifferent to its ambits. Take staff who neglect to switch off PCs, monitors, printers and other appliances when they leave the office, leaving them burning electricity and pumping out fumes into the workplace overnight.

The ‘Carrot’ camp claims that the most effective approach to behavioural change is an orchestrated schedule of awareness training, aimed at engaging with staff to educate them about how individuals can make a key contribution to energy efficiency as part of an holistic carbon control strategy. The ‘Stick’ camp, meanwhile, says this is a load of namby-pamby pussyfootying and that carbon-careless colleagues should be blamed and shamed into changing their ways.

The 'Stick' camp further argues that fussing over the introduction of green IT guidance risks jaundicing vital support from the board, because it sounds like going green will foster recalcitrance among the workforce and also require expenditure before any cost savings start to show. Pure greenists argue that cost savings should not be the primary motivation for an organisation to adopt a green IT policy; maybe so. But the share price hawks will always place financial imperatives before nice-but-not-absolutely-necessary brand virtues.

That go-green initiatives will only succeed if they are sponsored and supported by senior management is a well-worn mantra at green IT rallies. As said, most directors can guff-up a pro-planet mission statement on request; it’s core to the corporate social responsibility remit. The snag is that as commercial exigencies arise, green stuff is prone to sliding down the management agenda and easily gets ‘parked’ until the current boardroom crisis has passed - and that could be the day after never.

Governing bodies – boards, trustees, etc. – are entitled to ask challenging questions of mooted green policies and hold up to question some well-worn green shibboleths. For instance, adopting a green IT policy is supposed to reduce power consumption and thus lower electricity bills (the well-known ‘no brainer’ of green IT). The snag here is that quantifying the metrics of IT power consumption in most extended enterprises – especially those based across multiple sites – is no easy exercise.

First, IT managers have to inventory all computing equipment that the IT department ‘owns’, which can include anything and everything from PDAs to mainframes, plus all the gubbins that sits between. Getting a ballpark figure on how much power this kit consumes would be daunting, even if it were all taking its power feed from a single dedicated circuit. But, of course, this is rarely - if ever - the case. In most offices, IT equipment shares the same circuit as other electrical equipment – photocopiers, fax machines, document shredders, drinks vending machines. Extrapolating how much of the overall power consumption total can be ascribed solely to IT is no easy task.

Then there is the issue of whether IT bosses can gain sight of the actual bills. Access to such corporate information can be a political issue, a privilege often jealously guarded inside organisations. Information is power and information about power could easily be regarded as most sensitive. Furthermore, facilities management and finance departments may be unwilling to acknowledge that power consumption is not only uncontrolled, but out of control. Green IT will have to resolve many more such grey areas before its campaign is won.

Further information:
www.lansdown.com/green
www.greenituk.com

Worming to the idea
By Danny Bradbury, North America Correspondent

28 March 2008

Microsoft found itself embroiled in a heated debate about security in February, following the publication of a New Scientist article that accused it of using "information epidemics" to distribute software patches; but the magazine saw one thing - friendly Internet worms.

Worms are a form of self-replicating program that can spread across networks without such a host. They often do so using little or no human interaction. Generally, such programs are used to distribute malicious payloads. The idea of using the same type of mechanism to distribute software that does good instead of evil has cropped up repeatedly over the years.

The Microsoft paper analysed the way that information spreads across fragmented networks such as the Internet, and tried to find ways to optimise it as a theoretical way of disseminating information online. It also hoped to use the research to find potential ways of better containing Internet worms, explained the abstract.

"In the context of epidemic-style patch dissemination, Microsoft will always let customers decide whether a particular security update is appropriate for them," said a Microsoft spokesperson. Just as well, say some antivirus companies, because if such a system emerged, they would be obliged to protect against it.

Although such worms could distribute patches quickly if coded properly, the potential problems outweigh the benefits. For one thing, the worm would try to 'infect' the computers of people not running the vendor's software - presenting a nuisance and hogging Internet bandwidth.

Also, people still like to control the software patches installed on their computers. Consumers tend to swallow everything that Windows Update throws at them, say Microsoft's security insiders; but business users are more discerning, and will wait until proper testing has been completed before following something out internally. This is an important step, because security patches have been known to cause problems with existing software configurations in the past.

There have been some friendly worms written by underground authors. The KOH virus encrypted floppy disks and hard drives on computers that it infected, so that data thieves couldn't steal it. Another, called Nachi, tried to remove versions of the Blaster worm from any system that it found, before downloading a security patch from Microsoft. And malware writers sometimes write quasi-friendly routines in their own software out of self-interest. During the wars between the Bagle and Netsky Internet worms, one piece of software would try and detect the other, removing it from the system, so that the infected machine would be 'owned' by one party alone.

So, friendly and quasi-friendly worms do have a dark, underground history, even if Microsoft has firmly ruled out the idea of a legitimate future for the idea.

Microsoft’s nascent revenue nibblers
By Danny Bradbury, North America Correspondent

07 March 2008

Microsoft's troubled $44.6bn bid for Yahoo was significant more for what it showed about the software vendor's present condition, then for what it may bring if it actually happens. It was the clearest admission yet by a company steeped in the delivery of desktop and server software that it had probably failed to truly embrace the online services business model.

Take online applications, for example. Microsoft derives about half of its revenue from selling Office applications. That's a cash cow that will be very difficult for the company to abandon. And yet, slowly but surely, other companies born during the Internet age are beginning to deliver such applications through the browser. The one most often talked about is Google, with its Docs and Spreadsheets software, but it is far from the most functional. Zoho offers an entire suite of office applications, including not just word processors, spreadsheets and presentation software like Google, but also database development applications.

There are others, too. ThinkFree bills itself as a free online alternative to Microsoft Office, while Adobe is slowly nudging into this space as well, having purchased Flash-powered word processor vendor Buzzword late last year.

All of these tools have their drawbacks. Delivering desktop-like applications in the browser can be clunky, forcing users to work around different ditches. Some of these services don't offer offline synchronisation, meaning that you can't complete your work unless you are connected to the Internet.

But they are getting better and Microsoft's response has been lacklustre. Its most significant announcement yet was the Office Live Workspace Beta, unveiled last December (2007). Essentially an online sharing system for Office documents, it still requires the use of the desktop software that supports the firm's revenues.

Microsoft doesn't have to worry about online Office applications eating its lunch just yet. Most of these services offer no service-level guarantees. Few, if any, encrypt data at rest, meaning that companies with compliance requirements will have problems using them.

But the vast majority of computer users - and a key market for software vendors - are small businesses, which don't always think as much about these security concerns. Are documents really any safer when left unencrypted on a Windows PC in a locked office than if they are stored in a secure data centre somewhere else and delivered via an encrypted session?

If the kinks can be worked out of these systems, and a leading player emerges to offer more business-class services, Microsoft could find what is now a nascent, vague threat becoming more defined. One obvious compromise for businesses, in the meantime, is to run Office applications that are accessible in the browser but served via an in-house server, to bring such documents under company control, without having to mess around with Citrix and a centralised installation of Microsoft Office. ThinkFree already offers such a product in addition to its desktop and online versions.

So how will Microsoft react to this? The problem with old, calcified business models is that they are very difficult to turn around. Microsoft’s relative exposure in online search is balanced by its strength in online office suites. But in 10 years’ time, will such desktop suites even be relevant? A question no doubt being much pondered deep within the gleaming towers of No. 1 Microsoft Way, Redmond, WA.

Short, sharp cure for data anxiety
By James Hayes, IT Editor

15 February 2008

In an era of ubiquitous computing, you could be forgiven for thinking that technophobia – scourge of workplace digitalisation in the 1980s and 1990s – has become a thing of the past. With everyone from cab drivers to silver surfers clamouring for cool web tools and PDAs, a fear of computers appears to have been a transitory aberration. If anything, technophilia seems mandatory as we lug our lappies between hotspots.

But though most people seem comfortable with computer technology within their own comfort level of proficiency, a new affliction has loomed in the form of ‘data anxiety disorder’ (DAO). This is a condition in which users of enterprise IT systems become irrationally fixated with the notion that no matter how many copies and backups they have of their critical (and non-critical) data, they won’t be able to find it again when they need it. As a result, they habitually make multiple ‘spare’ copies in order to douse the pangs of DAO.

We’ve all been there. At various stages of drafting even relatively unimportant documents we’ll make interim copies ‘just in case’. How many of us bother to delete these copies when the document has been completed and submitted? Hundreds of these useless copies will be included in the backup of the central server that takes place overnight.

If the documents in question happen to be big PDFs or PowerPoint files, then terabytes of rubbish data end-up getting interred in storage and backup systems. Worse, they hamper the rapid restoration of truly critical data if needed.

Data anxiety is, arguably, a condition borne of a more overarching überzeitgeist – ‘data democratisation’. Employees in many organisations are now pretty well able to generate as much data as they want – text and images – and are under no obligation to then ‘own’ that data or take responsibility for its effects on the enterprise IT systems. Data democratisation means that users of enterprise systems expect the freedom to generate volumes of data as and when they wish.

Frantic IT departments may have the occasional swoop on obvious transgressors – staffers who put 100 holiday photos (at 2Mb per snap) on the shared drive for colleagues to enjoy and then forget to delete them afterwards – but it’s a futile gesture. IT departments are overstretched and have more important things to do with their time then go trawling through the thousands of volumes searching for superfluous data to purge.

An alternative course of action – and one that is being increasingly mooted among IT professionals – is that like having a cap on email inboxes, rank-and-file users should have limits placed on the amount of standard data they are allowed to generate over a given period or project. The Web 2.0 generation of knowledge workers now being recruited will wail and whinge at the prospect of such constraints on their work patterns, while meanwhile the words ‘Welcome to the real world’ pop up on their screen savers.

