As with just about any area, IT is a discipline subject to fads and memes, “received truths” that seem to arise in the press or the blogsosphere and then ricochet around the echo chamber until they sound plausible even to skeptics. A number of these roll across my Twitter stream every day. But one such meme rises so high to the top that it has to be the sole focus here. And that is the much-repeated “death of the CIO” meme, coupled as it is currently with dreamy visions of the world brought to us by the consumerization of IT and the cloud. They’re all linked, at least in many pundit eyes.

Here’s the gist of their argument: users can go out and get their own technology now; they don’t need IT to do it for them. End-users are now IT-savvy, and can fend for themselves.They’ll bring their own devices (BYOD); they don’t need or want IT to provide devices for them. They’ll procure the services they need and want from the various SaaS offerings in the cloud or from outsourced vendors, and they’ll handle it all themselves.

All this ultimately gets not only expressed as the question of who needs a CIO anymore, it goes even further: who needs an IT department at all anymore? Says one article, “If IT does not provide the end user with the infrastructure they need, the latter can rent it, by the hour or month from companies like Rackspace or Amazon… All you need is a credit card and no approval from IT.”  Other CIO “thought leader” articles feature astonishing blanket statements like, ”With the consumerization of IT, consumers can create value for themselves and the enterprise, using technology that costs the enterprise nothing.” And people even take this so far as arguing that the CIO at this point should just leave technology up to the VARs.

Let me be clear once again: this frequent linking of cloud and IT consumerization to the looming demise of the CIO and IT is not just misguided, but actually gets it completely backwards. In fact, I argue that IT consumerization and the cloud will actually elevate the importance of IT within a company, as both a service and a strategic focus.

Let’s list and then discuss some of the ways that combining these memes (IT consumerization, cloud, and the ensuing heralded death of the CIO) falls down when measured against common sense and reality:

• It fails to understand the full range of what a CIO (or IT) actually provides for modern-day companies
• It fails to recognize the profound pitfalls of a decentralized and fragmented approach for company systems and technologies
• It erroneously equates IT consumerization with the BYOD trend, missing the larger important picture that underscores the strategic need for IT
• It misunderstands the interplay of commoditization and competitive strategic advantage

What IT provides

People who see the CIO’s role diminishing or IT even vanishing altogether don’t seem to understand the full range of the CIO’s responsibilities, and the importance of more, not less, technology stewardship as system access broadens. They somehow seem to view the CIO and IT predominantly as the folks who keep the servers running. If we have no in-house servers etc., they reason, why do we need IT? But, as someone recently and eloquently said, that’s like viewing the job of the parent as being the one who drops the kid off at school every day.

Face it: it’s not technology alone, the bits and bytes and systems and wires, that’s the hard part when it comes to leveraging technology itself to provide value to an enterprise. Rather, firms desperately need someone, at a suitably high level in the organization, to actively shepherd the business prioritization, integration, implementation, outsourcing, and articulation of value when it comes to complex, technology-based undertakings: that’s the hard part. That part won’t go away. That part will never go away.

What it means for IT to be a service organization

Yes, IT needs to be a service organization to the rest of the company. But, pundits complain, often it isn’t a very good one, or it’s too expensive, or often it focuses so much on being a service organization that it doesn’t get perceived anymore as adding much value beyond that service. And as those services become readily and cheaply available elsewhere, and users more sophisticated in technology, it’s easy to jump to the conclusion that IT is no longer necessary, and many do just that. But that leap reflects a kind of tunnel vision about IT’s role.

Many IT pundits can’t seem to recognize two simultaneous truths: IT needs to be a strategic value-add; and it needs to be a key service to the company when it comes to getting things done, reliably. When things don’t work: people need help. It doesn’t matter if we have cloud or BYOD or the upcoming Apple IT telepathy product; users will still need help. But realize that the day-to-day work of helping users is actually not the major role of IT in any non-trivial modern-day firm: even before the days of BYOD, administering desktops and laptops, while important, was one of the relatively minor services provided by IT. Even if that aspect of the work disappears entirely in this brave new cloud-driven world, we’re left with everything else: the hard part of making things work together, support business changes, and so on. And tackling the hard part is actually the key IT service to the organization.

