In a couple of conversations recently I am aware that sadly, many technology projects still “fail”.
To use a cliché – the projects are “a dollar short and a day late”. A combination of over-time, over-budget and under-delivery, with the resulting frustration, finger-pointing and opportunity cost.
These examples were not trivial projects, but that said, they are they type of projects that many organisations have completed. So, I began comparing the similarities between the projects to identify trends – things to avoid.
Here are some;
- Poor Business Case Development which includes the Business Requirements, which in turn drive the technical needs
- Inexperienced Project Manager – projects which involve change need experience in change management
- Optimistic Project Plan – a mistake made in many projects is that the project plan has optimistic timelines that lead to the perception of over-time and over-budget.
- Wrong people on the Project Team – or put another way, are the right people on the Project Team? Right Departments? Right level for decision making?
- Poor vendor selection process – it is easy to blame the vendor but if the Business Case and Requirements were poorly constructed, then it is likely that the vendor has the wrong brief. Equally, has the vendor been selected based on clear, detailed criteria?
So, if the project will make a significant return to the business, isn’t it worth funding a Consultative phase to develop the requirements and select the right technology and vendors, and ensuring that the project is being managed by an experienced Project Manager?
This sounds like extra cost, but is it? Surely this is part of running a successful project?
Wednesday, September 5, 2007
Saturday, September 1, 2007
Green for Go
I noticed last week that Terradata announced a new server and the promoted feature appeared to be low power consumption - it uses much less power than the unit it replaced. This is the first such promotion I have seen.
In addition, a week ago in Sydney there was a Data Centre conference with the major themes around building more sustainable Data Centres, consuming less power and thereby emitting less carbon.
This is exciting news and what is surprising is how quickly these "green" issues have become prevalent in IT. Were we trying to reduce power consumption and heat emissions 3 years ago? An idea who's time has come?
In addition, a week ago in Sydney there was a Data Centre conference with the major themes around building more sustainable Data Centres, consuming less power and thereby emitting less carbon.
This is exciting news and what is surprising is how quickly these "green" issues have become prevalent in IT. Were we trying to reduce power consumption and heat emissions 3 years ago? An idea who's time has come?
Saturday, August 25, 2007
Who are you?
On my travel theme, a news article this week brought home to me the importance of thoroughly authenticating employees. Are they who they say they are? Do they the qualifications they claim?
The article that caught my attention stated that an allegedly unqualified Qantas mechanical engineer signed off on the safety of more than 1000 flights without having a licence to do so. It is alleged that the "impostor" forged his aircraft maintenance engineer's licence because he had not passed the Civil Aviation Safety Authority exams required.
True? I have no idea, but it reinforces the point that sadly, people are not always who they claim to be. Thorough checking of qualifications and employment background are vital processes and must form a key element of security management.
Do you have these processes?
The article that caught my attention stated that an allegedly unqualified Qantas mechanical engineer signed off on the safety of more than 1000 flights without having a licence to do so. It is alleged that the "impostor" forged his aircraft maintenance engineer's licence because he had not passed the Civil Aviation Safety Authority exams required.
True? I have no idea, but it reinforces the point that sadly, people are not always who they claim to be. Thorough checking of qualifications and employment background are vital processes and must form a key element of security management.
Do you have these processes?
Friday, August 24, 2007
Information Security? Not at the airport!
This week I found out that travel broadens the mind, in multiple ways!
I got a lesson in information security.
On a wet Monday morning, flights were delayed and the lounge was full. The section of the lounge with the work cubes was packed, and around me, people were busy on the phone.
I spend time working on information security to protect confidential data, and after 10 minutes, I has a lesson that information security is a company-wide issue, and not just IT.
Was it the gentleman on the other side of the cube who was on the phone, describing (in detail) the contracts that he was sending for approval? He described the market research services, and the issues with the contracts. Or was it the gent to the left who was chairing a meeting for a financial service company, or perhaps the lady behind me who was discussing issues with remote monitoring facilities.