Image: James Hayes, IT Editor

Have data centre, will travel
By Danny Bradbury, N. America correspondent, IT Section

25th January 2008

Whoever first said that the best things come in small packages probably wasn't thinking of data centres. Nevertheless, it applies to them, too, apparently. Sometime in the next few months, Sun Microsystems will be rolling out the intruigingly monikered Project Blackbox.

The Project Blackbox initiative sees the hardware vendor cramming eight data centre racks into a single standard-sized shipping container - essentially cutting the space needed for computing power by two thirds. The advantage, aside from the increased density, is that the units are both transportable and stackable, making it much easier to move processing power around as necessary and scale it up in a relatively small space.

The hope is that companies starved of available space for data centres will be able to use these compact units in innovative ways. For example, one possibility is that they will start putting them on the roofs of buildings. Because they are tested against adverse weather conditions, they should be able to operate without any problems, no matter how bad the weather gets. Another scenario has them placed underground, again saving valuable office space in the middle of expensive cities.

But perhaps one of the most interesting photographs on Sun's Project Blackbox website shows one of the shipping containers stuck underneath a giant wind turbine. The wacky idea is that companies using these units can transport computers to where the power is.

Data centre managers are already complaining that their increasingly high-power demand is outstripping supply available from local substations. Either another line has to be run in at tremendous cost or another data centre has to be built in a substation somewhere else, which again represents a massive investment. Being able to drop a few of these boxes down in the middle of a wind farm creates some interesting possibilities for power-hungry data centre managers, although there is still the telecommunications challenge to consider, because such a unit will require relatively high bandwidth connections back to other computing resources.

Companies are already taking an interest in the concept. Sun executives confirmed that the unit is being considered by International Data Security (IDS), a start-up company in California, which will be taking large boats at the end of their useful lives and filling them with processing power. IDS executives located in the Bay Area won’t respond to enquiries right now, but reports suggest that the first of these boats, providing 200,000 ft.² of processing space, could be moored off the coast of California as early as April.

This move makes perfect sense, not only because space on the water is markedly cheaper than space in the middle of Union Square, but also because the data centres need a lot of water to keep them cool. Cramming a lot of intensive processing capability into a small space generates a worrying amount of heat.

Being able to use water from the sea to cool the units down solves another problem for data centre managers. And as an added bonus, literature allegedly from IDS suggests that this heat could be used to keep the boats warm. How's that for energy efficiency?

The idea of making data centres easy to transport and simple to stack sounds attractive. Getting companies to buy into this innovative concept, which turns the conventional idea of data centre management on its head, could be a slow burn. But if the likes of Sun and IDS succeed, they could solve a lot of problems by thinking inside the box.

Image: Danny Bradbury

Why SFIA take-up is informing the IT skills debate
By Hillary Taylor, Consultant, Zumiya Consulting

11th January 2008

A show of hands at the last SFIA Conference showed the majority of attendees in IT, with 25 per cent in human resources (HR). With no specific figures to hand, it may be premature to assume growing HR and business interest, but a quick look at conference detail may help. For a start, the conference was titled Capability Management. Then most presenters discussed recruitment and retention, professionalism, change and business management. Oh yes, based around SFIA.

“Why do we want to have IT Professionals at all?” asked Alan Hewitt of IBM, in his discussion on human capital management. “To deliver solutions that meet business needs” was just one answer. Using staff development as a retention strategy was discussed by Victoria Speers and Roberta Gardner of Hudson, who confirmed that employees need more than just good pay to maintain an optimum turnover of somewhere less than 10 per cent.

Norwich Union has contributed to many SFIA Conferences over the years, each conference bringing the next instalment of their story. This year demonstrated how far they have come from their first SFIA initiatives.

Their emergent strategy demonstrates strong and growing IT practices across business units and locations developing united teams with a common direction. Peter Leather described the bold steps they have taken to establish organisational roles in parallel to IT functional roles. Practice Leaders, Deployment Managers and Professional Development Managers steer not only staff development and professionalism, but project allocation too. Seven Practices - such as Business Operations and IT Development and Analysis - promote excellence in issues that cover the Business Change and IT delivery lifecycle.

Other presenters also talked about their IT Professions, highlighting common issues across many business change projects, nicely reinforcing the twin Management and Implementation conference threads. While SFIA may not be visible when discussing change management, buy-in and common objectives, a phrase from Alan Hewitt’s presentation, Workforce Analytics, provides a clue. Slightly clinical, this term somehow clarifies that you need to know your business to grow your business, and in IT, SFIA holds the key.

Developing organisational and employee competencies that build and feed business success ultimately relies detailed knowledge of what you have and what you need, Closely followed by being able to use resources effectively. So is SFIA an IT, an HR or a Business Management resource? Almost certainly all three, hand in hand.

Further information:
www.sfia.org.uk

Back to school for IT learning?
By Hillary Taylor, Consultant, Zumiya Consulting

16 November 2007

Falling rolls and frequent skill shortage predictions make it easy to provoke debate on just what constitutes relevant IT curriculum. Fuelled by concern about the potential mismatch between industry requirements and graduate knowledge and skills, collaboration between universities and some of the UK's largest IT employers has seen the 2007 launch of a pioneering new Honours degree.

The only Honours degree endorsed by E-skills UK, Information Technology Management for Business (ITMB) is being offered for the first time at several universities, with more in the wings. Business, project management and personal skills are given equal weight with technical skills. These courses aim to deliver highly employable graduates - future industry leaders, no less.

While the detail may vary between institutions, the carefully crafted syllabus ensures student access to industry, industry speakers, events, opportunities and financial incentives; but is this enough?

E-skills is also a founder member of the SFIA Foundation. So does the SFIA framework, with its core and technical skill definitions, have a place in contemporary curricula?  “Universities are good at delivering depth in core subjects, [but] SFIA is all about contextual skills,” insists SFIA Foundation Operations Manager Ron McLaren; he has responded to the many requests about SFIA that have already come from the higher education sector.  

“The problem with skills frameworks is the lack of match with QCA,” argues David Bowers, programme director for undergraduate ICT and computing at the Open University. Bowers finds SFIA potentially useful in setting and measuring learning objectives for work-based learning that parallels academic learning. He also agrees that universities develop technical knowledge and depth, along with meta-skills, thinking skills and abstractions that transfer to the work place. 

Neil McBride, Principal Lecturer at De Montfort University believes that too many universities still concentrate on construction (programming) skills, in place of analytical and business service skills. He agrees that universities need to provide technical depth “but the range of foundation skills needs to be widened to include how to provide a service - ITIL 3 is an example of service level systems thinking that represents IT today”.

SFIA can be seen as a superset of the extensive implementation detail in ITIL - so does that mean that SFIA needs to be a key framework for today’s computer courses? SFIA is not five years old, but already it is referenced on CoVE (Centre of Vocational Excellence) courses. It’s visible in job descriptions, features on graduate career sites and is specifically mapped against courses offered by The Defence College of Management and Technology at Cranfield University.

The SFIA Foundation’s operational model sees it already engaged with industry, but perhaps the time has now come for more formal engagement in higher education too?
‘Capability Management 2007 - The Annual SFIA Conference’ takes place on 29 November 2008. Venue: DTI Conference Centre, Victoria Street, London, UK. Tickets for this important event are £85 + VAT: check www.sfia.org.uk for full details.

Time to redefine IT skills?
By Hillary Taylor, Consultant, Zumiya Consulting

22 October 2007

Once a year the great and the good of the Skills Framework for the Information Age (SFIA) initiative have their annual gathering. Organised by the SFIA Foundation, the 2007 SFIA Conference, set for 29 November at London’s DTI Conference Centre, comes with a subtle change in title, organisation and emphasis.

Called ‘Capability Management 2007’, it reflects a developing shift from IT (and the framework itself) to business management.

Capability management itself doesn’t get as much publicity as you might expect. In recent years it has become a prime architect in defence planning, moving armed forces management away from equipment to sustainable capability delivery.

In the private sector, meanwhile, it’s growing too, appearing in the working vocabulary of big consulting or recruitment firms such as PA consulting, IBM and Hudson, who are also developing their services with SFIA. In five years of heady progress, there are now getting on for 1000 organisations using SFIA.

The framework’s focus has shifted radically through three generations: the first reached agreement on framework definitions; the second gained users and credibility; the third generation is all about business benefits from profile-related information and communication.

Other ‘managements’ include skill, competency and talent; and while they are all different, do we really need another one?

Arguably, the short answer to this must be ‘yes’, since capability management aligns and integrates a range of business or functional activities, it lines up the nuts and bolts to deliver an integrated whole.

SFIA skill definitions reflect the reality of everyday IT life. Seven skill levels and corresponding core skill definitions appear to put it firmly in the remit of HR departments. But senior executives are perhaps more directly interested in return
on investment, a whole-company affair.

First define what’s wanted at an organisational level, then work out where the gaps are and invest prioritised resources to suit. Of course organisational-level strategy is one thing; it’s entirely another to implement that strategy through all department and skills groups down to an individual level.

A simultaneous blessing and a curse for SFIA is that it’s free to use, but there’s also no independent marketing drive spelling out business benefits in a language understood by the purse-string holders. Despite this, more recruitment and training companies are becoming SFIA Accredited Partners, and more end users are choosing to use SFIA as the translation language for their business process development, as a means to manage skills, gaps and development needs.

Specific strategic change can take some time to get running effectively, requiring both private and public sector to take the long view. Implementing SFIA as part of a business process change needs thought, discussion and more discussion. There’s a lot of it going on, but that’s probably why it’s quiet on the SFIA front. Until the conference, that is.

