Keeping Data SecureBy Tony Kontzer | Posted 12-22-2011
2012 IT Investments: Leading CIOs Share Their Plans
Welcome to budget season, the annual end-of-year hand-wringing process during which CIOs determine where precious IT budget dollars will be spent in the year ahead. Amid all of the breathless predictions about where 2012's IT dollars will go--Cloud! Social! Mobile!--exactly how any one particular CIO will spend his or her organization's money depends largely upon the industry in which that business operates. (For more on IT budget trends, read our exclusive 2012 IT Investment Patterns Study.)
We've asked CIOs from three very different industries--engineering, health care and hospitality--to share with us their IT priorities for 2012. While each organization has very different needs, a common theme runs through all industry sectors: CIOs are focused on ensuring that their IT environments are agile enough to handle emerging IT delivery models.
Whether that means beefing up capabilities on the mobile front, jettisoning commodity IT assets in favor of the cloud, streamlining access to customer information or modernizing aging legacy applications, IT leaders are looking to propel their organizations into a new era--especially when a few bucks can be saved along the way to mitigate the costs of new technologies. "Many, or most, of the investments for 2012 are focused on either gaining agility or pushing innovation," says Phil Garland, U.S. CIO advisory services leader for consultancy PricewaterhouseCoopers. "Cost reduction is still big, but there's an even greater emphasis on the other two." (For more, here are Five Questions to Answer Before You Commit IT Budget Dollars.)
Few companies illustrate this give-and-take better than Psomas, a Los Angeles-based engineering firm that's seen its number of employees shrink to 500 from 1,000 over the past four years. Rather than shy away from making any significant IT investments, though, CIO Chris Pinckney is forging ahead, focused on establishing an IT environment that takes full advantage of mobile capabilities. In doing so, he hopes to put Psomas in position to pounce on opportunities when better economic times arrive.
"When the recession ends, it's not going to end evenly," says Pinckney. "We want to be able fill needs on any project with talent from anywhere."
The Need for Mobility
Psomas' need for mobility reflects trends within the broader construction industry in which it operates. The old design-bid-build approach--long favored on large-scale construction projects--has been replaced by an agile and cost-effective design-build model. This often requires designers to work on-site as construction proceeds. In such an environment, a strong mobile strategy might prove the key to survival. Add in the fact that engineers coming out of school want to be able to work from home whenever possible, and Pinckney is compelled to provide an IT environment that's available and responsive in a host of settings.
The company boasts a strong voice-over-IP sys-tem, and is upgrading its cloud-based Microsoft Business Productivity Online Services suite to Microsoft 365, a move that Pinckney says will add videoconferencing and screen-sharing capabilities. Psomas is also rolling out the latest version of VMware's View desktop virtualization platform, which will provide virtual desktops that employees can access from home PCs sans a virtual private network. The platform will provide local caching to reduce bandwidth requirements. Together, these projects figure to eat up about 5 percent of the company's IT budget, says Pinckney. He's also facing a big decision on whether to employ a regional model, in which desktop services are delivered from a few hub offices, or put a virtual desktop server in each of Psomas' 10 offices in Arizona, California and Utah.
The company's investment on the mobile front will also yield a potentially significant cost savings by reducing the number of square feet of office space per employee. Rent, Pinckney says, is Psomas' second-highest fixed cost after personnel.
Meanwhile, Pinckney also hopes to combine additional economies with increased agility by targeting commodity IT assets for migration to the cloud. Psomas already has transitioned to a cloud-based spam filter, a move Pinckney expects will save $10,000 a year. He says he plans to look at every commodity IT cost the company is absorbing and search for a less expensive cloud-based alternative that would deliver the bulk of the desired functionality.
"If you can do 80 percent of what you wanted to do, as long as there's a decent cost savings, I think it makes sense to make the change," says Pinckney.
For example, Psomas is in discussions with VMware and one of its cloud infrastructure partners, iLand, about establishing a disaster-recovery environment in iLand's cloud. Currently, Psomas rents space in a top-tier data center, where its neighbors are health care giant Kaiser Permanente and Blizzard Entertainment, makers of the massively multi-player online game, "World of Warcraft." Not only would a cloud-based disaster-recovery solution help the company avoid the costs of acquiring data center equipment and space, it would allow its primary data center to be moved to a less costly, lower-tier facility.
Pinckney says that all of these objectives--fully virtualized desktops, cloud-based disaster recovery and the continued migration of commoditized assets to the cloud--will be met in 2012. As painful as recent years have been for Psomas, Pinckney credits the economic downturn with spurring the firm to focus on making IT leaner and meaner. "If there's a silver lining to this horrible recession, it's that it's a great time to make big changes," says Pinckney.
Douglas Menefee knows all about big changes. As CIO of Schumacher Group, which provides staffing and management services to hospitals and emergency departments nationwide, Menefee has helped the company defy the recession by being an aggressive adopter of cloud computing. Since taking the IT helm at Schumacher, he's moved customer management, human resources, email campaign management and desktop collaboration to the cloud. It's a strategy Menefee believes has played a key role in Schumacher's continued growth, thanks to the cost reductions and increased agility that have resulted.
