Change and the CIO

Patrick Ciganer, CIO, National Renewable Energy Laboratory (NREL)

Patrick Ciganer, CIO, National Renewable Energy Laboratory (NREL)

The past decade has brought more significant transformational and disruptive change to the information management and technology environment than has been seen since the advent of the personal computer in the 1970s.

"Creating and regularly updating an enterprise cloud strategy that identifies long-term core-user requirements is a solid broad-distribution information mechanism that can help capitalize on the opportunities represented by the cloud"

Cloud computing, big data analytics, commodity information technology (IT), and high-speed, real-time, mobile data access are all capabilities that have become increasingly ubiquitous since the early part of the century. Coupled with enhanced cyber security challenges and growing network complexity (such as BYOD - Bring Your Own Device) and related vulnerabilities, the environment in which the current slate of chief information officers (CIOs) have to operate is significantly different from the long-established model of centralized functions and operations.

In many cases, the broad availability of these new capabilities has enabled individual components, within large and often distributed organizations, to develop fast and effective local IT solutions dedicated to addressing individual issues. Unfortunately, those "shadow systems" potentially bring inefficiencies into the overall enterprise information management process through possible duplication of efforts and lack of transparency. When several components are trying to solve the same problem (for example advanced asset management), adopting different – and often incompatible – solutions will most often fail to meet enterprise-wide integration requirements in data integrity, security, scalability, and support.

From a strategy perspective, most organizations aim to develop medium-and longterm IT and management architectures that meet the dual requirements of clear efficiency improvement – under usually flat or decreasing investment budgets. Under those conditions, how can CIO organizations manage both a fast-changing technology landscape as well as growing demands for faster, more powerful capabilities in information collection, analysis, storage, management, distribution, and reporting (under an equally fast changing cyber threat environment)?

Functionally, two approaches seem to be competing for the same objective. The first is a strengthening of the historic model of centralized control and direct oversight by the CIO organization of all IT operations and investments. The second is a relatively new model under which the CIO organization is still directly responsible for the functional and operational elements of the enterprise-wide IT infrastructure, core capabilities, and security. However, in this second model, the CIO organization now provides guidance and expertise (including requirements definition and management) to individual organizations interested in identifying, testing, deploying, and supporting local information management capabilities themselves.

In the first approach, two of the core challenges are: 1) bringing back under direct control, with minimal disruption, all of the disparate systems operated outside of the CIO environment; and 2) reinvigorating, in real time, a centralized IT investment process that addresses various constituencies' time tables and requirements as effectively as their shadow system approach.

In the second approach, one of the challenges is developing a coordinated, overarching, IT investment, and support framework that identifies and manages all requests in a clearly documented, objective, and transparent process. Another challenge is evolving the characteristics of some of the services provided by most Office of the CIO (OCIO) organizations. Those services will need to go beyond the traditional reactive support and eventually offer proactive guidance ("consulting") capabilities to their enterprise.

Structurally, one of the most daunting challenges and, simultaneously, area of greatest opportunity resides in effectively leveraging the emerging performance, security, and reliability offered by cloud-based services (for example storage, infrastructure, or software). One possible path forward in managing this challenge is the development of a medium to long-term practical enterprise architecture. In this instance, the effort would proactively identify the following:

■ Which functionalities should be migrated to a cloud-hosted environment?

■ What type of cloud (private, public, or hybrid)?

■ Why?

■ By when?

■ Which functionalities should stay in-house and why?

Creating and regularly updating an enterprise cloud strategy that identifies long-term core-user requirements is a solid broad-distribution information mechanism that can help capitalize on the opportunities represented by the cloud.

An inclusive data-gathering process with individual user constituencies is a key success factor in developing an actionable enterprise architecture plan. Clear identification of needed, and often distributed, individual capabilities is one benefit in listening to, and incorporating, clearly defined medium and long-term user requirements in the planning stage. Those unmet capabilities are usually the driver for the acquisition and deployment of local shadow systems.

Operationally, the required internal information technology and management skill sets have to adapt and grow in tandem with the evolving functional and structural needs of the organization and the enhanced capabilities available in the market. If CIO operations expect to transition from a mostly reactive stance to a more proactive resource and investment planning position, ongoing awareness of quickly changing IT environmental conditions, demands, and vulnerabilities has to shift from a "nice to have" to a "must have." Regular training, change management, operational flexibility, and technology curiosity are some of the characteristics of operations that seem to be best positioned to meet the acceleration in the changes to various facets of the IT landscape. Financially, the CIO community – especially in the public sector – is facing consistently decreasing budgets coupled with increased performance and security demands. Those demands are chiefly driven by the need for increased efficiency and transparency in a very active and fast-morphing threat landscape. The CIO community will have to operate under and manage a general fiscal environment that poses its most difficult long-term challenge. One strategy that can be used to help CIO organizations effectively present their case is increased external awareness and detailed analysis of the costs and resources associated with both the ongoing operation and planned enhancements to the IT capability.

In conclusion, the old adages "you cannot manage what you don't know" coupled with "the only constant is change" might succinctly define the conditions that the 21st century CIO has to deal with for the foreseeable future. One path forward strengthens both the planning function and emphasizes increased flexibility; the other path strengthens the current centralized command and control model.

They might both manage change but, in the long run, one path might be more adaptable, effective, and scalable than the other.