C3PO Essential To Solve Hard IT Issues?

I bet you are thinking, “Oh no, this looks like a typical Friday IT blog post” and it has all the key ingredients – It’s Friday-tick-has science fiction references-tick-has a weird title-tick – but please go with the flow with this one.   

Last week I took part in two events, one for the Computer Weekly 500 club (weekly IT magazine) which focused on Data Center Transformation (my interview can be found at http://bit.ly/N4XRM7) and the other for the European Banking Forum which focused on enterprise IT departments Staying ahead in Changing Market.” My role was to set the scene for both events and to promote discussion. Naturally, I talked about cloud initiatives from an IaaS and PaaS perspective, customer-centric IT and innovation. The discussion was extremely interesting with many attendees sharing their experiences but certain soft” challenges came up over and over again. Soft is a term which I don’t like as these areas are usually the hardest areas for organizations to address. So really for I&O professionals, in general, to stay relevant with the increasing pressures affecting their organizations, it’s essential that the following hard areas are addressed:

Culture – From my perspective, good IT departments of the past, in large organizations, focused on promoting a culture of rigorous quality control through endless Change Approval Boards (CABs), and wave after wave of test cycles in order to try to ensure quality to the end user. Market and technology pressures will require I&O to rethink this cultural approach to a more fail fast, fail forward” mentality with the focus on releasing new IT services in line with customer/business requirements, detecting and fixing issues quickly, and more importantly to a culture which understands that learning from failure is part of the catalyst for success.

Customer – IT departments have historically viewed the recipients of their technology as users.” This mentality has to stop. These users are not addicted to enterprise IT. With the fast pace of technology innovation, their choices are increasing on whether to use their organizations IT services or to complement their role with external IT services more aligned to their requirements. Simply, in order for enterprise I&O to maintain and gain customers of their services, the focus has to shift to an outside-in approach that addresses business requirements and required customer experience.

Collaboration – Historically, enterprise IT has found it difficult to converse with other parts of the business. Essentially, I&O professionals have been taught to speak the language of WANs,LANs, SANs, etc., while other functions talk about balance sheets, activity-based costing, applied behavioral analysis, etc. To move forward, collaboration enterprisewide is a necessity in order to get support for IT service initiatives and to safeguard success with the required faster pace of delivery. This starts with I&O professionals becoming cognizant about the business they work for and being able to converse with all enterprise functions in order to promote collaboration.

Process – It would be quite simple for me to say that IT processes need to become more agile but this is an overused term. Simply, processes have to move away from a rigid approach, while taking into account industry specifics, such as regulation, to a customer-obsessed approach which is centered on the end IT customer’s service experience and business requirements. IT processes should not stifle new innovative approaches but provide governance based on an understanding of the end customer aligned to business requirements.

Organization  I&O professionals need to focus on ways in which they can move their organization away from a siloed, functional perspective to one that embraces the areas listed above. For some organizations this may involve, physically, disseminating the enterprise IT organization throughout their organization so that IT professionals sit side by side with HR, finance, or other corporate functions.  Other challenges here will be how I&O professionals deal with changing work practices of their customers, for example, the ability for employees to manage their own work time, place of work, and interaction methods.

So hopefully you can now see why C3PO is essential to solving the hard IT issues facing IT. There are many approaches to solving these challenges but it all depends on your IT customers and market specifics. I would welcome any comments to the above and also to discuss these areas further at Forrester’s next EMEA I&O forum, in Paris, on the 19th and 20th of June 2012.

Thanks for sticking with me on this one.


C3PO or C4PO

Thank you John for his post, and sharing your perspective on the financial enterprise IT market. We have been working with senior IT executives from the largest banks. I would like to hear your perspective to change C3PO to C4PO.The fourth C to tackle is: Compliance. Where organizations have to work towards a situation where they are compliant by design, not by testing.

Fourth C = Compliance


Sorry for the slow reply here but you are correct - especially for many European organizations, there could be a fourth C of compliance. Compliance issues largely get picked up at the testing phase prior to release, if lucky, and in many circumstances compliance only becomes a problem prior to an audit. This mentality has to change, especially with self service, automated technologies. It is the job of Enterprise IT to govern and promote compliance best practice in their organization through process, communication and training. It is also the job of the I&O professional or developer to have an awareness of compliance regulations in their industry and to to use that all important "common sense" which sometimes easier said than done.



Compliance by Design

Thanks John. We actually work with our customers to ensure they are compliant by design; not by testing. Uncovering a risk or a compliance gap in the existing IT landscape is often the result of a good analysis – and of bad planning. Many organizations relegate the task of risk and compliance analysis to an afterthought of an IT landscape’s evolution instead of making it an integral part of their IT planning efforts. This is rarely done with intention; it is rather a consequence of lacking the information needed to anticipate the impact of changes at design-time. Having this information makes all the difference, enabling decision makers to identify gaps and avoid them in time.

We often recommend five rules to organization to enable them to move some of the assessment and analysis effort upstream and run it already at design time (see http://www.alfabet.com/en/resources/business-solutions-guide-compliance-... for the whitepaper; sorry registered content).

All the actions can be aligned with the organization’s risk appetite and compliance obligations in order to avoid security leaks, penalties and unnecessary mitigation loops downstream. This ultimately paves the way for an organization to achieve compliance by design.

Interesting to hear your perspective on "compliance by design" versus "compliance by testing".