Capability Management 2007 - The Annual SFIA Conference – takes place on 29 November. Venue: DTI Conference Centre, Victoria Street, London, UK. Tickets for this important event are £85 + VAT: check www.sfia.org.uk for full details.

Non-IT IT experts: the next generation?
By James Hayes

08 October 2007

Growing concern over the decrease in students opting for computer science and IT-related degree courses draws attention to a problem that will make its effects felt in about five-to-ten years’ time. Like the drop in the UK sparrow population, nobody is quite sure what the cause is.

This is not a phenomenon exclusive to British shores; the US and Canada and other parts of the developed world, are experiencing a similar dip in enrolments. Theories as to the cause of the disinterest have been aired – for instance, gone are the swashbuckling days when being an IT professional placed one in challenging situations where resourcefulness and derring do gave techies much latitude in how they went about tasks at hand and to be in IT was to work with cutting-edge technology that was changing lives at a fundamental level. You needed your share of the Right Stuff to cut it.

And as techie skills were deemed to be at a premium, the job was pretty well paid. Even senior IT managers are finding themselves earning, in relative terms, less than they were a decade ago, even though they are nominally wielding more authority. And then there were the perks, of course – expenses-paid days out of the office to attend trade shows, conferences and vendor events around the world.

So let’s accept that the cachet surrounding IT professionalism is not as bedazzling as it used to be. There are many more ‘IT professionals’ around, for one thing, and IT itself as a known and familiar quantity proliferates apace. And furthermore, even mission-critical systems and applications require a lot less technological prodding than they did even a few years ago. Added to this is the fact that many IT users know a lot more about the systems they use and are able to resolve many issues that once required the help of a technical specialist.

If this trend continues – and there’s every reason why it should – then it’s possible that a future shortage of IT professionals may not have the crippling effect on the work world that’s being predicted.

At the same time enterprises will start to consider recruiting IT staff whose background and core skills are based in non-IT disciplines, such as project management, facilities management, and electrical engineering, rather than ‘hard core’ information and communications technology. In the future, could be that we will all count as IT professionals.

Data centres are a broad church

By James Hayes, Editor, Information Professional

13 August 2007

The range of issues affecting data centre management are occupying ever-greater prominence on IT professionals’ agendas. The challenges of high-density computing – cramming more and more processing power into already packed racks – reflects the market-driven need for more processing capacity.

The situation is exacerbated by the fact that few new data centres are being built – certainly not within easy reach of the high-value customers located at the heart of major conurbations, for instance, who want to be within easy physical reach of their critical data.

The option for larger enterprises to run their own data centres is for many untenable. It calls for major capital financial commitments, and with the advent of new data governance legislation, the old days when you could keep your critical computer systems and backup tapes in the basement of your HQ are the stuff of nostalgia.

For these reasons the formation at the start of this year of The Green Grid, a consortium of companies and professionals seeking to improve energy efficiency in data centres is to be welcomed. The Green Grid focuses on what it calls data centre ‘power pillars’ that span the gamut of technology, infrastructure and processes present in data centre environments, built and virtual.

Data centres bring together a range of differing disciplines which, while in many ways complementary, do not always work easily alongside each other. Hardware experts, software specialists, power engineers, disaster recovery agents, facilities managers, security staff – all these professionals have to rub along together under the data centres’ roof.

The keynote of the Green Grid’s message is improved power efficiency, and this chimes well with the climate of green advisory and recommendation evinced by governments, environmental agencies, and other influential bodies (including The IET). Although CPUs are not the sole cause of excess heat, they are an important one.

Chip manufacturers are busily engaged in developing self-cooling silicon platforms that will hopefully help alleviate the problem going forward. But it will be years before their beneficial effects are felt in data centres around the world.

But the challenges for The Green Grid are substantial. As well as proving a foundation for progressive debate over the data centres dilemma, it must also ensure that its board, contributor and general membership reflects the gamut of disciplines that have a stake in bringing data centres growing carbon footprint to heel.

‘Don’t go for the big bang in SOA’ say IDC experts
By Chris Edwards, Associate Editor, Information Professional magazine

3 April 2007

Organisations planning to implement systems based on service-oriented architecture – SOA – principles should move gradually rather than adopting a ‘big bang’ approach.
That was the advice from experts and users in front of an audience of IT users at a recent conference on SOA organised by analyst IDC. By starting with small or well-defined departmental projects, IT managers can avoid the politics that often stymie larger, enterprise-wide ventures.
In reply to delegate question –- from an IT director of a retailer who said he did not know where to start with converting a large mainframe application involving millions of lines of code – Alexander Büch, CTO of E2E Technology, advised: “Don't start with an architectural drawing of the whole company but start with a focused business-driven project. It should be something where you can see an immediate benefit from implementation.”
Not only can it be done that way, “but pragmatically the only way you can do it,” added Steve Elliott, Java web services & SOA specialist at Sun Microsystems. “It is almost impossible to get people to buy into massive company-wide projects.”
VP business development at E2E Technology Chris Henn said users should look at projects that can be completed easily in a few months: “In the first step you will probably just wrap what you have in more modern protocols.”
John Billman, product director at MicroFocus, agreed: “It is important to work incrementally. It is not a good proposition to take a system with 10m to 20m lines of code and turn that into services overnight. Just take the requirement or integration need. If the requirement is to provide web access, then take that part."
Giles Nelson, EMEA CTO of Progress Software, said small steps early on are important to driving larger, enterprise-wide projects later: “Once you have demonstrated to an organisation that you can use SOA principles to deliver something in a reasonable amount of time, then it is much easier for an organisation to adopt.”
Although the company plans to deploy SOA across its entire business, Jeremy Lock, head of trading systems at British Energy, said its work had started small: “We are coming out of a pilot phase and now looking to get stuck into departmental implementation,” Lock said. “We have 60 applications in total, and our change programme is looking to replace or swap out applications. We can pick them off bit by bit, although it is still a big concern."
Jan Duffy, senior analyst for customer segment research at IDC EMEA, said an important aspect of doing SOA on a small scale is that it needs less involvement from board level, members of which may need convincing before giving the go-ahead on a large change initiative. "Corporate initiatives are often needed to encourage the required behaviours to support enterprise SOA. That is not needed for one particular project," she said.

IT pros will have what it takes to be business bosses
By James Hayes, Editor, Information Professional magazine

While MDs and other board-level executives are apt to 'dis' IT colleagues for their supposed nescience toward key business drivers, these same self-styled captains of industry often betray a shocking ignorance of IT. The big difference is that while IT personnel are busy broadening their knowledge of business concerns like governance and regulatory compliance (GRC) issues, lack of understanding of IT by non-IT managers also has just as deleterious an effect on corporate health.

This is less to do with knowing about bits and bytes as understanding the vital role that IT plays in determining operational – and therefore commercial – success. Too often much IT is ascribed as a cost base whose positive contribution to the bottom line can’t be quantified.

But what happens when you have IT people who know all about technology and business? And where does this leave the IT-illiterate boardroom blusterers?

Envisage a future scenario where technologists have long consolidated their business management skills. Chartered IT Professionals are also chartered directors and Chartered Managers.

The imbalance in the corporate status quo will over time create a new set of challenges for enterprises of all sizes to deal with. What happens when the IT department knows most about ICT – as well as GRCs and M&As?

Sound improbable? Business is less about business per se and more about ICT. Consider the situation in organisations where appointments to senior management positions are made by boards of trustees, for example. Candidates from IT backgrounds will carry greater credibility than the typical CEO who has arrived via a traditional, non-technical route.

Not all IT practitioners, of course, will want to claim this degree of responsibility – but it does set-up the probability that in many companies senior directors from IT backgrounds will before the end of this decade be in the strongest positions to assume mantel of powers as they become available.

The incumbents will not cede willingly. There may be more ‘dissing’, more scornful insinuations about the ability of the anoraks to run the shop (even a shop selling anoraks). Pure-born business careerists and even some entrepreneurs will say that techies lack the drive and acumen to successfully run a business. Techies only understand computer systems, they jibe, and working with the latest kit represents the summit of their ambitions.

But ambition is conditioned by opportunity and circumstance. Traditionally IT high-flyers have encountered something of a glass ceiling when it comes to upwardly progressing their career.

There is another way of looking at things. Being a good technologist entails much more than sheer technological expertise. Possession of proven business and technological competences makes IT professionals eminently well placed to bypass barriers, because it establishes their credentials in respect to managing projects.

Is driving a successful IT project the same as driving a successful business? The two may have more in common than the current generation of technophobic MDs and CEOs dare to admit.

IT depts must prove their value on their own terms
by James Hayes, Editor, Information Professional magazine

01 January 2007

IT professionals may be a mite flustered by the findings of a recent report by GRC (governance and regulatory compliance) systems firm Achiever Business Solutions. They flag-up potential boardroom conflict as IT departments are challenged over control of compliance systems budgets by ‘newly-installed internal regulatory watchdogs’.

These corporate compliance divisions are being given more direct control over GRC technology spends by compliance-fevered boardrooms. Although IT departments are still involved in the decision-making process, much control of new compliance systems is falling outside of existing IT planning.

The survey was based on a random sampling, but the findings suggest that much less than half of the spend on GRC systems is coming from the IT budget. The average compliance budget across those surveyed by Achiever Business Solutions was £87,000 - with a further £33,000 allowed for support and maintenance expenditure.

“Monies that would previously have fallen under IT executives’ control are diverted into these new GRC divisions,” says Robert Dent, CEO of Achiever Business Solutions, “with decisions about the compliance systems chosen and the platforms used falling outside existing IT policies.”