All confidential information that they were sharing with a group of people they didn’t know.
Do they forget where they are, or just assume the other lounge guests won’t listen?
As I said, this just reinforced to me that Information Security is a 360-degree issue, and the policies must include when and where people talk about their business.
I got a lesson in information security.
On a wet Monday morning, flights were delayed and the lounge was full. The section of the lounge with the work cubes was packed, and around me, people were busy on the phone.
I spend time working on information security to protect confidential data, and after 10 minutes, I has a lesson that information security is a company-wide issue, and not just IT.
Was it the gentleman on the other side of the cube who was on the phone, describing (in detail) the contracts that he was sending for approval? He described the market research services, and the issues with the contracts. Or was it the gent to the left who was chairing a meeting for a financial service company, or perhaps the lady behind me who was discussing issues with remote monitoring facilities.
All confidential information that they were sharing with a group of people they didn’t know.
Do they forget where they are, or just assume the other lounge guests won’t listen?
As I said, this just reinforced to me that Information Security is a 360-degree issue, and the policies must include when and where people talk about their business.
Friday, August 17, 2007
Is all Data created equal?
How many places do you have data stored? Excluding the data you have residing on servers, what about the data you have stored on your personal devices?
You may have multiple data stores. Your laptop of course, your PDA, mobile phone, USB sticks and removable hard drives. Any more?
In most organisations, “corporate” data, such as accounting information and even email, is secured, protected and managed for back-up.
So, are your spreadsheets and presentations any less valuable to you? The business won't stop trading if they are lost, but what about your productivity? What would happen if they were all lost tomorrow? Are you relying on email as your archive?
This raises three questions
1. What is the security and protection for data on mobile devices, if they are lost or stolen?
2. What is the back-up process for this data?
3. Should this data (documents) be treated differently to other data (accounting)? If so, is that explicit in policy?
You may have multiple data stores. Your laptop of course, your PDA, mobile phone, USB sticks and removable hard drives. Any more?
In most organisations, “corporate” data, such as accounting information and even email, is secured, protected and managed for back-up.
So, are your spreadsheets and presentations any less valuable to you? The business won't stop trading if they are lost, but what about your productivity? What would happen if they were all lost tomorrow? Are you relying on email as your archive?
This raises three questions
1. What is the security and protection for data on mobile devices, if they are lost or stolen?
2. What is the back-up process for this data?
3. Should this data (documents) be treated differently to other data (accounting)? If so, is that explicit in policy?
Thursday, August 9, 2007
Taking Care of Business - 2
A week ago, I posted a question on Linkedin (www.linkedin.com), which asked
“What do you want from your IT Department? Are you getting it?”
I got only 8 answers in a week, which is low, particularly when compared with the 100+ answers to the question “If Vincent ran out, would you buy him some paint?”.
So, on a site with a massive number of professional members (quoted at 12 million), only 8 people had the interest in IT to answer. Of the answers, 7 of the 8 related to the IT Department as a service organisation, which goes to the topic of my Blog, posted a couple of weeks ago. Both of these facts should be slightly concerning to the IT community.
Of the answers, I thought the cleverest answer, (and it made me smile) was from Melodie Neal
“Do not ask me if I've tried rebooting to solve a problem: I tried all the routine stuff before I called you. Try to think outside your comfort zone: the answer to every technical problem does not come in a box with Microsoft's logo on it.
Warn me when you plan to disrupt services, and let that warning be at least 1 business day before the outage. I work to deadlines, and I can only manage my customer's expectations properly if I know what level of service I can expect from systems you run. If you know that something is on the fritz, such as the mail (again), try to let people know promptly.
Try to understand the business we are in, and what tasks we have to perform regularly. Ask a few staff to describe their working day. Spot the gaps where people are using their own equipment to make up the short falls in yours. Try and make the gaps smaller”
I received an answer that I thought summed it up, so I chose it as the Best Answer - from Stuart Ali
“Ability to make decisions based upon organisational need rather than constrained by purchasing policy, current process and budget. Isn't ICT about building capability? ... but isn’t that a mistake of most service providers... focusing on the here and now, believing they are just a "service provider"... then are struck down with bewilderment when a new competitor takes the market by storm!”