Because sure, maybe people can now administer their own devices and procure their own systems in the cloud. But then, often without having planned or anticipated it, it turns out they need those systems to talk to one another. Then they need to worry about changes and versions and backups and downtime. All the simple stuff about cloud and BYOD works just great, but only while it’s still simple. As Marc J. Schiller puts it, tech-savvy business users ”don’t have the time or the inclination to work through all of the nitty-gritty details that are required to ensure that the systems they are putting in place do, in fact, collect and integrate data with other corporate resources. They don’t have the time or the expertise to evaluate the information integration and interface requirements a particular system may create. And they certainly don’t want to be on the hook for all of the data security and regulatory compliance issues that are growing by the day.” In other words, we’re left with the hard part, the messy part, the part that someone needs to figure out holistic, long-term answers to.

That won’t go away. That will never go away.

The pitfalls of IT fragmentation

Stop for a moment and realize that the argument that the “cloud and IT consumerization will lead to the death of the CIO” pundits are making amounts to this: that in an IT world that is becoming staggeringly more complex, with ever more options and an accelerating rate of change, we somehow no longer need skilled IT management to manage that transition carefully. How can that make sense to anyone?  As MIT’s noted IT researcher Jeanne Ross pointed out recently, companies already tend, in terms of their systems, to “let everybody decide what’s most important for their part of the business. The usual result is a tangled mess of IT system architecture.”

The answer to this dilemma can’t be dispensing altogether with IT-specific leadership and hoping for the best. Dell CIO Robin Johnson wrote a piece last fall that described the pitfall of balkanized decision-making amid burgeoning complexity: Dell wanted to add a new payment type to its web site, but had different systems in every region, ten separate customer databases, etc. The estimate simply to add this one new type came in, staggeringly, at a year. Picture, then, pushing for a world where every line of business has made its own technology decisions, not just with no unifying presence of leadership, but with the avowed philosophy that IT leadership is actually no longer necessary at all. Scream with me, now.

Why the IT consumerization trend increases the need for skilled IT leadership

And the scale of such problems is increasing. Rather than IT consumerization consisting mostly of the identified BYOD dilemmas (which are important, of course), Bernard Golden points out, “Consumerization of IT isn’t about employees using consumer devices; it’s about consumers becoming the primary users of internal IT applications.” The ensuing greater volume and variety of application access, as consumers tap into what used to be internal IT systems from every conceivable device and geography and time zone, has huge implications for companies, their organization, their architectures. As we face this very real trend, and the resulting even greater requirements for system cohesiveness and robustness, it is hardly the time to opine that IT leaders are now extraneous.

Finally, let’s talk a bit about IT becoming a commodity. That’s nothing new. A company that had a great custom financial system used to (perhaps) have a competitive advantage, until such systems were commoditized by the advent of ERP. Commoditization of a technology means that that it can no longer provide much of a competitive advantage, other than through superior execution. But every time something gets commoditized, we are able to “move up the stack” in abstraction: we can now focus on reaping value from other, higher-order things that can’t (yet) be commoditized. If you’re using technology that’s available to everyone, off the rack, you have no differentiator, and no competitive advantage.

Pundits argue that since some key technologies are now a commodity, we no longer need a CIO to handle them. But I’d turn that argument around: that’s precisely when you do need a CIO, to rise above the commodity level and figure out how to leverage technology for competitive advantage and business value. And the way to do that means using something other than technology that’s available to everyone, just off the rack. You want a differentiator.

So, get rid of the CIO because some technologies have now become commodities? You might as well posit that since we now have drugstores, there’s really no need for doctors anymore.

Or with a different spin, there’s an old joke about a small child who observed brightly, “We don’t need the farmers anymore; we just go to the grocery store instead!” That’s a true-but-false statement if there ever was one. Ponder those two analogies, and consider how IT represents both the farmers and the doctors. And that the need won’t go away.

Lagniappe:

• Christina Torode, “IT consumerization rules in the hands of the business”, September 11, 2011. http://itknowledgeexchange.techtarget.com/total-cio/it-consumerization-rules-in-the-hands-of-the-business/
• Greg Chase, February 15, 2012. “Pondering at SAP Inside Track Palo Alto: Has Cloud Computing Made IT and the CIO Unnecessary? “ http://blogs.sap.com/cloud/2012/02/15/pondering-at-sap-inside-track-palo-alto-has-cloud-computing-made-it-and-the-cio-unnecessary/
• Nick Heath, January 27, 2012. “Time to shut up about the death of the CIO”. http://www.silicon.com/management/cio-insights/2012/01/27/time-to-shut-up-about-the-death-of-the-cio-39748428/
• Steve Romero, February 1, 2012. “Time to End the Claims of the ‘End of the CIO’”. http://www.itgevangelist.com/blog/2012/2/1/time-to-end-the-claims-of-the-end-of-the-cio.html
• Alan S. Cohen, February 4, 2012. “An Arab Spring for IT”. http://techcrunch.com/2012/02/04/an-arab-spring-for-it/
• Bernard Golden, August 12, 2011. “Cloud CIO: What “Consumerization of IT” Really Means to CIOs”. http://www.cio.com/article/687931/Cloud_CIO_What_Consumerization_of_IT_Really_Means_to_CIOs
• Marc J. Schiller, October 31, 2011. “The Role of the CIO: Why You Deserve to Be Demoted”. http://www.cioinsight.com/index2.php?option=content&task=view&id=884844&pop=1&hide_ads=1&page=0&hide_js=1
• Robin Johnson, November 2, 2011. “Why Today’s CIO Must Foster IT Agility”. http://www.cio.com/article/693052/Why_Today_s_CIO_Must_Foster_IT_Agility

I’ve written before about how I value Twitter’s ability to fine-tune one’s personal information gathering, selecting people to follow who, over time, prove to be the most useful, interesting, and stimulating. I commonly refer to the people I follow as my “personal Algonquin Round Table,” in homage to the well-known literary group of the 1920s.

More simply put, though: I value Twitter because I fundamentally believe in consulting others, picking their brains, observing what they find useful or funny, enjoying their (often differing) perspectives, and learning as much as I can from them.

To my frequent surprise, however, this basic belief in the value of consulting others turns out not to be universally shared. In fact, it can even be scoffed at. That disconnect came glaringly to light recently in the aftermath of the death of Steve Jobs. Basically put, the burgeoning legend of Steve Jobs rests in large part on how, in his path to multiple successes, he fundamentally rejected the value of consulting others.

Particularly in the days immediately following Jobs’ death, an incredible spate of adulatory articles and posts emerged, lauding this legendary refusal to compromise (“Machines and robots were painted and repainted as he compulsively revised his color scheme” ), his attention to the most minute of design and implementation details, his insistence on molding every aspect of his company’s products and culture.  It was widely quoted how he scoffed at the idea of focus groups and obtaining user feedback:

I had the good fortune last month to be invited to participate as a guest CIO on ITSM Weekly, a great IT-related podcast with the amusing ongoing tagline, “What happens when a CIO, a Service Desk Manager and an industry junkie chat weekly?!”

Amidst the discussion and banter, Chris Dancy of ITSM Weekly gave me a bit of a ribbing about what he perceived as my all-too-common anti-QR-code rants on Twitter. And yes, I have tweeted more than once with outright skepticism about the usefulness and likely impact of QR codes.  Chris’ good-natured needling made me step back and think about why: what exactly makes me so resistant to the notion of QR codes?

And the answer runs deeper than just QR codes per se.  It turns out, as I thought about it, that the story surrounding QR codes represents, for the modern CIO or CTO, kind of a horrible blend: the worst aspects of technology advocacy, combined with the worst aspects of marketing.  This post is an attempt to explain those broader implications.

For those (probably many) of you who don’t really know what QR codes are, look at the upper right of this post to see an example: they’re a two-dimensional barcode of sorts, typically consisting of black modules arranged in a square pattern on a white background.  QR codes can encode all sorts of information: text, a URL, or other data, and they are typically read/decoded by smartphone applications that are readily and freely available on most mobile platforms.

QR code enthusiasts envision people walking up (for example) to the door of a restaurant, using their smartphone to scan the code displayed in the window, and, well, getting any number of potential outcomes on their screen: a menu, a coupon, a URL, a pointer to a video about the place’s history, etc. In fact, in some countries like Japan, QR codes are everywhere, used for these and many other business situations.

From a technical point of view, it’s indeed really cool that this Rorschach-worthy splotch can be instantly converted to text or other information. Depending on the specific format (yes, there are several divergent standards) and on the nature of the content, as many as 4,296 alphanumeric characters can be contained in one of those splotches. That corresponds to roughly 700 words, or almost three typical pages of ordinary text. That’s a lot of information available at a smartphone glance, so to speak.

So what’s my beef with all that? What’s not to like? Two aspects particularly rankle me as an IT executive:

• It smacks of technology for technology’s sake. Most great CIOs I’ve known have spent a lot of their career pushing back against being typecast as a mere technologist; most of them recognized early on that the way one adds value to a company as a technologist is to get deeply steeped in the business ins and outs, especially customer and financial aspects, and to apply technology appropriately, not just because it’s “cool.”