Budget control is of course one of the insignias of power. The regressive trend the survey evidences will concern IT professionals at a time when they are seeking to consolidate their status at board level. Ceding influence to a bunch of toadying arrivistes will not be easy for them to accept.

Many IT directors expected GRC to be their baby. Ever since it loomed over the regulatory landscape, compliances have been touted as the biggest challenged faced by IT professionals since Y2K – the ‘millennium bug’. Like Y2K, GRC is anxiety-driven – boards are fearful that if their organisations screw-up over compliancy then they will suffer a number of deleterious repercussions: talk of damaged brand equity, recalcitrant shareholders, angry stakeholders, and possible criminal proceedings against senior executives.

But unlike Y2K, GRC is not a purely technology-driven phenomenon. It calls for competences that lay outside of the IT function’s remit. And in respect to the prospect of liable execs ending up in the dock, it is unsurprising that they are opting not to place all of their trust in the IT department.

Some of this comes down to long-documented lapses of understanding between the boardroom bigwigs and the techies. Mindful of the very public tales of ‘troubled’ IT projects – and the more important they are the more trouble they seem to get – the bigwigs are hedging their bets.

This is not all bad news for the IT brigade – many of whom are probably quite happy for somebody else to take overall responsibility for GRC. To be sure, GRC is not just another big IT project; it requires technologists to be fully conversant with aspects of regulation, legislation, legalities and liabilities that they would not normally need to know about. The rules are being mandated from outside the enterprise.

Then there is the workload issue: don’t forget that while the compliance projects are progressing apace, the existing IT systems need to be maintained, the existing mission-critical applications must continue to be supported.

They key proving ground is if the IT specialists will be able to coolly accept the situation as a reality of corporate life, swallow a  bit of pride, and be 100% supportive of what the board decrees. By showing an absolute willingness to work with the interlopers – and not against them – they will also be accruing respect that will stand in good stead when the compliance dust has settled and been swept back under the carpet.

Related Article
IT compliance liability – buck-passing between outsourcers and their customers?
Information Professional December/January 2006/07 issue

The true value of ‘turning IP’
by Mike Lenette

The seductive rationale for implementing IP telephony is cost savings. Sales and marketing folk have almost worn out their thesauruses looking for with fancy words for it, but at the root of it all is the idea that IP telephony will save you money.

It’s not as simple as that and, while it’s tempting to get carried away, you have to capture all costs in order to compare like with like. So weighed against any potential savings from call minutes, organisations need to balance the cost of replacing PBX equipment and handsets, and consider how they are going to manage quality-of-service issues to allow reasonable quality voice calls.

The true value of IP lies beyond just saving money on call costs: what is really interesting about it from a business point of view is that it enables new applications. Moving from traditional telephony to IP is, in this sense, like the move from the mainframe to the PC - with the resulting innovation in communications.

Realising the potential of an IP infrastructure within an organisation involves a change of emphasis, however, from a technical focus to a service-based focus. This emphasis change will result in the enterprise’s IT and telecoms systems being transformed from undifferentiated utility services to key enabling services far more tailored to the way the organisation - or individual - wants to work.

One big area of gain is that IP telephony supports the move toward greater mobility. Although we now smirk at the huge ‘brick’ phones that some lug around a few years ago, the laugh is really on us, because we are probably carrying around a brick and a half in the form of multiple mobiles, PDAs and laptops.

Add to this our PCs and desktop phones, and it is apparent that device proliferation has resulted in great complexity in the interface layer, which in turn has to be supported. IP offers the opportunity to reduce the complexity of supporting all these interfaces, while enabling convergent devices and so-called ‘fusion’ services.

Dual-mode handsets operate as a standard mobile phone when you are out and about, but automatically log-on to the local network when you return to the office, with seamless roaming between networks.

Convergent services are currently high on the list of business priorities. For example, 34% of respondents to a Computing Technology Industry Association (CompTIA) poll said that implementing converged voice and data technologies such as VoIP, fixed-mobile convergence (FMC), and RIFD was their main technological priority. While research from Strategy Analytics reveals that 22% of mobile calls are made within the office, offering considerable scope to reduce the cost of making these calls while retaining the convenience of using a single handset.

An interesting example of the way that IP networks can enable businesses to do better business is shown by the case of a newspaper distributor. This company had real difficulties in recruiting and retaining staff to work in its call centres, which is unsurprising given that its ‘busy hour’ was between 5am and 7am.

By moving to IP networks, it was able to support home-based working, which significantly reduced the inconvenience of working in the early mornings. Homeworkers didn’t face the problem of getting to and from work, and could potentially just work during the ‘busy hour’ period. This opened up a whole new workforce who valued the ability to work from home for a short period each day, and therefore solved many of the company’s recruitment problems.

It is not just businesses that are benefiting from new IP-based applications. In the healthcare sector, for example, a combination of voice-over-IP, WiFi and an innovative device in the form of a badge has resulted in a revolution in hospital communications. Staff wear the badge on their lapel or around their neck on a lanyard.

Pressing a button on the badge turns it into an IP telephone which has integral voice recognition capabilities. By saying “porters” into the device, the badge automatically connects the wearer to the porters.

The device also combines PBX-type facilities. So by saying “dial” plus a telephone number, the device can connect the wearer to external phone numbers. You can also use the device to access voicemail, calendar or emails. So not only is the device convenient because you no longer have to search for a phone – generating time and efficiency benefits – but it also improves hospital hygiene because it is personal and therefore lowers the risk of cross-contamination.

However, no amount of service innovation will drive uptake of IP telephony if the quality of service it provides is inadequate. So while we are willing to put up with some dropped calls on mobile networks when moving, we would quickly become dissatisfied if calls were being dropped while we were stationery at our desk. A network that drops mission-critical business calls is going to be highly unpopular, as will its sponsors.

But IP telephony has come a long way in this area. IEEE 802.11e, for example, enhances the IEEE 802.11 media access control (MAC) layer, defining a set of quality of service enhancements for LAN applications, in particular the 802.11 WiFi standard. This is important for time-critical applications such as voice-over-wireless-IP and streaming multimedia.

The protocol defines classes of service, which enables voice to be given a higher priority than, for example, non-time-critical communications such as email. And, in practice, enterprises often choose to deploy a series of virtual LANs (VLANs) to carry different services, so that dedicated bandwidth can be assigned to applications such as voice - further ensuring its reliability.

Mike Lenette is Senior Consultant at Comunica - www.comunicaplc.co.uk

The network is the law
by Chris Edwards, Associate Editor, Information Professional

28 August 2006 

What started out as an observation of a trend (albeit one that has held-up pretty well for 40 years), Moore’s Law has encouraged people to come up with a bunch of other ‘laws’ that describe what technology can do.

When Ethernet pioneer Bob Metcalfe came up with the graph that would be named after him, it was a best guess of what should happen, not what did happen. He wanted the graph to demonstrate how the benefits from people using the same type of network – in this case Ethernet – would grow more rapidly as they bought more. Cost scaled linearly, but the value of the network would rise as a square of the number of users.

A lot depends on how you measure value. It is easy to find examples of where Metcalfe’s Law seems to make sense. The Internet in general is one of them. The fact that all computers on the Internet use the same core protocol stack makes that network much more valuable relative to its cost than having to contend with what might have happened had the many competing protocols around during the 1980s simply grew out from corporate networks.

Multimedia messaging is a more recent example. Early in its evolution, the mobile operators sought to limit interoperability in the mistaken belief that they would make more money that way. But people rarely organise into groups that use the same operator.

Faced with the impossibility of sending a photo to their mates, they gave up.
This is where a potential successor to Metcalfe’s Law comes in. First published in 2005 and then re-introduced in a version carried in a recent edition of Spectrum magazine, Bob Briscoe, Andrew Odlyzko, and Benjamin Tilly argue that the square law proposed by Metcalfe is too optimistic. They proposed an n.log(n) relationship, which demonstrates slower value growth as the network increases in size.

There is a caveat. Metcalfe’s Law is too optimistic for the financial valuation of a network rather than its value in a wider sense. It’s an important distinction, as Briscoe and his co-authors pointed to Metcalfe’s Law as being one of the drivers behind the last Internet bubble. It encouraged fanciful valuations of network operators - valuations that could never be realised.

The argument the authors presented has a lot going for it. If you use Metcalfe’s Law to value networks financially, you have to reach the conclusion that there should only be one big telco in the world – that surely is more valuable given an x² relationship than lots of little telcos. An n.log(n) graph provides results that more closely mirrors the money actually seen by operators.

Yet no-one in their right mind would introduce a competitor to the Internet despite the lower expectations of financial value presented by Briscoe’s team. It’s bizarre enough having distinct flavours of 2G or 3G phone.

The value to the user of having to contend with only one standard rather than several is much higher than the more pessimistic graph. The difference is that user-perceived value does not directly translate to money. There are braking effects involved.

In an interview with Om Malik and Niall Kennedy, the venerable Metcalfe said there are clear problems with a simplistic function to describe the value of networks.
Spam, anti-trust, legislation, hacking, viruses. They all conspire to lower the value of the largest networks.

It is possible, as Metcalfe points out, that the value of a network could go down as it grows because of the cost of dealing with anti-social behaviour and government intervention. It seems likely that, at the very least, the graph we need to use will look more like an S than a J. As the network grows, more braking effects come into play until the value hits its maximum.

‘The 10 Biggest Challenges Facing IT managers’ – see Information Professional October/November 2006 issue

Users can't shirk Net security responsibility
by James Hayes, Editor, Information Professional

21 August 2006 

IT security managers must be spitting blood over the news that UK computer workers are now claiming that they just ‘can’t help’ exposing their employers’ networks to online security risks.