“What do you want from your IT Department? Are you getting it?”
I got only 8 answers in a week, which is low, particularly when compared with the 100+ answers to the question “If Vincent ran out, would you buy him some paint?”.
So, on a site with a massive number of professional members (quoted at 12 million), only 8 people had the interest in IT to answer. Of the answers, 7 of the 8 related to the IT Department as a service organisation, which goes to the topic of my Blog, posted a couple of weeks ago. Both of these facts should be slightly concerning to the IT community.
Of the answers, I thought the cleverest answer, (and it made me smile) was from Melodie Neal
“Do not ask me if I've tried rebooting to solve a problem: I tried all the routine stuff before I called you. Try to think outside your comfort zone: the answer to every technical problem does not come in a box with Microsoft's logo on it.
Warn me when you plan to disrupt services, and let that warning be at least 1 business day before the outage. I work to deadlines, and I can only manage my customer's expectations properly if I know what level of service I can expect from systems you run. If you know that something is on the fritz, such as the mail (again), try to let people know promptly.
Try to understand the business we are in, and what tasks we have to perform regularly. Ask a few staff to describe their working day. Spot the gaps where people are using their own equipment to make up the short falls in yours. Try and make the gaps smaller”
I received an answer that I thought summed it up, so I chose it as the Best Answer - from Stuart Ali
“Ability to make decisions based upon organisational need rather than constrained by purchasing policy, current process and budget. Isn't ICT about building capability? ... but isn’t that a mistake of most service providers... focusing on the here and now, believing they are just a "service provider"... then are struck down with bewilderment when a new competitor takes the market by storm!”
Monday, August 6, 2007
How Secure is your Network?
I have been trying to think of a good analogy for IT Security. Insurance? Not really because insurance doesn’t prevent an incident occurring.
How about IT Security being akin to a cricket box (or a cup for baseball)? A cricketer wears one because although he is unlikely to get hit in that area, if he does, the impact is severe.
As we move to a self-service world with web sites interfacing (directly or through middleware) into financial, logistics, reservation and other systems, the opportunity for a security breach increases. The threat from outside the firewall is matched by the threat from within, with security experts suggesting that the risk of an employee abusing the system is much higher than an external “hack”.
This isn’t new – most organisations are wearing a box. Most have invested in good technology supported by strong policies. Can you feel a “but” coming?
The “but” is how do you know it is working at the optimum level? Has the set-up been changed to address the new threats, which are always developing? Who is “checking the checker”?
Let me give you a simple example. What happens if a Firewall device fails in your network? Does it fail open or closed?
So, to make sure that the investment is working, and if the ball does hit that area, the box does it job (stretching the analogy too far), your IT Security requires regular, thorough and independent testing.
How about IT Security being akin to a cricket box (or a cup for baseball)? A cricketer wears one because although he is unlikely to get hit in that area, if he does, the impact is severe.
As we move to a self-service world with web sites interfacing (directly or through middleware) into financial, logistics, reservation and other systems, the opportunity for a security breach increases. The threat from outside the firewall is matched by the threat from within, with security experts suggesting that the risk of an employee abusing the system is much higher than an external “hack”.
This isn’t new – most organisations are wearing a box. Most have invested in good technology supported by strong policies. Can you feel a “but” coming?
The “but” is how do you know it is working at the optimum level? Has the set-up been changed to address the new threats, which are always developing? Who is “checking the checker”?
Let me give you a simple example. What happens if a Firewall device fails in your network? Does it fail open or closed?
So, to make sure that the investment is working, and if the ball does hit that area, the box does it job (stretching the analogy too far), your IT Security requires regular, thorough and independent testing.
Subscribe to:
Posts (Atom)
