Southern California/Orange County CIO Breakfast Round Table
December 11, 2008 meeting
Present: Joel Manfredo, John Mooney, Subbu Murthy, Randy Farner, Andy King, Jeff Hecht, Jennifer Curlee, Jason Dedrick, Sean Brown, Paul Gray, Dave Phillips
We welcomed Jason Dedrick, UCI, to his first meeting.
The minutes of this and prior breakfasts are available online at the Peer Consulting Group’s website, www.peergroup.net, with links to the presentation material, when available.
Topic: Green IT
Joel Manfredo, County of Orange, started by showing technology trends as identified by Morgan Stanley, McKinsey, Gartner and Forrester, highlighting amongst others Cloud Computing, Consumers as Innovators, Mashups, Web Platform (SaaS) and Green IT. Another slide showed the hype cycle for technology trends with Green IT at the peak of inflated expectations (see Gartner slides in Joel’s presentation). He then showed the Wikipedia definition of Green computing – the study and practice of using computing resources efficiently, especially in power management and materials recycling. A Deloitte slide showed the influence of regulation over time, combined with economic and social pressures. An EPA Green Power Partnership slide showed the ranking of 53 Fortune 500 companies green power usage, led by Intel Corp at 1,300,000 kilowatt-hours per year. He touched upon renewable energy, green buildings and energy conservation. He defined the LEED building rating system – Leadership in Energy and Environmental Design, where you can be rated platinum, gold, silver and certified. He also defined the Energy Star program – a joint EPA and DoE program, which addresses both business and home efficiency guidelines, and showed an interesting projection of energy usage. He showed a complex Green IT taxonomy chart, and a chart showing technology enablers to Green IT. He listed Gartner’s10 key elements of a Green IT strategy, including switch it off when not in use, and move from “always on” to “always available“ in the data center. The Energy Stack slide was interesting. Joel ended with the Cisco connected workplace slide, showing the cost savings from the shared workplace design. A great presentation by a subject matter expert - I recommend that you take another look at his presentation slides. They are at : http://www.slideshare.net/occio .
We asked members to tell us what they are doing about Green IT.
John Mooney, Pepperdine University, said that he has been focusing more on IT sustainability rather than on Green IT. He belongs to a consortium called the European Center for Sustainability Leadership, and they had a meeting last week at the UN to define principles of responsibility. Green IT is one of IT management’s areas of responsibility as it influences technology, social and environmental strategies. He sees IT management becoming business practice leaders. He recommends that we switch paradigms from “reduce usage” to “do not use” in the first place.
Subbu Murthy, USourceIT, said that he is involved with open innovation and invited Joel to meet with the group. In general, he found that CIOs tend towards empire building - bigger budgets, staffs and data centers, and were anti outsourcing and SaaS. CIOs are not graded on energy consumption, although he did note that the Dupont CIO is chief sustainability officer for the company.
Randy Farner, Vitreous Solutions, said that according to the Wikipedia definition he has always been green – most service for least cost. Business demands service. When business demands green, the CIO will change. It is a simple value proposition.
Andy King, Exemplis Corporation, agreed that from a corporate perspective, he has to align with the business, and he hasn’t heard anything about green from the business. Common sense tells you that green is good and you have to become conscious about what it takes to become more green, but it hasn’t trickled down yet. He complimented Joel on his presentation.
Jeff Hecht, Word & Brown, said that it is all about ROI. He doesn’t have a mandate to be green – he has a mandate to provide service, and he brought in blade servers to be efficient, not green. He has been looking at software to shut down systems and PCs but building management is not interested in doing their bit.
Jennifer Curlee, Surefire, said that they are a small company, and as such are always interested in saving $. She buys towers not stacks. They have a conflict between outsourcing and IP vulnerability. They keep the lights on because of security, and business continuity demands that they always have excess power for backup. Even so, they try to be green but are having problems with HVAC reliability.
Jason Dedrick, UCI, thanked Joel for a very interesting presentation. He is working in a new research area of carbon productivity, as it affects IT, the business as a whole, and the economy. They are studying any level of carbon usage, and on how IT affects energy usage, and not just at the cost side.
Sean Brown, RJTCompuquest, was sorry that he was in and out during most of the presentation due to a conference call to a solar energy company. He found the pieces that he heard to be very interesting, and took note that the light in the conference room was too bright.
Paul Gray, Claremont (Emeritus), was working on the office hotelling concept in the early 90’s, and attended a conference on the subject in Orlando although he recognized that they used a lot of carbon just to fly there and back! With reference to Joel’s Cisco example and IBM reports, they showed that it didn’t and shouldn’t matter which office space one used when working in the central office and not at the home office. He and John Mooney agreed that to change behavior one needs incentives.
Thank you, Joel, for
Friday, December 19, 2008
Monday, December 1, 2008
OC CIO Roundtable Minutes 11-13-08
Southern California/Orange County CIO Breakfast Round Table
November 13, 2008 meeting
Present: Andy King, Tina Haines, Sean Brown, Jim Sutter, William Zauner, John Pringle, Dave Loomis, Dave Phillips
We welcomed Dave Loomis, ex-Barnes & Noble, IBM, and Siemens to his first meeting.
The minutes of this and prior breakfasts are available online at the Peer Consulting Group’s website, www.peergroup.net, with links to the presentation material, when available.
Topic: IT Policies
Andy King, Exemplis Corporation, defined a policy as a statement of intent intended to influence and determine decisions, actions and other matters, for example: a company’s personnel policy. Reasons for having IT policies include prevention of abuse of IT resources, protection of owners and employees, provide guidelines for IT management decision making, integrate with corporate governance, and to meet regulatory, legal, and ethical requirements. Andy had a couple of slides defining where IT policies fit in an organization. Andy listed every IT policy he found - about 33 in total – and focused on the 7 major policies that Northwestern University have developed. These include policies on security, network/infrastructure, hardware, software, residential network, email and external vendors. Each of these can be expanded to multiple sub-policies. He showed us how the security policy expands into 9 sub-policies. I recommend that you refer to Andy’s presentation slides for detail listings. Andy also circulated examples that he gathered from organizations as varied as a mature indutrial (1 long legal 14 page policy document), several universities policies statements, and a government IT policy. He also listed reference items such as http://www.itgi.org/ (IT Governance Institute), and the British Standard ISO/IEC 38500:2008 on corporate governance of IT
We asked members to tell us what IT policies they have or would recommend.
Tina Haines, Meggitt Electronics, in the continuum of time, they have developed sets of IT policies, but they are not very well coordinated. The company has 35 IT groups which they are just now pulling them all together. The first step is to develop a common set of standards. They intend to develop policies regarding protection of data, security of equipment, email, etc. They are also attempting to install rigorous IT change control and DR. They do have accounting policies in place.
Sean Brown, RJTCompuquest, said that they have a very limited set of IT policies in place. Customers have their own and their consultants have to abide by those policies. They find that it is quite difficult (3 or 4 days) to gain access to customer’s computing resources because of the access policies in place.
Jim Sutter, Peer Consulting Group, said his philosophy over the years has been fewer policies are better than too many, and if the current financial crisis is anything to go by, having policies in place doesn’t seem to guarantee proper behavior. Policies should capture a set of rules, and IT policies should be part of corporate policies, just like HR policies. When he was at Rockwell, he had the same person who drafted IT strategies in charge of drafting IT policies
William Zauner, JAMS, relating to the handout document, agreed that one paragraph could easily turn into many pages of legal policy. He had an outside council work with the HR department draft the HR policies. What he tries to do is fix behavior rather than define policies on things like password protection, and intellectual property protection when external contractors are involved.
John Pringle, ex-RCMT, said that they did not have many policies until SOX compliance became an issue. A manual was developed and they all had to sign a document to acknowledge having read the manual. To control internal usage of the Internet they use a content filter. They also have asset management policies. More and more customers are requiring their consultants to comply with their policies. The top security issue is access to data.
Dave Loomis said that when he worked with Siemens, they had to comply with the customer’s policies. They also controlled internal Internet access using technology, and were rigorous in controlling what you had installed on your computer, and in installing antivirus software. Quite often, the executives were among those who got caught. They insisted that new employees attended training as a condition of employment.
Andy King, Exemplis Corp., added that they also have all new employees sign a technology use policy as a condition of employment, which is tied into the corporate strategy.