Security specialist Finjan questioned the habits of 142 UK office workers: 93% said that they knew that links, attachments, pop-up boxes, and enticing web pages could have spyware, or other forms of malicious code embedded within them. Yet some 86% of these weak-willed keyboard clatterers admitted that they opened attachments and clicked on links without being sure if it was safe to do so.

The findings of the survey suggest that while many so-called ’knowledge workers’ are smart enough to operate complex computer applications as part of their gainful employment, they remain too dense to heed the warnings not to get stung by poking their virtual fingers in the honey traps. Indeed, rank and file users find clicking on dodgy web links or opening unsolicited attachments ‘irresistible’, the Finjan survey says.

More sentient observers will wonder what the heck is going on here. Most people of average intelligence learn at a relatively early age that wasps are not toys, and that naked flames make painful playmates. So why are otherwise bright and clever people continuing to be so careless?

It could be argued that this laissez-faire attitude is a symptom of a wider ‘If it don’t belong to me, I’m not bothered’ culture that permeates large parts of the UK workplace. This has already expressed itself in other aspects of employees’ attitude toward the use of corporate resources. Look at the number of company-own portable computing devices that get lost. Fifteen years ago, taking away a company laptop and leaving it in the pub on the way home would have been deemed a shocking neglect - possibly even a sackable offence.

Now thousands of laptops and PDAs get lost or ‘stolen’ in the UK every year. A recent (August 2006) Freedom of Information enquiry by silicon.com uncovered the number of laptops stolen from key UK government departments over the previous 12 months. The Ministry of Defence was worst affected: it reported that 21 laptops were stolen between July 2005 and July 2006.

The Home Office in total suffered 19 stolen laptops over the period, including four laptops nicked from the Identity and Passport Service. The Core Home Office unit suffered seven stolen laptops, while HM Prison Service had eight laptops lifted. The Department of Trade and Industry told silicon.com it had 16 laptops stolen over the past year, while the Department for Work and Pensions reported nine laptops having gone AWOL. The Department of Health said it was bereft of 18 laptops, though could not confirm if these were lost or stolen.

But online security breaches are in most respects a different kettle of poissons. A broader cross-section of the workforces uses Internet access on a daily basis who might never glimpse a laptop in the course of a year.

OK, so what can be done about the hordes of feckless network users who cannot resist the blandishments of the phisher and the malware merchant?

First, we need to keep banging on about email and Internet usage policies (IEUPs). These need to be updated, formalised, tightened, and enforced with maximum allowable stringency. Some would advocate that IEUPs should be enforced with draconian measures.

IEUPs should then be related to standard terms and conditions of individual job contracts. This would underline the fact that responsibility for security awareness is part and parcel of the conditions of employment.

Next, the bulk of responsibility for enforcing Internet and email usage policies should be transferred from IT departments to line (middle) managers, who are better placed to ensure that their subordinates keep to the rules.

Last, a system of network chargeback should be devised and implemented, so that enterprise teams and departments have to meet from their own budgets any costs incurred by persistent and neglectful security breaches made by their members. This would remind ordinary system users of the real cost IT security breaches can have on the bottom line.

Here are four principles of practice that, if properly implemented, would form the basis of a stolid, multi-pronged security regime. An enterprise where these four principles were in place and operating would see a radical reduction of security breaches before long. But then Finjan might be out of business.

‘The 10 Biggest Challenges Facing IT Professionals’ - see Information Professional October 2006 issue

Cult of secure data will boost IT pros’ societal status
By James Hayes, Editor, Information Professional Magazine

The disconnect between applications development and data management is an abiding affliction for the IT industry. It means, in short, that many applications continue to be developed without full regard for the storage and manipulation the data they generate.

The ‘data fallout’ of systems management gets dealt with separately, because the primary focus falls on the new, sexy front-end, rather than the dull data that it is designed to capture and process into the future.

Biometrics is a case in point. In societies increasingly re-founded on principles of personal identification, and the secure interchange of personalised data for everything from credit cards to library cards, passports to pupil ID, retail and e-tail, biometrics is becoming an absolutely integral to citizenship. By 2010 most people living in developed countries (and many elsewhere) will undergo some kind of biometric check almost every day.

The techniques for scanning bodily features are no longer just found on specialist platforms. They are rapidly appearing in standard hardware and software from mainstream market players like Microsoft, Oracle, and SAP, and so will be appearing on a PC near you soon.

And biometrics is an ever-expanding science. Biometricians are still finding new bits of our corporeal entities that serve to provide unique identification of who we are and what we are. It’s probable that in the long term future, holistic biometrics will scan two or three (or more) biometric identifiers simultaneously, to provide enhanced verification.

Technology is making all this possible, and technology is notorious for begetting nigh limitless lots of data. Information professionals are already gulping over the humungous data quantities that the operation of these systems is going to create. Every day, every hour, zettabytes of data will come pouring in; and, don’t forget, this is data that might be mandated to be available for rapid interrogation for some future exigency.

When a terrorist suspect is apprehended, or a benefit fraudster fingered, the authorities need to be able to verify ID credentials within hours, not days. Although it’s gotten legal to keep suspects banged up pending the disinterment of data buried deep in some silo, delays give accomplices time to escape.

What’s more, this data will be the target of hacks and attacks from parties wanting to change or destroy it; so it has to be held and stored securely. These considerations present huge challenges for information professionals. Suddenly the complexities around the data they manage are responsible for will escalate by vast orders of magnitude.

Escalating recognition of the importance of secure ID systems to the societal fabric will, perforce, result in a massive boost to the standing of IT professionals themselves. This, in turn, will lend even more credence to the importance of the IT expert, and also to the inevitability of chartered status that will give IT supremos the full credibility they need to take their place at the top tables of societal governance.

See the Special Report in the August/September issue of Information Professional.

Can biometrics-based security stay ahead of the hackers?
By Chris Edwards, Contributing Editor

08 May 2006

Premises, promises, and (soon) policies want us to believe that the use of biometrics will make IT systems more secure. But as with all the other techniques used to secure systems, the devil is in the detail.

It is starting to look as though the weak link might not be in the biometrics themselves, but in the way they are passed from system to system. There are concerns that, without securing those channels, systems might be spoofed by attackers.

Instead of having to make fake fingerprints, for example, all the hackers need to do is convince the system that it is dealing with a real fingerprint – even though that print is nothing more than an image on a hard drive. That’s the question that faces troubled CIOs: which attacks count?

Governments are actively embracing biometrics through ID cards and e-passports, a commitment that is likely to encourage private sector organisations choose to also put their trust in the techniques. But some of the key decisions on securing biometric data have gone almost to the wire, and irresolution in decision-making are sapping confidence.

It is a matter of debate whether the e-passports demanded by the US government actually carry any biometric information. All they need is a digitised picture of your face – something that is in the public domain. It seemed, at first, that the passport would not need to be protected.

The problem identified by campaigners was that, under its original plan, anyone with a suitable RFID reader could scan for passports and pick up information on the holder’s name, nationality, date of birth, and passport number. All would be useful for identity theft.

A protocol called Basic Access Control (BAC) encrypts the information that is sent to a passport reader; the key being derived from information scanned from the machine-readable data page in the passport. Without that key, the chip simply replies that the access attempt was invalid.

But until a couple of months before the first e-passports were issued by the US, no decision had been made on whether to use Basic Access Control or not. It was only just before the first ones appeared that the State Department finally said that it would make sure its passports used the protocol.

With fingerprints, the situation gets trickier. The EU passports will store images of fingerprints, rather than codes based on the minutiae, the points in the fingerprint where the furrows in your fingerprints split. According to biometrics experts, there are not many attacks that can be staged using a copied biometric image.

Some groups, such as the Chaos Computer Club, claim to be able to spoof systems with false fingers constructed using the source data. What’s more, access to full images makes it easier to produce a fake fingerprint for another system. The German government argued for stronger encryption techniques to be used to protect the fingerprint data that will be used from 2008 under the current timetable for e-passports.

The scheme makes it more difficult to read the fingerprints. In contrast to Basic Access Control, where the necessary information is stored on the passport to access the image file, the readers operated by border guards will need access to electronic keys produced by each passport’s issuing state to read the fingerprint data. However, the protocol itself is still in question.

The current form makes it possible for eavesdroppers to determine whether someone is carrying a passport on them without being able to see it. That could lead to privacy issues.

In the private sector, meanwhile, a security analyst called into question the decision by Microsoft to not encrypt biometric information sent by its Fingerprint Reader to the PC. In practice, the vulnerability is not that great, as the hacker needs physical access to the reader, and it is a device designed for use in the home. Microsoft has warned users not to employ the reader on its own to protect sensitive documents.

Biometrics does not seem to be making things any simpler for evaluating security risks.

Biometrics and you: how will the rise of biometric technology in the enterprise network affect IT professionals? See the Special Report in the August/September issue of Information Professional.

ITIL and service management
By Terry Riches

The realisation that 100% availability of IT services will assume ever-greater significance has led to the introduction of the ITIL best practice standards for IT service management. At the core of the ITIL framework are the configuration, change and incident management processes. The accuracy and relevance of the information within its main configuration management database (CMDB) is critical in delivering the effectiveness of all the associated IT service management processes.

The management of changes to the CMDB is most critical, as service delivery managers must know the exact implications of carrying out any changes before they take place. Avoiding the potential for a ‘butterfly effect’ to develop, as a result of a poorly-executed change or problem resolution, is essential if 100% service availability is to be maintained.

Configuration management is the most difficult IT discipline to implement, due to the manual effort needed to maintain its accuracy resulting from the constant changes to the IT infrastructure - and the lack of suitable tools to intuitively manage the processes.

