Convenience vs Security

The convenience of Microsoft Azure come with some serious problems. It seemed like a good idea at the time to store your cloud service credentials in your on-premise identity management solution. With Microsoft Active Directory and Microsoft Azure, you got exactly that convenience.

The only problem is that when hackers get into your on-premise system, they own your cloud instances too. The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about SolarWinds hackers using privilege escalation to gain access to the Microsoft Active Directory Federated Services (ADFS) and then producing OAuth tokens to move laterally to your cloud instances.

The SolarWinds hack shows that having intruders in your system is the new normal. You need to compartmentalize access, and storing all your access rights in one central place is a very dangerous convenience.

Looking into the Future

After 9/11, the US vowed never to be caught by surprise again. They created the Department of Homeland Security (DHS) to coordinate the intelligence gathering of a quarter of a million employees. On January 5th, the DHS intelligence summary said “Nothing significant to report.” On January 6th, a mob overwhelmed unprepared police at the Capitol and went rampaging through the building.

Companies are also regularly blindsided by events that in hindsight were obvious. You are gathering a lot of information, but it can be very hard to sift out actionable knowledge. Throwing a huge pile of data to a team of data scientists asking them to find the hidden patterns have rarely been successful.

For you as CIO to be able to peer into the future, you need to disengage from the daily running of the organization. It takes several days away from screens, news, email, and social media before the intuition you have can manifest itself, and generate new insights. Can you step away from your organization for several days? If not, your organization and procedures need some work.

https://www.wsj.com/articles/capitol-riot-warnings-werent-acted-on-as-system-failed-11612787596

Future IT Leaders

The future IT leaders are coming from the cloud business. Jeff Bezos just announced he is stepping down as CEO, and the new CEO is Andy Jassy, who was running their cloud business. That business is a small part of Amazon’s turnover, but more than half their profits. At Microsoft, Satya Nadella was running Azure before he became CEO of Microsoft.

The next CIO in your organization is also going to be someone with experience running successful cloud-based solutions. And if you are an IT leader and looking to move up to larger things, you will need some cloud successes under your belt, too.

Just be aware that your career doesn’t just need cloud, it needs cloud solutions that provide significant business benefits without loss of flexibility. It is easy to rack up large cloud bills without anything to show for it, or to get locked into an inflexible cloud solutions. It is not easy to create successful cloud solutions. That’s why those who can will get ahead.

Don’t Whine, Fix the Problem

In a rare communication misstep, Tesla is on the wrong side of public opinion for once. The National Highway Traffic Safety Administration requested a recall of 158,000 cars because Tesla is using cheap memory chips that fail after a few years. That leaves one of the screens in the car blank, making the user unable to activate features like defrosting the windshield. Tesla has now grudgingly issued the recall, but whines that “It is economically … infeasible to expect that such components can or should be designed to last the vehicle’s entire useful life.”

If you have cut corners and delivered a defective product or service, and you are called out on it, the right way to communicate is not to whine that it’s too expensive to do it right. Steve Jobs was exceptionally charismatic and could get away with telling iPhone users “you’re holding it wrong.” Everybody else should just apologise and fix the problem.

Do you Really Need Blockchain?

It is reported that the IBM blockchain team has been gutted, even though IBM vehemently denies it. Enterprise blockchain seems to be in retreat across a wide range of industries.

Organizations with high value maturity have solid processes in place to calculate the business benefit of new technologies, and only a few of those invested in blockchain. But organizations with a lot of legacy technology who felt the need to jazz up their tech portfolio enthusiastically embraced blockchain and started vaguely defined projects

If you are a CIO, take a look at your project portfolio. If you have blockchain projects on the list, have an experienced analyst from outside the project team take a good look at the business case. If she reports back that it is based on overly optimistic assumptions, it should be re-evaluated. If that means the costs outweigh the benefits, the project should be cancelled.

Focus on the Mission

Do you have a hard time finding the IT talent you are looking for? Spare a thought for the recruitment officers at the CIA. With an image that today is more waterboarding than James Bond, their approval rating among millennials is at an all-time low. Even though they have started running video ads, are on Instagram and post jobs on Linked, they have a hard time recruiting the talent they need.

As the CIO, you can’t do much for the general image of your organization in the public eye, but you can make sure you are communicating in a language and on a platform where your prospective employees are. It is hard and expensive to buy the best talent with compensation alone, so you need to explain how working for you will allow IT professionals to make a difference.

That’s why your job ads should have one thing in common with the CIA: Focus on the mission.

Is Estimation Bullshit?

“Estimation is bullshit.” David Heinemeier Hansson (of Ruby on Rails fame) doesn’t mince words. He takes pride in being controversial, and some of his advice is useless or downright dangerous for most organizations. But his point of using budgets instead of estimates is solid.

The reason is it forces everyone to think in terms of business outcomes instead of cost. Instead of asking the impossible “how long will this take” question, you start by determining what a certain feature is worth. If it is worth $200K, you might be willing to spend $50K on trying to build it. If your team hasn’t been able to build the feature after they’ve spent the budget, you kill that project and try something else.

I encourage you to read Wojtek Borowicz’ interview with David Heinemeier Hansson.

If you are involved in the day-to-day running of IT development as a program manager, architect, project leader, or scrum master, I encourage you to read the whole “Shape Up” book. It’s available for free online.

Who Gets to be in the Office?

What happens if more people want to be in the office than can safely be accommodated? With coronavirus distancing rules, you can use less of your space. As employees get work-at-home jitters and want to come in to the office to get away from the kids and congregate at the coffee machine,  you might run out of space.

A New York startup, faced with some of the most expensive office space in the world, had this problem. There are many considerations to balance: Do teams need to work together? Do you want people from different parts of the company to meet? Do you need to give everyone equal visibility in the office?

They decided to build an AI-based algorithm to select who gets one of their coveted office spots. How do you decide who gets to be in the office? That is a leadership decision and not something that should be left to chance.

Employee Activism

Some companies have gotten tired of employee activism. Coinbase has just told its employees to shut up or ship out, and 60 employees have taken the severance package offered and left the company.

That’s an aggressive counter to the public complaints from employees at some high-profile tech companies. They have been criticizing projects and customers and even staging (virtual) walkouts.

IT employees are looking at the way their colleagues at Amazon and Facebook are making their voices heard. Do you have a policy for what your employees can and cannot say? Do you allow political discussions on the #random channel on Slack? You need a policy.

Where you Find Innovation

IBM is splitting, placing the boring parts where it actually runs people’s business in a new company and keeping all the buzzwords in the company that will still be called IBM. Meanwhile, Oracle is trying to regain its mojo by buying a cool video app used by teenagers. Neither is likely to work.

You should not look to large companies for innovation. If they have survived and grown for decades, they are likely to have an unparalleled ability to execute, and it makes sense to tap them for running the steady part of your business. But innovation has to come from small, new organizations that have not assimilated a big-corporation culture. Running innovation centers inside the organization is hard – getting innovation from small outside companies is much easier.