So sure, QR codes are “really cool” technologically. But are the business use cases really there? Will customers, in numbers, actually go the extra mile of seeing that splotch and feeling motivated enough to pull out their phone and scan it? Personally, I’m an early adopter of and avid experimenter with new technologies (especially when they’re free and widely hyped, as is the case here), but I have scanned fewer than ten QR codes ever. For many advocates, I fear that the coolness (and granted, the potential) of the technology is making them overestimate the probable acceptance of that technology by the masses.

• Excessive hype.  Aside from applying a basic “sniff test” to the breathless, even giddy posts pertaining to QR codes, I’ve noticed that many such posts and even press releases quote surveys and reports on the supposedly major acceleration in QR code penetration here in the US. (Sample purple prose in one such report: “QR barcode use has suddenly gone ballistic.”)

The surveys themselves, and the reports based on data taken from those surveys, are visibly flawed.

If you dig into these posts and reports, it turns out nearly all the data cited stems from a mere handful of companies (ScanLife, JumpScan, and Mobio Technologies, Inc.), all of whom, wait for it, just happen to market QR-code related products! Can you say “conflict of interest”?

Moreover, the surveys themselves, and the reports based on data taken from those surveys, are visibly flawed, chock-full of statistical and methodological red flags:

• the reports almost invariably feature graphs that lack Y axis labels, or that are labeled (for example) as “no scale given; relative measure only.”
• The reports often combine data for all bar code scans (including UPC (conventional) barcodes, which are of course a far more plausible and prevalent use case, due to the abundant comparison-shopping apps that people use in bookstores etc.), and then use that data to infer QR code usage. One survey evidently asked the general question, “Have you ever used a barcode scanning application?” And the data then obtained from the answers to that general question now leads QR code advocates to conclude (erroneously) that “while QR codes aren’t mainstream yet, they’re past the early adopter phase.”
• There’s seldom an attempt made to take into account one key factor in the increase in barcode scanning: the meteoric rise in smartphone penetration overall. A rising tide lifts all boats, and even if we’re seeing an increase in QR code scanning, that needs to be taken in the context of millions more smartphones being sold per month.

Finally, in a particularly delicious example that Darrell Huff would be amused by, ScanLife shows a graph comparing 1D (conventional) barcode scans with 2D (QR code) scans, favorably to QR codes, of course. Well, read the fine print under that graph: “Note: 2D traffic includes 3rd party apps while 1D traffic is only sourced from the ScanLife app”. Apples are being compared to oranges here, in other words. Vested interest. When data is presented in so obviously skewed a fashion, by people with a clear commercial agenda, one has to wonder whether it’s really all part of a sales job.

And the reports also don’t even begin to address a potential major factor when examining such data at this stage: what percentage of people scanning QR codes are doing so right now simply out of the sheer novelty of it all? As Steve Smith observed, “we are still in the gee-whiz stage of 2D codes”. Will this phenomenon have legs, so to speak?

So let me recap my main concerns about the QR bandwagon:

• Even relatively widespread adoption (which QR codes have yet to see, of course) of a great new technology by technophiles doesn’t guarantee eventual deep penetration to the mass market. That should be obvious to anyone who isn’t running a Linux box for their desktop.
• Will a critical mass of non-technical people (say, those who couldn’t manage to set the time on their VCRs back in the 80s and 90s) really tend to whip out their smartphone and scan QR codes in profusion? Maybe, but right now it’s just a matter of opinion.
• Will there ever be enough “bang for the buck” with QR codes (i.e., investment of time/money versus benefit obtained from using them)? Even as an early adopter, I’ve scanned fewer than 10 QR codes ever, because there was never sufficient payback for my effort. And for the retailer or marketer: will QR codes really pull more people in the door, or is it just another gimmick? Where’s the data? (the real data, that is). Even in museums (one plausible use case mentioned for QR codes), I can envision only the highly motivated museum-goer as likely to indulge in QR code scanning.  It’s technology for a very narrow slice of the audience. It may be worth doing for that slice, sure, but let’s not go overboard in our excitement or our investment.