A number of software vendors have sought to overcome this with the development of IT service configuration management applications that self discover amounts of interrelated network information dynamically. Deploying such applications and processes upon a traditionally-managed cabling infrastructure is an impossible task.

The connectivity and asset information contained within traditional tools and documentation processes, being manually maintained, is inevitably inaccurate, outdated, and hence cannot be safely incorporated into an accurate CMDB. This severely limits the speed of application deployment and the quality of IT Service Management. It is also a major barrier to successful ITIL adoption.

But I would argue that by adopting Intelligent Infrastructure Management IIM tools as part of an IT Service management strategy, IT managers can create an infrastructure platform capable of addressing these problems, providing an accurate, real-time, trusted source of connectivity and asset physicality information that can be incorporated within the core CMDB, and consequently, utilised to enhance all associated IT service management tools and process.

IIM solutions provide an auto-routing capability within their work order management functionality that automatically routes the required services to the desired servers via the most efficient and effective cable links. The work orders required to execute the activity are automatically created, issued to the appropriate technician, and managed by the IIM system. Any actions that do not adhere to the work order are identified and raised as unauthorised actions requiring attention.

Utilising IIM solutions to automatically provision services within a standard office environment will improve change efficiency (and reduce cost) by a minimum of 40%. Within the data centre, IIM solutions have been proven to reduce server commissioning time, while also reducing the number of incidents caused by poorly-executed change. If incidents do, for whatever reason occur, IIM solutions can dramatically reduce mean time to resolution (MTTR) by up to 45%.  

The main issue reducing the effectiveness of the CMDB is the effort required to co-ordinate and manage the manual physical connectivity documentation in complex IT environments. A trusted source of documentation, or the lack of it, has a major impact on the successful adoption IT service management. Rather than a fully integrated CMDB addressing OSI layers 1 to 7, the vast majority of organisations currently rely on ‘tribal’ knowledge and/or numerous sets of spreadsheets, diagrams, whiteboards, Post-It notes, and the knowledge in peoples' heads to document the physical infrastructure elements.

Terry Riches is senior business manager (support & intelligent infrastructures) at Comunica - www.comunicaplc.co.uk

Staying secure in 2006
By Calum Macleod, Cyber-Ark

16 January 2006

Regulation means that companies have never been as vulnerable to the consequences of data breaches. The potential damages resulting from loss of reputation, business, and legal costs, can be crippling. It affects the day to day business; it can also impact long-term M&A strategies. The days of dealing with data breaches in-house are on the way out, and the consequences of being caught trying to do this are potentially worse than simply confessing.
 
In terms of remedies, there are numerous steps to consider. And an excellent guideline to follow is the standard, developed by MasterCard and VISA and also being enforced by American Express, and which is designed to protect cardholder information and must be implemented by members, merchants and service providers. So if you fall into any of these categories, and that will apply to most, then this is important.

1.  Build and Maintain a Secure Network – Maybe an obvious comment, but it is important to understand what this means. You need to have a firewall configuration to protect data and not use vendor-supplied defaults for system passwords, and other security parameters. In order for firewalls to be effective, all communication from untrusted networks or hosts must be blocked, preventing external sources from interfacing with internal ones. A point to note here is that the requirement for the firewall is to ‘protect data’, not to secure the perimeter.

Too often, administrators use the default passwords on systems as important as servers and network devices for ease of use or simply because they forgot to change them. A list of these default passwords can be found on the Internet, and are often how hackers access the network.

2.  Protect Data – In order to achieve this goal, it is necessary to ensure that data is protected when it is stored – and wherever it is stored, and that the data is encrypted when being transmitted across public networks. Although most will probably employ some type of VPN technology for transmission, the secure storage is often overlooked.

Data at rest is frequently left sitting without any form of encryption attached to it. If an intruder is able to hack past the firewall or walk away with a server, there is no protection for the data inside if it lays unencrypted. It is essential that the solution selected to meet this requirement features built-in encryption and key management mechanisms that ensure data is always secure, while at rest, and while being transmitted.

3.  Maintain a Vulnerability Management Program – This is primarily to ensure that you use and regularly update anti-virus software and secondly, that you develop and maintain secure systems and applications. All applications, as well as the network itself, should be protected by an anti-virus solution.

4.  Implement Strong Access Control Measures – This can present a challenge since it does not simply define Identity Management measures but also the need to ensure that data is only accessible on a "need to know" basis. Ensuring that users have access only to the level of data that they need is an important step in preventing data theft, particularly internal data theft5.  Regularly Monitor and Test Networks - This section requires that you track and monitor all access to network resources and data and regularly test security systems and processes. One of the best ways to do this is to have an automated audit trail to assess who had access to data if a security breach was to occur.

5.  Regularly Monitor and Test Networks – This section requires that you track and monitor all access to network resources and data and regularly test security systems and processes. One of the best ways to do this is to have an automated audit trail to assess who had access to data if a security breach was to occur.
The optimum solution guarantees individual logging, while also recording every successful and unsuccessful event, such as login, data access, and administrative activities. Additionally, these audit trails should also be stored in a safe manner and be encrypted and signed and unable to be altered manually. Another key feature to look for is the solution’s ability to maintain an audit trail for a predefined period of time, making it impossible to delete the log before the retention period expires.

6. Maintain an Information Security Policy – The responsibility for this falls squarely on your  IT department and management team to create, define and enforce an information security policy throughout the organisation. The policy should address all relevant rules and regulations defined by regulatory bodies who may have an interest in your activities, and your users should be fully aware of the obligations as well as penalties for non-compliance.

Calum Macleod is European Director at Cyber-Ark - www.cyber-ark.com

Today is the new tomorrow (allegedly)
By James Hayes

6 January 2006

Predictions about IT are often, notoriously, very wrong. Founding IBM Chairman Thomas Watson Sr. is widely quoted as saying in 1943 that "there is a world market for maybe five computers". He lived long enough to be glad that he was proved incorrect.

Yet predictions themselves are often borne of misquotations, misinterpretations, or just sources unknown. Although Watson’s alleged 1943 statement is well known, there is no evidence he ever made it. Watson Sr.’s biographer Kevin Maney tried to find the origin of the quote, but has been unable to locate any speeches or documents of Watson's that contain it - nor are the words present in any contemporaneous articles about IBM.

Watson was a little unfortunate. He had to take the stick for a duff divination that he may not even have made - judged from a perspective of 30-40 years. Yet actually, even five years after 1943 his unverified remark would not have sounded wildly inaccurate.

“It’s getting increasingly harder to predict the future of IT,” an analyst once said, “because so many of the key developments we thought were many years away are here now. In a sense the future is already with us; it has arrived sooner than expected.”

When a professional prognosticator admits that their adumbrations are being squeezed, you know something important is up: these people are highly paid for their vaticinative skills. A failure of faith in the powers of prognosis could lead to wholesale redundancies across swathes of the analyst industry; you read it here first.

We may just getting bored with the excess augury that permeates all aspects of the IT industry. Few solutions enter the market unaccompanied by predictions as to their likely impact on the world of tomorrow.

Nearly a quarter of a century ago, Francis Fukuyama famously proclaimed ‘the end of history’, and taken in context, his message has resonance; but even the most cynical crystal-gazer would balk at predicting the end of innovation.

The market expects vendors to talk-up their new products – and to talk-up new versions of existing products. To be sure, scope for improvement usually translates into scope for making money – the biggest driver of IT innovation yet discovered.

James Hayes is editor of Information Professional

Smarter searching is best way to sweat data value 
By Keith Ricketts

As enterprises amass data upon data, the task of finding the right critical information gets harder. Companies are looking increasingly inwards to find answers to the tough questions they face, and are doing this via sophisticated techniques to seek-out clues that are scattered across their entire IT resource – data submerged in silos including CRM and content management systems, intranets, email and web servers - and users’ own workstations.

Whatever you call these information gathering techniques – ‘enterprise search’ or ‘data fusion’ – they are a means to the same end. They involve sifting through data from multiple sources, and linking together nuggets of information to give a clearer, more meaningful picture of a company’s position – and give a starting point for decisions on what to do next to stay competitive.

The importance to businesses of these techniques is on the up. Many may have hitherto gone without efficient information gathering solutions – simply ‘making do’ with the limited data and search tools currently available is no longer a valid option. Company-wide search techniques are now needed.

Without effective company-wide search techniques, users end up wasting time as they hunt across multiple systems for a piece of information – so companies suffer too. Worse still, has the same information already been generated or found by another person – only for a colleague to repeat the whole process?

A recent US study by analyst IDC asserted that knowledge workers spend more than twice as much time re-creating content that already exists as they spend creating new content. The study estimated that a company with 1000 staff could lose $6m annually due to time wasted searching for information, and $12m on work duplication through inadequate data searches.

Information within enterprises is mostly unstructured – not indexed, tagged or archived such that it is easy to locate. With the sheer volume of information ballooning on the back of moves towards greater corporate compliance (and the growth in data formats like multimedia files), effective enterprise-wide search is moving from 'nice to have' to 'need to have'.

From the user’s point of view, enterprise search works in a similar way to using Internet search engines. Using a simple, logical interface, and the ability to search using keywords typed in everyday language, people get search results organised by a ranking which can be further refined.

This familiar user experience is usually embodied in enterprise search solutions – however the methods used to conduct the searches themselves are very different from those used by Web search engines.

Enterprise search tools (ESTs) provide their results by analysing the unstructured, semi-structured, and structured information, held in unconnected data resources within organisations. They automatically categorise this information, and providing intelligent links to it, irrespective of data format, structure, location or parent application.

ESTs should also be able to provide summaries and rankings to assess the importance of any items of information in a result, and help guide the user toward the results that are most relevant to their search.
This is the crucial difference between ESTs and Web searchers: results are based on relevance and categorisation, whereas Web search gives its rankings according to inbound link popularity to a website. After all, in business the most vital information is never widely known.