Moving to the Cloud
For 2012, Menefee has more cloud adoption on tap. He's considering cloud alternatives for single sign-on and identity-management solutions that would simplify access to patient data, and he's looking at whether the company's virtualized data center assets can run on cloud-based services. Even more pressing is his search for a health information exchange platform that will enable Schumacher to aggregate data from the hundreds of hospitals with which it works closely.
Menefee says he's deciding between Medicity's cloud-based health information exchange solution and Microsoft's on-premise Amalga offering. His staff is conducting a total-cost-of-ownership analysis of the two solutions, and he expects to make a final decision in early 2012 and begin implementation during the second quarter. Menefee says the multimillion-dollar effort will command as much as 10 percent of his 2012 budget.
Unlike hospitals that enable the exchange of electronic health records, Schumacher doesn't qualify for incentives from 2009's American Recovery and Reinvestment Act, notes Menefee. That's not stopping him from pursuing what he expects to be a competitive differentiator. "We want to be positioned, two or three years from now, when hospitals are exchanging data elements instead of paper," he says.
Menefee also is focused on expanding Schumacher's capabilities on the mobile front, with the goal of enabling physicians, nurses and other hospital personnel to access patient data from wherever they are. Currently, the company supports employees using a variety of mobile devices by developing applications with HTML5, the latest programming language for delivering Web-based content, especially multimedia.
Schumacher builds only native apps for Apple devices, but Menefee wants to change that. His staff is working on a framework that would enable the company to publish native apps to multiple device platforms. That would position Schumacher to deliver apps more quickly and cost-effectively than before, a necessity in a fast-changing market.
"I have to view everything we do in the mobile space as having a short life," says Menefee. "You're developing solutions that might not be around in six months for a variety of reasons. You've got to have an agile mindset. You've got to identify the business need and deliver a solution very quickly. Until there's standardization, we're going to continue to struggle to keep up."
At Hyatt Hotels Corp., CIO Mike Blake isn't quite as concerned about keeping up with mobile development--he's got more pressing problems on the security front. With nearly every transaction done by credit card, the hotel industry has long been a target for data thieves. Hyatt, therefore, employs a number of solutions to secure its internal systems: Dell SecureWorks oversees the company's firewall, monitoring and maintenance, all as a hosted service, while Microsoft secures the company's email system, SharePoint collaboration sites and instant messaging environment. Nonetheless, the growing threat to data coming from external sources has become a huge issue.
Keeping Data Secure
Blake says the problem accelerates, for example, when a major Hyatt property is hosting 3,000 meeting attendees, with a meeting planner or administrative assistant often booking a room on an attendee's behalf. "I can't prevent your secretary from emailing me a credit card number," says Blake. "As good a job as Microsoft does with email, I'm still not comfortable with credit card numbers floating through my email system."
As a result, Blake recently made the rounds in Silicon Valley, meeting with companies such as Symantec, McAfee and Proofpoint in search of a data-loss-prevention solution that will protect those emailed credit card numbers and other sensitive information. He says he wants something in place well before the end of 2012, and he expects to spend in "the low single-digit millions" to make it happen.
Blake expects to save a similar amount each year via hotel-level server virtualization, another 2012 investment priority. Most of Hyatt's 468 hotels have between four and 15 servers running on-premise systems that control things such as parking, door locks and minibars, and Blake says he sees no reason he can't cut server maintenance costs in half for each property. "A typical big hotel has 15 physical servers on premise, and we think with a virtual model that 15 could go down to three," says Blake. The savings would come in the form of reduced maintenance costs, and Blake is working with Dell, Hyatt's outsourced support-desk provider, to determine the right virtualization strategy--and vendor--for consolidating those servers as effectively as possible.
Blake has more in mind than battening down the hatches: He also wants to deliver increased business agility by modernizing Hyatt's reservations system, one of only two legacy applications remaining in the company (the other being group sales). Blake says the system has reached the end of its useful life, which presents him with this conundrum for 2012: Should he have his staff rewrite the app, port it to another platform or turn it over to a cloud-based vendor?
Normally, he says, his preference "is to buy as opposed to build." But none of the available alternatives on the market are as ready as he'd like them to be, cloud-based or not, and Blake has no desire to have his programmers rewrite millions of lines of code. So, he's decided to go with none of the above and is, instead, looking to squeeze a bit more out of the existing application, thus buying Hyatt some time in the hope that a cloud-based reservations solution will be available by 2013.
For example, Blake is having his staff build localization into the system so that users outside of North America can enter and review reservations data in their native language. But he's also aware that such tweaks can only go so far. "There's probably another year's worth of tuning, and then we'll have to figure out exactly what we're going to do," says Blake.
That decision likely will be pushed into the 2013 budget season, which executives at Hyatt, Psomas and Schumacher no doubt hope will arrive amid sunnier economic skies. Then again, with CIOs who all clearly have their eyes on the future, each of these companies is likely to continue balancing cost-cutting measures with forward-looking IT investments--recovery or not.