Back in the late 90s, several companies invested millions of dollars promoting what amounts to an earlier version of this scheme: specialized barcodes published in magazine ads, designed to be read by a “CueCat” scanner which they distributed broadly, for free, to people like Radio Shack customers and Wired magazine subscribers.  It failed miserably. In December 2009, the popular gadget blog Gizmodo even voted the CueCat the #1 worst invention of the “2000s” decade.  Yes, now we have smartphones and don’t need to obtain special equipment, so that gives QR codes an advantage that CueCat didn’t have. But still, it gives me pause that QR codes are being promoted with much the same zeal, and perhaps with similar blinders as to the true practicality of the technology. It’s déjà vu all over again: endless hype, plus technology pursued without solid practical reasons to do so: these are, and deserve to be, twin bugaboos for any technology executive.

And that’s why I express skepticism about QR codes on Twitter.

Lagniappe:

Opinion:

• Hamilton Chan, “Why QR codes will go mainstream”
• Oliver Williams, “Why isn’t everyone using QR codes?”
• Heidi Cohen, “QR Codes Are Here to Stay [Data]”
• Dan Frommer, “Death To The QR Code”
• Steve Smith, “Down the QR Code rabbit hole”
• Dan Neumann, “RIP: Why We Don’t Need QR Code Campaigns”
• Dan Neumann, “2D Barcodes: You’re Doing it Wrong”

“Data”:

• Veselin Nedeff, “QR Codes Usage Stats for the First Half of 2011”
• Veselin Nedeff, “Global Growth in Mobile Barcode Usage – Q1/2011”
• Veselin Nedeff, “QR Code Scanning Now Mainstream in US Retail”
• Mobio Technologies, Inc., “The Naked Facts: QR Barcode Scanning in 2H-2010”
• Mobio Technologies, Inc., “The Naked Facts: Whiplash Edition. QR Barcode Scanning in Q1-2011”
• Wayne Sutton, “The QR Code Statistics you have been looking for – infographic”
• Heidi Cohen, “QR Codes: 26 MUST-HAVE Facts [Data & Charts]”

• Caron Carlson, “A novel look at the CIO’s need to lead”

• Elliot Ross, “Book Review: Haunting The CEO”

Novels are harder than most technology-oriented people typically realize. The backbone of a good novel is character development, meaning that the character learns and grows — which makes it easy for especially amateur novelists to start off with a character who is, frankly, little more than a one-dimensional dolt. This is an even more dangerous pitfall when it’s a “novel of IT”: the temptation is almost unavoidable for the author to create as protagonist a stereotypical technology leader, clueless as to what is really important or how to be effective, who is then gradually enlightened by wiser individuals as the novel progresses.

There are three IT-related novels I’m aware of, all relatively recent, that fall essentially along those lines.

• fruITion: Creating the Ultimate Corporate Strategy for Information Technology, by Chris D. Potts
• Adventures of an IT Leader, by Robert D. Austin, Richard L. Nolan, and Shannon O’Donnell
• Haunting the CEO, by John Hughes

All of them are worth reading, but I had majorly different reactions to each. While I’d intended to cover all three in one blog post, the complexities involved in discussing the first, very problematic example have led me to divide this discussion into more than one post.

Not everyone is a fan of fiction, though: why read any of these novels? In my view, the veneer of fiction, of semi-realistic dialog and interaction among the typical players in business-IT situations, promises a degree of engagement and entertainment, as well as the chance to obtain a deeper understanding of how and why the involved parties interact they way they do. Ultimately, I’d want such a book to provide me with insight, in a “show not tell” kind of way, into what motivates the typical players in these business scenarios, and to depict a healthy growth of character and role that lets me understand my own situation and how better to foster collaboration, synergy, and business effectiveness. Beyond the superficial, the events of a novel and the utterances and interactions of its characters can eloquently illustrate various approaches and philosophies, often more forcefully and meaningfully than would a straightforward treatise.

As a CIO, I’d want to be able to hand the novel to my CEO or CFO.

In fact, a fundamental purpose of quality fiction is to enable the reader to live and understand another perspective. So primarily, I would want such a “novel of IT” to help all factions (inside and outside IT) come to see the other side’s perspective and arrive at deeper understandings of common problems and disagreements. Otherwise, it’s sheer polemics. As a CIO, I’d want to be able to hand the novel to my CEO or CFO and have everyone’s reading of it help us find common ground in how we approach our goals.

(One small aside: before I begin, I should note that none of the novels I’m going to cover can compete, as artful fiction per se, with what I consider to be the best IT-related novel: Ellen Ullman’s The Bug. Unlike the three novels I will cover fully, The Bug is intended primarily as art, not as a fictionalized essay designed to make points about how to run IT. Highly recommended.)

