Editor's Note: Welcome to SmartAdvice, a new weekly column by The Advisory Council, a Westport, Conn.-based business-technology advisory service. Each week the column will spotlight TAC's advice on two or three issues of core interest to you, ranging from career advice to enterprise strategies to how to deal with vendors. We encourage you to write to TAC and request answers to pressing business-technology issues. They will not solicit you unless asked, and will respond to you here or directly via E-mail at [email protected].
Topic A: How do I develop a 2004 information-technology plan when the company itself doesn't have a strategic plan?
Our advice: An information-technology strategy helps to fulfill a business strategy. If the organization hasn't formalized such a strategy, then IT executives can help the business managers to draw up such plans. To develop an IT strategy without a company strategic plan, you'll have to identify the de facto business objectives, priorities, and results on your own and use them to build your IT road map.
Company Vision, Mission, and Objectives
Creating an IT strategic plan requires a focal point, which is usually drawn from the corporate vision, mission, and objectives. If a written statement doesn't exist, an unwritten understanding almost always does. The first step for an IT strategy is to clarify this business vision, mission, and objectives. The vision may be a simple slogan: "Service with a Smile" or "Shelter for Everyone," or a more detailed statement. Often, the means to achieve the vision is equally important, such as "increasing long-term shareholder value," or "improved services for the homeless." By looking at these objectives you can derive your specific goals for the coming year.
Even if there's no strategic plan at the business level, organizational sub-units usually have:
These plans can be used to help create next year's technology plan, and are often indicators of the unstated corporate strategy. Draw them out by having your senior IT managers interview the business leaders. In addition, the IT organization has a wealth of data of its own that can help you plan for future growth, as described below.
Your IT plan also should take into consideration and be based upon past accomplishments and information use:
It's also important that your road map isn't just about new projects, but also about managing technology. If there's a constant shift in priorities, a process that can manage these changes needs to be defined. Your Current Technology Usage, IT Resource Allocation, and Technology Architecture pieces should quickly become guiding documents for your current as well as future strategy.
Be sure to follow up quarterly with reviews that assess implementation, the projects' impact on business, and performance measures. All of these will enhance the value of your company's technology use, and help in making IT a strategic partner in business objectives.
Driving Business Value
The whole point of aligning IT with the business is to provide value by using technology in a way most profitable to the organization. Some of your work may be reactive (to market conditions and competitors' uses of technology); some may be collaborative (working with the business to define solutions to business problems); and some, at its best, will be innovative (to advance new business objectives).
Advancing Your Career
The business world loves people who think strategically. Add the ability to innovate and execute and your career will get a high-octane boost. Putting together an IT strategic plan and helping the business build (or at least think about) its strategy will enhance your value and accelerate your career. Modeling strategic planning in your department may even nudge the company toward its own, comprehensive strategic plan!
-- Humayun Beg
Topic B: How can we protect our servers from the continuing waves of hacker attacks?
Our advice: Have you checked your firewall logs recently? Mostly likely there has been a constant stream of automated probes. No one is immune to hacking, because so many attacks are random, automated doorknob rattling. The question becomes not whether are you going to be attacked, but when and how you can minimize the impact.
There's no doubt that the hacker community is getting more sophisticated about how to infiltrate and attack systems, but their laziness and automation works in your favor. You can set your systems to block all the well-known forms of attack. By implementing the following Server Security Checklist, you will stop all but the most determined hacker:
Fortunately, once you've implemented these steps, and unless you are a high-profile hacker target, you can prevent the vast majority of security breaches and Web-site defacements.
-- Beth Cohen
Topic C: What are the most productive tasks an IT leader can focus on?
Our advice: IT leaders are accustomed to keeping a hundred balls in the air, but three key leadership responsibilities have to be protected from getting lost amid the motion and clutter. They have the highest positive leverage when done right; when done wrong, or even done so-so, they can lead to disaster. We call these three the "Vees." They are:
Visions need nurturing. To start, they need visionaries. Part of the process of describing the "wonderful future condition" is a flash of insight that takes the realities of the current condition, the future possibilities offered by technology, and the future context supplied by societal and market trends and, based on that incomplete and contradictory data, leaps to a simple picture five years out. Second, visions need to be visualized, or captured graphically. Third, they need to be restated, over and over, until your most junior developers can recite the vision word-for-word. Finally, visions need to be refreshed and updated.
Every organization needs clearly articulated and commonly accepted values from which to work. Their absence guarantees inconsistent behavior and perceived injustice in reward and punishment, both of which will have a negative impact on productivity, staff retention, and user relations. To avoid making every decision yourself, you must teach your staff your decision process: how you gather data, how you identify alternatives, and what values and principles you apply. Without this empowerment, you can't trust your organization to "do what's right" without your micro-management.
Victories are the milestones along the way to the vision. They can be small (a feature added to an existing application), big (ERP installed), or external (collaborative forecasting). They can be at the start of a project ("We got the money!") or at the end ("System is up and running!"). Whatever they are, celebrate them! --Wes Melling
Humayun Beg, TAC Thought Leader, has more than 18 years of extensive experience in business IT management, technology deployment, and risk management. He has significant experience in all aspects of systems management, software development, and project management, and has held key positions in directing major IT initiatives and projects.
Beth Cohen, TAC Thought Leader, has more than 20 years of experience building strong IT delivery organizations from both the user and vendor perspectives. Having worked as a technologist for BBN, the company that literally invented the Internet, she not only knows where technology is today but where it's headed in the future.
Wes Melling, TAC Expert, has more than 40 years of IT experience with a focus on enterprise IT strategies. He is founder and principal of Value Chain Advisors, a consulting boutique specializing in manufacturing supply-chain optimization. He has been a corporate CIO, a Gartner analyst, and a product strategist at increasingly senior levels.