David Fuller, senior VP, solutions and products interviewed by John Pickett, VP and editorial director, IT World Canada
Length: 14.54 minutes. Type of file: Windows Media Video
Companies should adopt a “sticky pudding” rather than a “hard shell” approach to security, according to a Telus Corp. executive.
“The hard shell approach says ‘I’ll put a fortress outside my firewall and won’t let anybody in,'” noted David Fuller, senior vice-president, solutions and products with Telus Business Solutions. That’s not the best strategy to adopt these days when ubiquitous computing is becoming the norm, he said.
Instead, he suggests information technology (IT) departments develop their application layer assuming people are going to get inside their network. “Once they’re inside, make it difficult for them to actually gain access to applications.”
Fuller called this the “sticky pudding approach” and said it helps enterprises to effectively resolve the “security versus open access” conundrum.
The Telus executive made these observations at a ‘CIO Canada Frankly Speaking’ breakfast in Toronto. The event drew CIOs and other senior executives from a broad range of private and public sector organizations.
During a one-on-one with John Pickett, IT World Canada’s, vice-president and editorial director, Fuller described how enterprises today can harness IT tools and strategies to effectively drive “business value.”
However, at the outset, he cautioned against the traditional perspective that equates “value” exclusively with ROI – measured in terms of cost savings and revenue generated. “We must go beyond the financial metric.”
He said today the value of technology investments should be assessed by criteria such as:
• Speed to market – “Sometimes a technology may not provide the ROI you’re looking for, but perhaps it helps you to get to market faster, to quickly reach your constituents or customers.”
• Improved customer experience – There is ample evidence to indicate a better customer experience leads to greater customer loyalty, the Telus executive said. “And that’s a huge tie in to shareholder value and ROI.”
• Enhanced work environment – IT, he said, can significantly enhance the corporate work environment by contributing to employees’ ability to innovate, and share information and knowledge. “It can also help to the extent [that] it enhances their work-life balance.”
According to Fuller, the CIO and his team are key to making the business-IT relationship work. This success of this relationship, he said, hinges on the right perspective and approach being adopted by both sides.
“IT should not view itself as a ‘controls and standards’ group that tells the business what to do. Rather they should get jazzed about [using] technology to drive business goals – and this requires a mindset change, a cultural change.”
On the flip side, he said, the business side should take responsibility for IT, the same way “any general manager worth his or her salt would understand the financials of their business unit. “Business executives need to viscerally feel they own the IT agenda – as it relates to the business – and that they are driving it.”
He cited the example of Telus, where the technology team headed by the CIO isn’t referred to as IT or IS. “They are called the Business Transformation [group] or BT and this name indicates how we view the [role of] technology.”
At Telus, he said, the business and tech sides share a service score card. “So there are metrics I can point to on my business unit score card that are tied back directly to Kevin Salvadori (Telus’ CIO and executive vice-president of business transformation) and his ability to support our team.”
In practical terms this means decisions regarding which projects should receive priority, in terms of spending, are set by the business not by IS, Fuller said.
However, he noted that this philosophy is not yet reflected in the practices of many large companies, including Fortune 500 businesses – and cited the cross-training programs offered by some of these companies to their high performers, as a case in point.
As part of these programs, he said, the firm’s peak performers get to spend time, by rotation, in various of departments – sales, marketing, fianance and so on. But the one group they would usually not spend any time in is IT.
“That’s completely wrong, because in IT you learn the guts of a process that drives your organization,” Fuller said. “If you have rotational training for high performers, IT has to be a stop along the way.”
Call of convergence
Does distributed IT management have a future?
Fuller doesn’t think so.
Adopting a distributed model, he said, is actually a step back from where technology is going. “Today, it’s all about moving to a converged world. Forget what a Telco like Telus would tell you. All the leading software players are moving in this direction.”
He noted that major business applications vendors, including Oracle, Microsoft, SAP are all promoting software as a service.
“By definition this means you are moving the application and data layer back inside the network where [they] are hosted, and you’re sending information out to your clients. In other words, the client end of things will become thinner and thinner.”
To operate in such a world, he said, companies need to have – if not centralized services – then shared services at a very minimum. “And that’s difficult to implement when you’ve got pockets of IT scattered around the organization.”
Fuller said the thrust towards “convergence” and ubiquity of access – is being driven by the felt needs of knowledge workers across various industry sectors.
For instance, he noted physicians don’t have access to the same patient information at their office, home and in the hospital. “It sometimes drives them nuts” because they have to get up in the middle of the night and go to their office to get patient information to do a consultation, as they can’t get at that information at home.”
The same is true in almost any industry, he said.
Most end users, Fuller said, would prefer a world where they can gain access to their data and applications layer wherever they are, and through any type of device – a PDA, a laptop, their home PC, a work-tethered or an IP-enabled PC.
Enabling this requires a fairly thin layered client, he said, because – from a security standpoint – it doesn’t make sense to walk around with a client device that has a whole lot of critical data loaded on it.
He said the good news is technology has evolved to a point where you can enjoy the safety, security and stability of the mainframe world, and still have the application flexibility characteristic of a client-server environment.
Success with access – and automation
Fuller cited how a firm providing maintenance services in Alberta’s oil fields achieved significant business benefits by integrating its communications – and offering ubiquitous access to field staff.
“The company was having real challenges scaling to meet demand,” Fuller said. “They could have sold way more work, but their people were taking time to getting up to speed on a n