Saturday, April 24, 2010

Converged Best Practices and Standards Provide Assured and Hard ROI..

one only needs to think ‘inclusively’

We grew up seeing mountains of files in the backrooms of our parents offices – an age when we cut trees to make paper and created filing systems that could occupy buildings. Then came the digital age and we continue to fell trees and create complex filing / storage systems in servers which are housed in huge data centers.

The digital age promised savings in space, storage efficiency, lightning fast data access and retrieval, remote access… in short, information at your fingertips for a wired you !

Notwithstanding these claims, we continue to struggle to find “that” file, as much as we struggled in the Paper Age. And, if, in that age, we needed warehouses to store files such that they were safe from the weather and were findable, we are no better today when we need large data centers with backup facilities in addition to the huge back-office and front office data processing facilities.

Fundamentally, the technology is right and so is the process which is where we placed our bets. We forgot the people and this is what is making us lose out. There are smart companies who have not overlooked the people factor and are enjoying the fruits of the digital age, but a majority continue to live with the mirage of digital efficiency.

It is payback time and it is time analysts and architects working in the technology domain in data centers, infrastructure, security, governance et al remove their blinkers if they want to survive in the years to come. Else, we may as well prepare for the dark ages.

Data Centers are growing organically and their rate of reproduction would put a rat to shame. Unfortunately the executive measures his efficiency with the size of the data center or the number of computers in the hands of users, and considers security is in place with devices like firewalls, IDS/IPS or, lately, the UTM.

The truth cannot be further away and few farsighted and visionary companies have read between the lines and through the paper to enable people with the right mix of process and technology. This is done by simply following any best practice or standard in the spirit. Any best practice or standard, say an ISO 9001 or an ISO 27001 or a BS 25999 or a CobiT® can bring high ROI and provide clearer vision to management.

The CIO/ CTO/ CEO have to expand their vision… the IO and TO have to stop being IT centric and think enterprise and the EO has to include IT in the vision process, and maybe everyone has to learn about each other’s business. So the technology people must go to management school to learn financial statements and what makes the company tick and the executives should learn the essentials of systems in terms of how and what they can do. It will open up empathy across business lines since people will start thinking in terms of business and not just about how tough it is to get the executive to understand a simple thing like TCP/IP !

It is surprising that the technology executives have yet to think in terms of building-in security or process best practices when they conceptualize enterprise IT architecture. While they are quick to embrace new technologies like cloud, virtualization, SaaS etc they are scared to “experiment” (? This is the wrong word but I shall use it for the sake of generalization) with Open Source. Simply put innovation is not in place because the technology executive is not sure about technology and the benefits it is providing. They race to provide facilities and do not pause to measure; nor do they manage the race since they are driven by the geeky impulse to tinker with new technology, just to ensure high visibility optics.

Starting with data processing facilities, the technology office will do well with a general house inventory. The industry best practices have defined information assets but no one wants to classify digital information and sensitive repositories overlap general storage space. Apples and oranges are stored and handled in similar fashion and disasters will always be waiting to happen.

All practices lead into each other or provide supplementary and supporting value. To illustrate .. classification of information leads to the creation of a risk based inventory. This will help determine the server and storage location for the digital asset, it’s owner, backup, continuity and disaster recovery plans. In turn now one can provision resources for protection, availability and safeguarding to focus on assets that are critical, sensitive or important for business.

Industry figures say that organizations can save up to 30% of asset and resource investment just by having a risk based asset management that talks to change management, incident management and other processes in the organization.

Moving on, environment issues are being discussed fiercely over the past few years but inclusion of Green IT practices in organizations has been surprisingly slow. And that too in the face of the fact that green practices can provide immediate savings in the data center.

Including green practices is simply an activity that extends the best practice processes that may already be in place. The asset inventory done earlier has provided the organization with a map of the information store and the next step is to move non-sensitive information in to virtual data stores and free up server / rack space. Any organization (small, medium, large) will usually save upto 30% of their hardware utilization if information (data) is managed in a structured manner. The fallout is pleasantly evident in immediate returns by way of reduced power consumption and freeing of hardware assets and rackspace (real estate). The power savings accrue due to the reduced number of servers, lowered air-conditioning and lighting requirements.

Similarly managing paper and toner consumption on printers and running awareness programs to reduce unnecessary printing lead to substantial cost savings.

End point security is a big issue and every sysadmin wanting to demonstrate diligence will spend hours looking for exceptions, using state-of-the-art network monitoring tools. Unfortunately he/she is not guided to extend the monitoring to switching off unmanned machines. This is a security best practice and leads to energy efficiency which means immediate hard savings in energy bills.

Intelligent compliance provides overlap points and easy extensibility of best practices for the CIO/CTO/CSO to extract savings in hard cash or intangibles. Green initiatives include virtualization, switching off devices and lights, lowering energy consumption through alternative cooling efficiency systems in data centers, managing server load processing, optimizing network bandwidth use (for example managing spam or unnecessary exchange of files as attachment), introduction of automation and workgroup / file sharing tools, monitoring energy usage with remote shutdown and management, adopting energy and money friendly lighting systems.

Loosely this translates into uncommon common sensical initiatives. Every technology and security manager is exposed to new initiatives in the world of innovation and has to start looking at innovation that will provide value to the enterprise in terms of savings, income, efficiency or productivity. The answer is at hand and only needs the CxO to extend the line from vanilla best practices and standards to thinking of compliance convergence and then to garnish this mixture with a dash of innovation ! It is easy and the benefits are quick to come by.

No comments: