jim noble seasim keynote
TRANSCRIPT
What Your Execs Think of IT
and why you should care.
© 2015 The Advisory Council International LLC1
Jim NobleCEO, The Advisory Council International
Trusted Advisors to Executives Everywhere
WHYus?
2
ANot-for-Profit team of legendary CIOs
With more than 1000 years of
implementation experience
Offering advice to improve IT
business outcomes
© 2015 The Advisory Council International LLC
The Advisory Council International
Jim Noble, fmr. CIOAl Guibord, fmr. CIO Harvey Koeppel
fmr. CIO
June Drewryfmr. CIO
Carl Wilsonfmr. CIO
Bob Ridout
fmr. CIO
Ed Tobenfmr. CIO
Jody Davidsfmr. CIO
Michael Tasooji
fmr. CIO
Chuck Williamsfmr. CTO
Karl Landertfmr. CIO
John Cross
fmr. CIO
Ian Aldertonfmr. CIO
Georges Diserensfmr. CIO
Neil Cameronfmr. CIO
Simon Orebi Gann
fmr. CIOJeri Dunnfmr. CIO
Bruce Fademfmr. CIO
Steve Sheinheitfmr. CIO
Randy Krotowskifmr. CIO
Filippo Passerini
CIO
3
WHOmatters?
4
5
The Vital Few
~10
~5
~12
Board of Directors
Audit Committee
Executive Leadership + EAs
Level 1 Management
Level 2 Management
Employees
WHATdid we discover?
6
What They Tell Us
7
1) Business imperatives
2) Benefits realization
3) Unplanned outages
4) Absorbability
5) Risk
6) Systems of Record
7) Competitors
THEY THINK ABOUT YOU TALK ABOUT
1) IT strategy
2) Cost
3) Service tower uptime
4) Doability
5) DR/BC/Cyber security
6) Systems of Engagement
7) Innovation / Disruption
3) Operational Uptime
• 99.9% means nothing to them
• Availability of vertical services means nothing to
them
• Outages are related to the business cycle
• They are only interested in unplanned outage
minutes of end-to-end services at certain times
• “Silent running” is simply your ticket to the game
• Does your IT organization structure reflect this?
8
4) Doability Vs Absorbability
9
• It’s much easier for us to deliver than them to assimilate
• IT folk celebrate when the system goes live. The business thinks that the project starts at that point
• Is it better to sequence the traffic than to land it all at the same time?
Corporate Change Impact
Peoplesoft Enhancements
PetroTech
GFSC
TestingCompetency Mapping
PPI
ECM
CorporateSimplification
Peoplesoft Upgrade
EnterpriseRiskMgmt.
BPM
5) Risk: They Are Intellectually Curious About Cloud
• They read about it in an airline magazine…
• They have suddenly become technical architects…
• They have realized that it is a big opportunity and a big risk to your company:o An opportunity to make the business much more agileo An opportunity to keep IT headcount to a minimumo A risk to the governance and security of the company’s
valuable datao A risk of loss over regulatory compliance (SOX, PCI etc.)
10
What We Tell Them About Cloud
• 1980: Origins in telecomms – the Internet replaced point-to-point leased lines
• 1990: NASA SETI for supercomputer of distributed PCs
• 2000: First commercially successful SaaS application (Salesforce.com)
• 2006: First commercial “on demand” hosting (Amazon Web Services)
• 2010: Critical mass achieved on availability of web services (similar concept to Apple’s App Store)
.
.
.
11
• 2015: Average mid-cap company uses hundreds of cloud-based apps, mostly unsanctioned. Shadow IT gone wild.
It’s Here to Stay – Get Used to It
12
There are 5,000 enterprise apps today (and growing).
13
RISK = THREAT x VULNERABILITY x CONSEQUENCE
What They Tell Us About Risk
CEOs Have Woken Up!
1 High taxation2 Loss of customers/cancelled orders3 Cyber risk4 Price of material inputs5= Excessively strict regulation5= Changing legislation7 Inflation8 Cost and availability of credit9 Rapid technological changes10 Currency fluctuation11= Interest rate change11= Talent and skills shortage13 Reputational risk14 Corporate liability15= Major asset price volatility15= Poor/incomplete regulation17 Fraud and corruption18 Government spending cuts19 Theft of assets or intellectual property20 Failed investment21 Corporate governance and internal oversight failure22 Critical infrastructure failure23 Supply chain failure24 Increased protectionism25 Insolvency risk
1 Loss of customers/Cancelled orders2 Talent and skills shortages (including succession risk) 3 Reputational risk 4 Currency fluctuation 5 Changing legislation 6 Cost and availability of credit 7 Price of material inputs 8 Inflation 9 Corporate liability 10 Excessively strict regulation 11 Rapid technological changes 12 Cyber attacks (malicious) 13 High taxation 14 Failed investment 15 Major asset price volatility 16 Theft of assets/Intellectual Property 17 Fraud and corruption 18 Interest rate change 19 Cyber risks (non-malicious) 20 Poor/Incomplete regulation 21 Critical infrastructure failure 22 Government spending cuts 23 Supply chain failure 24 Pollution and environmental liability 25 Sovereign debt
Lloyds Risk Register 2012 Lloyds Risk Register 2014
Lloyds survey of 585 global CEOs
They Read The Media…
THE FACTS:
THE CONSEQUENCES:
THE LESSONS:
Hackers were able to steal sensitive personal and financial data from over 619,000 of the Company's employees and customers
Shareholder sued individual Board members for lack of “Duty of Care”AIG clarified that their D&O insurance does not cover neglect of Duty of CareFederal judge permitted FTC lawsuit to proceed against the Corporation
The firm’s Officers have to comprehend the risk posed by cyber security, and it can affect their personal wealth.
15
Many business executives believe that a competent IT leader can prevent an intrusion into their company.
It is impossible to prevent a focused intruder from gaining access, and yet 85% of IT security spend is
dedicated to prevention.On average, it takes 212 days to react to an intrusion.
And We Tell Them You Must Assume A Sophisticated Attack Will Succeed
The Bad Guys Don’t Have to be Experts
12
A Bank’s Vulnerability Scorecard
Just Buy Insurance?
19
CostOf
Coverage
Completeness Of Coverage100%
Sweet Spot
Insured Uninsured
So How Can Awareness Help?
20
• 85% of IT security spend goes on prevention
• Average of 212 days between intrusion and detection
• 90% of compromises exploit human frailties
• Be appreciative of the value-at-risk (i.e. materiality)
• Be alert to web phishing and e-mails containing malware
• Be sympathetic to strong passwords and regular changes
• Be observant for odd behaviors
HOWcan you get to them?
21
Conveying Your Message
22
• Befriend their executive assistants
• Avoid scheduled meetings
• Travel to nowhere on the same flight
• Outside interests: Golf, fishing….
• Be persistent!