Enterprise search gives a single source of access to relevant information with little or no need for educating users. It can also increase the ROI of existing enterprise applications, such as CRM, ERP and SCM systems.

Another area where enterprise search can deliver real ROI is in customer-facing environments such as contact centres, where search can be linked into sales systems, CRM systems, and customer databases. A more effective information search by an agent handling a call means a shorter call, as the agent gets the information they need quicker – which means more calls handled per person.

More strategic benefits will follow as corporate compliance has greater impact on businesses. If a non-compliance issue occurs within a company, the source of that issue will need to be located quickly and the issue addressed. Enterprise search should prove invaluable for this - linking together information from multiple sources to get a more meaningful result - turning a series of unconnected dots into a business snapshot.

Keith Ricketts is marketing manager of business intelligence specialist Ardentia (www.ardentia.co.uk)

Gigabit Ethernet: every home (and small enterprise) should have some
By James Flynn
 
Network attached storage (NAS) combines Redundant Array of Independent Disks (RAID) and high-performance server technologies, to give homes and small businesses a way to save, secure, and access their data in one convenient, ultra-reliable, and low-cost appliance.

The demand for NAS is being driven by a growing realisation that families and small businesses are becoming increasingly dependent on fragile data files for even the most basic tasks in our lives. We have come to rely on fragile, unreliable disk drives to store and manage everything from last year’s invoices and family photos, to the movie we downloaded last night.

If manufacturers can deliver the right mix of features, functionality and price in their RAID-based NAS products, they will quickly become as essential to consumers as PCs and DVDs are today.

You could gain a huge amount of storage capability in your house - equivalent to the amount of storage you can depend on to back up your PC files at your company’s office building. Simultaneously, in addition to storage this market aims to deliver digital multimedia files, such as data, music, pictures and video, travelling at up to 1Gbps speeds within your home and SME: that’s 10 times faster than you can today. 

Inside the digital home multiple people simultaneously share, view and send digital entertainment content to and from a wide range of consumer equipment - digital media servers, network-attached storage, PC storage/expansion and backup gear, routers, multi-user personal video recorders, network area servers, and audio servers.

Up to eight people could watch HDTV signals off of eight separate TVs in the same house with no signal degradation. This is not possible with alternative chip technologies.

Chip companies will have offerings for this market; just a handful of companies have announced plans to make equipment that house such chips to make NAS possible. There are likely to be more; but to make it happen, four key issues are being debated that will affect roll-out.

The first asks the question: does a household really need 1Gbps data - if not, why pay extra for it? This can be debated. But IT industry trends prove that demands for bandwidth continue to rise both in homes and businesses.

Gigabit Ethernet technology costs more than Fast Ethernet. But the price of Gigabit Ethernet has been gradually getting closer to that of Fast Ethernet in recent years. So why buy Fast Ethernet technology when, for a relatively small increase in price, you can get a 10x improvement in bandwidth?

The second issue is whether larger amounts of storage are necessary in our homes. It has been shown that in office buildings the amount of storage required has consistently increased over time. The same pattern is likely to happen in the home environment.

Industry members debate the adequate number of disk drives needed for NAS applications. The answer ranges anywhere from one to eight, but the specific number isn’t the real point. The point is that homes need a lot more storage capacity than they have now. The NAS market satisfies that need.

A third issue addresses whether to use RAID technologies. Without the automatically redundant protection offering by a RAID system with two or more disks, a NAS box simply shifts the risk of data corruption to another box. The incremental cost of redundant striped storage is relatively low, and gets even smaller as the size of the RAID array grows beyond a two-drive basic system.

The last issue is whether to use more hardware or software to enable the 1Gbps speeds. Hardware is a more reliable way to achieve those speeds than software. So for this market to happen, chip companies will have to provide reliable and dependable hardware technologies that deliver the kinds of speeds that NAS technology offers. If they don’t, and more software is used to provide the services, then those speeds are likely to be lower, make the technology less attractive, slowing its deployment.

Another factor that will help make this market grow is traffic management. Chips used in such networks will need finely granular traffic management network processing capabilities to provide efficient classifying, queuing, and scheduling to spawn robust multimedia capabilities. Such technology guarantees delivery of a large number of video and audio channels your – glitch free.

Traffic management provides the ‘fast path’ hardware acceleration from the hard disk drive to the network interface. This arbitrator schedules, controls and delivers stream-aware quality of service management to guarantee support for up to eight concurrent HDTV streaming sessions.

The arbitrator distinguishes between traffic that needs to be guaranteed to arrive on time versus traffic that can be delayed. The technology dynamically allocates bandwidth accordingly. This traffic management capability - coupled with an embedded upper layer protocol accelerator - enables the chips to run efficiently with non-blocking bi-directional 1Gbps throughput.

So, I ask myself whether I want faster voice, data, and video speeds through my house. I ask myself whether I want my kids to be able to watch HDTV upstairs, while I watch it downstairs, with no degradation of signal. I ask myself if I would like to know all the files on my PC, as well as those of my wife and kids, are backed-up on a storage server in my house. I ask myself if I would be willing to pay a reasonable amount - less than $500 - for these benefits (NAS solutions (depending on capacity) are generally being quoted in the $300 range).

The answer to all these questions is: yes.

So you may be remiss by ignoring this potentially explosive market. This NAS train has been picking-up speed during the past few months, and will likely accelerate during the next few. After several attempts, the home networking problem is on the verge of being largely solved with these converged multimedia and storage technologies.

James Flynn is systems architect, enterprise and networking division, at Agere Systems – www.agere.com

Why neglecting new ISO could wreck your business
By Tony Fisher

Few UK companies would part willingly with their ISO 2000 accredited status in quality assurance - yet a new, just as important ISO standard will be published in a matter of months, and few companies so far have taken notice, let alone begun to take action. And the benefits available to software users are, if anything, even more tangible and wide-ranging.

ISO 19770-1 – the new standard - is due to be published in May 2006. It covers the field of software asset management (SAM). SAM is aimed at any organisation wanting to move towards, attain, and maintain a high quality SAM infrastructure and enjoy the benefits that will bring – including potential cost savings.

The new ISO Standard has been developed with help from experts in software asset management (including those in my own company), and has already passed through its first two committee stages at the ISO’s Helsinki centre. The May deadline doesn’t leave an awful lot of time for major software users who want to be sure of reaping the benefits of becoming ISO-accredited in software asset management.  And those benefits can be substantial in terms of both efficiencies and cost savings.

As software asset management consultants, we see the results (and sometimes pick-up the pieces) when large, otherwise-well-run organisations fall down on managing their software assets. It can happen to anyone.

One major UK utility company that is a major software user (as well as being a household name) found itself the subject of three software audits from major vendors in rapid succession. In each case it was obliged to put together an audit team of around 10 people for a period of many weeks, because its existing asset management procedures were inadequate to provide the required information. The total cost of this exercise: a mere £500,000.

From the hundreds of cases my colleagues and I have examined in the past few years, I can confirm that this example is far from unusual. I also know of many cases where organisations that have implemented rational SAM policies have achieved quantifiable benefits in cost, flexibility and the ease with which they can adopt new versions of important standard software products into their organisations.

Be sure of this: being accredited to the new standard will make an important statement about any company that adopts it, in exactly the same way that attaining ISO 2000 status makes an important statement about any organisation’s commitment to quality assurance.  It will enable companies to welcome the new products of the major software vendors, rather than fear change. And it can save software users an awful lot of money.

It is important, though, that companies begin to plan now to meet the challenge of the new ISO standard for SAM, and not to leave it until the last minute.

So, what, exactly, should companies who wish to take advantage of the new standard do to prepare for its introduction next May?
First, they can visit the Investors in Software site at www.investorsinsoftware.com and download either the extracts from the draft standard given there, or the full draft standard from the primary sites referenced.

Second, they can start work now with SAM professionals to establish their starting point and the road map they will need to follow to achieve the levels that will be assessed by the new standard.

To meet the new standard, software users generally will have to demonstrate a number of important factors.

Companies will have to show that their software licensing is under close management throughout the product life cycle, from purchase to retirement. They must also show that they are establishing accepted procedures and policies in terms of software usage as laid down by the ISO standard.

They will also have to prove that there is buy-in at a senior level within the company to SAM procedures, in such areas as the provision of training of senior staff and the circulation of key documents to senior executives.

Further details about the draft ISO standard can be found at the Investors in Software website (URL below), where extracts can be read. Full versions of the draft standard are available from the British Standards Institution (BSI) and the Swedish Standards Institute (SIS) - see URLs below.

Tony Fisher is managing director of software licencing consultant SAMpartners.

www.investorsinsoftware.com
www.bsi-global.com
www.sis.se
www.sampartners.com

How are YOU preparing for ISO 19770-1? How crucial do you think of Software Asset Management? Email your views to the Editor – jhayes@iee.org.uk

Time to crack-down on uncontrolled data mania?
By James Hayes

The world’s IT systems are generating more data than ever in the history of human ingenuity – and, to make things worse, we are keeping nearly all of it. The causes are obvious; but just in case you’re in any doubt there are miles of shelves creaking under the weight of turgid reports counting the causes.

You don’t have to be an over-informed über-guru to see what the problem is. Put simply, basic data is very easy and very cheap to produce. For almost anyone to produce. Children start their data-generating careers as soon as they thumping their first computer keyboard. Retired ‘silver surfers’ will continue to run-up reams of data well into advanced old-age. Give a chimp a laptop, and, if it (the laptop) is switched on, it will soon start generating some data.

