A few weeks ago I got together with a couple of my now-retired CIO friends. These are the IT leaders from whom I learned the most when I was first promoted to a CIO role. One of them retired around eight years ago and the other just over five years ago.
As I was catching up with my friends on what drives my decision-making these days, on the constraints I encounter, the pace of change and my high-priority initiatives, it was clear that my role models of yesteryear were a bit shocked, even incredulous.
They were shocked that I was so focused on areas outside the purview of the traditional CIO roles and responsibilities. They were surprised, for example, that I was developing software products that our customers now use. And they were incredulous when I told them how many workloads and applications I had moved to the cloud.
These two sharp, former CIOs had kept up with the major moves toward SaaS, PaaS and IaaS. But they were a bit alarmed that someone they had mentored and "raised from a pup" had so fully embraced private, hybrid and public cloud.
They grilled me on how I was dealing with cloud risks. Wasn't I worried about security? Wasn't I worried about losing my internal expertise? Wasn't I worried about becoming dependent on a cloud providers and then having them ratchet up my costs?
I assured them I was the same thoughtful (I believe), mostly risk-averse IT leader they had trained. I was not trying to be trendy. I've never been one of the cool kids -- compelled to do the IT equivalent of the popular thing. I explained the market trends and dynamics driving my actions. I articulated my higher level goals and described how my short-term actions address our current needs, while keeping our future options as open as they can possibly be.
Speed, uncertainty redefine CIO roles
Now, a few weeks later, I continue to mull over the why of my approach to the cloud and how to explain this to the world. So, here goes:
Deep in my being, I believe that the two most important concepts in my IT life are speed and uncertainty. Everything today moves at the pace of technology and that pace is fast and accelerating. Because things are moving so fast, the future is wildly uncertain. Who knows what life will be like in six months or a year or two years? So, I need to move fast -- but in which direction?
In my mind, these two parameters -- tremendous speed, great uncertainty -- have reshaped CIO roles and responsibilities. And they define my approach to IT life, as follows:
First, I need to identify just a few areas in which my team and I will specialize. Things are moving too fast for me to be the master of everything, so I must pick just the few things that I will master. In a perfect world, these few things align with how my organization creates competitive advantage. Second, I need to expect that everything I have today might be replaced by something else. With so much uncertainty, I cannot lock into anything and so mine should be a world of loosely-coupled services and systems.
My big private, hybrid, public cloud strategy
All right. That is enough preamble. Here is how we make it real:
1. We have moved a number of what were internal applications to SaaS offerings.
Why? Let's look at our decision to move CRM to the cloud. Our on-premises CRM was an invitation to make customizations and enhancements that eventually required the support of two software engineers. I don't want to specialize in CRM customizations and so we implemented a zero-customizations instance of a market-leading cloud CRM. That freed up my two CRM engineers to work on software products that define my area of specialization -- software that moves the needle in the lives of our customers. I have done the same with my contact center and digital marketing applications and, in turn, focused my team on what matters most to our customers.
2. We shut down our on-premises data center and moved into a managed data center.
Why? To better define our areas of specialization and, even more importantly, to be loosely coupled. In the first phase of this move, we moved our hardware to the managed data center. Since then, as it came time for hardware refresh, we have moved our services to someone else's hardware -- we have thus separated our systems from hardware and so can move around those services as needed. To do this we had to get really good at things like virtualization and orchestration (but those sound like good areas for specialization), as well as modernization. Modernization required us to separate our data layer from our business logic layer and our user interface layer from our business logic layer. But doing this has "loosely coupled" the most important elements in my stack. We still have a way to go, but it feels good to be less and less a hostage to the decisions of others. If my database provider implements a price increase, I can migrate to a different database product. If my CRM provider veers off-track, I can implement with a new provider.
3. We have adopted a more mature (less personal) approach to security, reliability and scalability.
I decided a long time ago that any decent cloud provider has to be a lot better at security, reliability and scalability than I am. Why? If a cloud provider has a data breach, they are out of business and their loosely coupled clients will move to a different provider. If my systems have a breach, it is painful and I might lose my job, but my business will likely survive. And it will probably be no more inclined to invest in security, reliability and scalability than it was before the breach. For cloud providers, security, reliability and scalability amount to mission-critical specializations -- the best I can hope for in these areas is to be a generalist.
That sort of sums up what I told my two retired CIO friends -- we are private, hybrid and public cloud users and are trending first toward hybrid and public cloud and then only public cloud as we and the providers mature. By the time I retire my mentees might wonder why I ever did anything as old-fashioned as private and hybrid cloud.
Recent columns from Niel Nickolaisen:
Humans will always sabotage security -- deal with it
AI has come a long way since 'Moneyball'
Finding IT agility in the OpenStack platform