Thank you, Andy, for a very good presentation and handout. A copy can be found at: http://www.slideshare.net/occio .
See you on December 11, 2008 – 7:00 a.m. in the RJTCompuquest conference room at:
940 South Coast Dr., Suite 260, Costa Mesa, CA 92626.
November 13, 2008 meeting
Present: Andy King, Tina Haines, Sean Brown, Jim Sutter, William Zauner, John Pringle, Dave Loomis, Dave Phillips
We welcomed Dave Loomis, ex-Barnes & Noble, IBM, and Siemens to his first meeting.
The minutes of this and prior breakfasts are available online at the Peer Consulting Group’s website, www.peergroup.net, with links to the presentation material, when available.
Topic: IT Policies
Andy King, Exemplis Corporation, defined a policy as a statement of intent intended to influence and determine decisions, actions and other matters, for example: a company’s personnel policy. Reasons for having IT policies include prevention of abuse of IT resources, protection of owners and employees, provide guidelines for IT management decision making, integrate with corporate governance, and to meet regulatory, legal, and ethical requirements. Andy had a couple of slides defining where IT policies fit in an organization. Andy listed every IT policy he found - about 33 in total – and focused on the 7 major policies that Northwestern University have developed. These include policies on security, network/infrastructure, hardware, software, residential network, email and external vendors. Each of these can be expanded to multiple sub-policies. He showed us how the security policy expands into 9 sub-policies. I recommend that you refer to Andy’s presentation slides for detail listings. Andy also circulated examples that he gathered from organizations as varied as a mature indutrial (1 long legal 14 page policy document), several universities policies statements, and a government IT policy. He also listed reference items such as http://www.itgi.org/ (IT Governance Institute), and the British Standard ISO/IEC 38500:2008 on corporate governance of IT
We asked members to tell us what IT policies they have or would recommend.
Tina Haines, Meggitt Electronics, in the continuum of time, they have developed sets of IT policies, but they are not very well coordinated. The company has 35 IT groups which they are just now pulling them all together. The first step is to develop a common set of standards. They intend to develop policies regarding protection of data, security of equipment, email, etc. They are also attempting to install rigorous IT change control and DR. They do have accounting policies in place.
Sean Brown, RJTCompuquest, said that they have a very limited set of IT policies in place. Customers have their own and their consultants have to abide by those policies. They find that it is quite difficult (3 or 4 days) to gain access to customer’s computing resources because of the access policies in place.
Jim Sutter, Peer Consulting Group, said his philosophy over the years has been fewer policies are better than too many, and if the current financial crisis is anything to go by, having policies in place doesn’t seem to guarantee proper behavior. Policies should capture a set of rules, and IT policies should be part of corporate policies, just like HR policies. When he was at Rockwell, he had the same person who drafted IT strategies in charge of drafting IT policies
William Zauner, JAMS, relating to the handout document, agreed that one paragraph could easily turn into many pages of legal policy. He had an outside council work with the HR department draft the HR policies. What he tries to do is fix behavior rather than define policies on things like password protection, and intellectual property protection when external contractors are involved.
John Pringle, ex-RCMT, said that they did not have many policies until SOX compliance became an issue. A manual was developed and they all had to sign a document to acknowledge having read the manual. To control internal usage of the Internet they use a content filter. They also have asset management policies. More and more customers are requiring their consultants to comply with their policies. The top security issue is access to data.
Dave Loomis said that when he worked with Siemens, they had to comply with the customer’s policies. They also controlled internal Internet access using technology, and were rigorous in controlling what you had installed on your computer, and in installing antivirus software. Quite often, the executives were among those who got caught. They insisted that new employees attended training as a condition of employment.
Andy King, Exemplis Corp., added that they also have all new employees sign a technology use policy as a condition of employment, which is tied into the corporate strategy.
Thank you, Andy, for a very good presentation and handout. A copy can be found at: http://www.slideshare.net/occio .
See you on December 11, 2008 – 7:00 a.m. in the RJTCompuquest conference room at:
940 South Coast Dr., Suite 260, Costa Mesa, CA 92626.
Subscribe to:
Posts (Atom)