Professional data propagators are at the sharp end of the problem. Standard business processes and commercial applications, cause petabytes of data to be spewed forth. Multinational corporations and SMEs alike are producing data in an almost uncontrolled fashion. Organisations in both private and public sectors are manufacturing more data than they really know what to do with.

Everyone knows that data overload is a problem, and that it is going to get worse before it improves. Analysts and researchers are busy plotting the course of this unbridled proliferation, but everyone knows where it’s all coming from. IT has turned us all into unstoppable, obsessional data fabricators.

We are right to be concerned. We are heading for a data dystopia, where all the executive summaries have been summarised, and all the numbers have been crunched into a fine level of granularity. We are slicing data about data about data.

This is, naturally enough, a happy prospect for vendors of data storage solutions. Their growth figures prove it. The storage industry is basking in a golden age right, now in terms of technological development and of sales. It’s nice news also for suppliers of data management solutions, and of security systems than ensure that the data deluge is invulnerable to ill-do.

But from their customers’ perspective, the outlook is not so rosy. Managing data is fast becoming a major overhead for the IT function. The problem with IT systems is not that they make it too easy to make data; it is that they too easily make data about data.

Within even a small enterprise, we are all probably generating at least 50% more data than we really need to. Not the crucial core key important data, the stuff that businesses or organisations run on; but the collateral data – the optional attachments and unwanted email replies, the over-cc’d memos and abandoned drafts and projects-in-progress. All stuff that, for whatever reason, does not get trashed, does not get used, and ends up getting sucked into enterprise backup repositories.

Then there is the concomitant data – the valid backups and spare copies and early drafts of files that also get backed up – and re-backed up – in the quest for absolute data integrity. Oh, and then there’s the ‘mission-critical’ stuff, which is really required to keep the company viable, and which sometime constitutes the hardest to recover.

It doesn’t take a much parallel processing to calculate that before the end of this decade, we are going to be up to our ear-pieces in data. Analysts and pundits have been warning about data doomwatch for decades – and doing their bit to add to the problem with stacks of surveys and reams of research. Report atop report confirms their findings – and makes yet another contribution to the data deluge.

Unless IT supremos start to impose more rigorous procedures about how data is allowed to be created and used (i.e., not use to create more data), the resources needed to deal with the data will rapidly overtake the value the data is providing to the business mission. Enterprises will risk become inundated by the weight of their own data output.

How can this be avoided? Ask a consultant and they will (for a high nominal price) present you with recommendations for tighter data usage policies, allied to data management best practice designed to curb excess data generation.

But consultants’ advice, all ten-ring bound volumes of it, will not tackle the problem at source. Because the real solution is too daunting, too scary, to consider – let alone implement.

While there is much chatter among data management theorists about applying hierarchical database models, deploying meta data categorisation, and about super-intelligent storage solutions, these are far removed from what really has to be done. For in more extremist quarters, IT power-theorists are, in hushed tones, describing an ultra-‘zero tolerance’ approach to data containment: a regime that embodies a New Ruthlessness toward controlling how data is generated – or suppressed – on and in enterprise systems.

So unremittingly draconian is this emerging doctrine, that its suddenly introduction into the workplace would provoke uproar among users. They may now moan about limits to their email inbox size limits, and prohibitions pertaining to the storing of MPEGs and MP3 files on their local hard disks; but when the new data controls come in, they won’t know what hit them.

In the future, not only will email limits be set, but also quotas set as the number of emails users can send each working day. Unnecessary email cc-ing will be banned. Application will have to be made for the retention of attachments over 1Mb in size, and even if it is allowed, it must, of course, be zipped.

Word-processed files must be saved as unformatted, text-only file, unless special permission is granted. PowerPoint presentations may not exceed 12 slides, and graphical elements will be severely limited. Pdf documents will similarly have an upper size limit, and spreadsheets have their values capped.

Website designers will be lauded for coming up with HTML-lite sites. Hard disk space on shared servers will be strictly apportioned – heralding a new era of enterprise storage rationing, as we move from the ‘information age’ into the ‘post-information age’: an age when information will at last be ultimately subservient to the purposes its serves.

What do YOU think? Do IT professionals need to crack down on unrestrained data creation? Email your views to the Editor – jhayes@iee.org.uk

Calumnied companies can make a friend of the blog
By James Hayes

People post all kinds of blather to their blogs, and it is often hard to see how anyone bothers to slog through the pages of tedious pastings, never mind let them influence their buying habits.

Yet suddenly organisations need to start considering the impact blogs have on their reputation and market image. More specifically, marketers need to understand how blogs can impact the marketing mix and the sales cycle.

According to research from Hostway (see News, 28 September 2005) blogs are now poised to “fuel consumer power”. Some 77% of people Hostway polled stated that they would use information from blogs to have an impact on purchasing decisions, with the majority of consumers believing blogs are a “good way to get honest and reliable information about a company and its products”. As opposed to a corporate website, a blog is based on personal opinion and ‘real’ experiences – it is supposed.

Of course, products and people are being publicly slagged-off all the time - on the Internet, on public transport, down the pub. But when the same sentiments appear on a blog, Hostway argued, the knock-on effect can reverberate around the world, and be significantly deleterious to corporate credibility and brand values.

Seasoned surfers know that individuals have been using the Internet to bad-mouth products and services for years. Online diaries often contain highly pejorative remarks about people or places their authors have come into in contact with. Some portals encourage evaluative posts (often anonymous and unverified) about bars, restaurants, hotel, airlines, or international conglomerates accused of worst practice.

But by virtue of their personalised context, blogs are being characterised as capable of having greater effect. And the fact that blog content is usually presented as dynamic content means they are more likely to fetch-up on search engines. Online shoppers searching for best-priced Nike trainers may chance upon a blog claiming that the fancied footwear sucks.

But rather than regarding blogs as the preferred medium of the serial traducer, Hostway suggested that blogs are best seen as an opportunity, not a threat. “Organisations also need to think about the opportunity blogs present,” it said. “People have been talking for years about online communities. Blogs present a way for businesses to develop communities around their products and services.

“If they get in early, and are sensible about their involvement and communication, they have the opportunity to shape, form and be part of these blogging communities.”

Meanwhile, by way of applying a caution to feckless bloggers, there is one remedial step that could be instituted. If a newspaper criticises a product or service, gives a play or movie a bad review, or denigrates a public figure or a private individual, then the ‘right of reply’ convention can be invoked.

No such privilege extends to blogs. They are the wholly-owned domains of their peculiar editors, and as such can ignore any requests to run corrective feedback. 

It should be a badge of honour that decent bloggers extend the same courtesy to those they are wont to slag-off. Right of Reply could be enshrined in a blogging code of conduct that, over time, would differentiate accredited bloggers from irresponsible malcontents.

Widespread recognition of the benefits of such a code – for bloggers and those they blog about – would mean that remarks made on a rogue blog would perforce be discredited, and blogging be bolstered as an emergent route to market.

What’s YOUR take on the blogging controversy? Should blogging employees be cautioned? What’s your experience? Email your comments to the Editor James Hayes – jhayes@iee.org.uk.

ICT professionals to bounce back to the boardroom?
By James Hayes

06 September 2005

Top-drawer techies could be poised for a return to the heart of corporate decision-making - but will still be out of the running for CEO jobs. But they needn't pine too much, as the heyday of high-flying CEOs will be history by the end of the decade.

These are some of the findings of the Pulse 2005 Survey, from think-tank Global Future Forum (GFF). The GFF is a collective of futurists, futurologists, and forward-looking pundits, formed five years ago by IT company Unisys. The idea was to inject their collective conjecturings into the business community, thereby helping organisations extend their strategic planning horizons, and better prepare for things to come.

This year's Pulse Survey asked 286 respondents - comprising 81 futurists, 40 academics, and 166 business practitioners - to comment on a variety of possible business and social scenarios, with particular regard to expectations of the impact of technology.

The report's findings suggest that by the end of the decade, the favouring of a more 'collegiate' approach to corporate control, reflecting less centralised management practices. This change, Pulse postulates, should create greater opportunities for directors from IT backgrounds to come forward and regain the clout they once enjoyed.

"Due to a combination of outsourcing and infighting, senior IT directors were moved sideways during the late 1990s and early 2000s," said GFF Chief Executive - and Pulse 2005 contributor - David Smith. "It is time for them to reclaim their role."

The IT function's status will be enhanced, according to Pulse, as its integral role in supporting competitive strategies becomes more pronounced - particularly in respect to the intelligent management of crucial data.

Emerging business models, with co-operative collectives of companies transacting on a b2b and b2c basis using very responsive networked systems, mean that in-house IT know-how will be needed more than ever.

"Senior IT experts with the requisite skills for managing multi-networked business relationships - that extend from billing to customer fulfilment - will be in great demand," said the GFF's David Smith. "To understand these complex processes and information flows, you need to have top-level technical knowledge."

The Survey makes a case that excellence in customer service will be a key differentiator over the coming years, and that smart management of data will be key to delivering 'richly individualised customer experiences' that can attract, grow and retain customer bases. In David Smith's words, "the ICT role will be back where it should be - driving innovation".

He added: "IT is now at the heart of issues such as company mergers and acquisitions. Organisations need to have the in-house expertise that can tell if a M&A is going to work, from a technical perspective."

However, despite the return to prominence, ICT professionals still face a glass ceiling in their career development, said Smith, if they set their sites on becoming CEOs: "No CEO will be applauded for taking a risk nowadays, as institutional investors want to play safe. Certainly, some CEOs have performed badly, and are seen by investors as a liability, not an asset.

"However, after the dot-com debacles, ICT professionals are still somewhat tarnished. It will be some time before stakeholders look to them as the natural heirs to the CEO's seat."