Let’s start with FruITion, by Chris D. Potts.

This book, which has been generally praised, depicts itself as essentially contrarian, as describing “what happens when corporate strategists decide to ignore all the IT strategy orthodoxies.” It’s meant to reveal “indispensable messages about the next generation of strategies for information technology,” as one of the blurbs on the back has it. The key distinguishing feature of the book, arguably even underscored by the implications of the photo on the cover, is that it’s intended to turn the conventional view of IT on end.

Well, I’m going to be a contrarian to the contrarian. Simply put, I think the fundamental thrust of the book is wrong-headed, divisive, lofty, unnecessarily diminishing of the importance of the role that IT plays in a business, and ultimately not helping disagreeing factions find common ground, or showing useful ways that IT can truly provide value to business.

As Twain famously said, history may not repeat itself all the time, but it sure does rhyme a lot. Or, as Yogi Berra said, “you can observe a lot just by watching”. Or, in Potts’ own words, “the language you use is taken as evidence of your mindset.” And, just by carefully watching the interactions and language in FruITion, my unavoidable observation is that Potts’ mindset is particularly, astonishingly, and blatantly ill-disposed towards IT.

Ian, the protagonist and first-person narrator and CIO, is a straw-man-stereotype kind of IT person. He’s tentative, focused on technology, set in his ways, reactive, defensive, a bit paranoid. Conversely, the novel presents the non-IT executives (the CEO and her delegates) as wise, fast-thinking, and a bit mysterious in their uncanny insights into what’s not working. They’re a little inscrutable, and more than a little threatening: Ian is constantly fretting about whether he’s about to be sacked, and the strategists are constantly making subtle and not-so-subtle references as to whether or not he’s “getting it” and whether he’ll even be around for the next go-round.

It’s “us vs. them,” in other words, in spades. Ironically, one character, presented as particularly insightful, is introduced positively as being “fed up with the ‘us and them” and ‘we know best’ attitudes of some IT people towards the rest of the company.”

Yet IT is presented mainly in the negative (indeed, with disdain) at every turn.

Yet IT is presented mainly in the negative (indeed, with disdain) at every turn, characterized repeatedly and triumphantly as “delivering no value on its own”, and it’s emphasized that “no one values what IT does.” Everyone else in the novel sees things clearly except for the IT people, who “execute their strategies at arms length from everyone else rather than by collaborating.” In one characteristically heavy-handed moment in the novel, Ian’s “IT Strategy Manager” views with excitement the chance to participate in a key software vendor’s new beta release: “It could change our whole strategy,” he enthuses, not realizing how narrow that statement shows his notion of strategy to be.

Face it, we’ve all known people in IT that exhibit those small-picture tendencies. But I don’t believe that it’s useful or accurate, in this day and age, to trot out such stereotypes and thereby blast the entire discipline. One “strategic” character in the book even tells Ian, “we want you to break loose, join the gang, help us turn the tables on those bastards in IT.” In the end, Ian escapes (ascends?) into this strategic realm, away from IT, but all the future pesky technical decisions are then relegated to a Technical Services Manager whom they elevate to “CTO,” and whose stated job it is “to get the IT we wanted to use delivered reliably well, economically, at an acceptable level of risk, and with economies of scale and synergies. Nothing else.” Simple, eh? (Note the amusing similarity of this new “CTO” role to what the role of the CIO was also thought to be, way back when. As the old joke has it: from here, it’s “turtles all the way down”).

In essence, it’s “technology bad, strategy good”: this novel presents an overly simplified, frankly offensive, and ultimately detrimental dichotomy. The book seems, quite intentionally, to consider current-day IT as a mere exercise in procurement: “All in all, our people now know enough about IT and how to use it not to need an executive to make those decisions for us. All we really need is someone who can source the IT services we want to use.” Really? We know what we want; IT just needs to get it for us. Order takers. How many years/decades ago did we all collectively figure out that that’s a counterproductive approach?

In short, if there’s any book that actually fosters the “us vs. them” rift that’s too often characteristic of how IT fits into a company, this would be it. It’s simplistic, dismissive, lofty, and ivory-towerish; in the end, despite its contrarian nature, it delivers next to no new practical insights. And one sad aspect of its dismissive nature: those who point out its failings will almost certainly be accused by its proponents of “not getting it.” (Witness this review of Chris Potts’ interview with Claudia Imhoff). I think I “get it” quite clearly, though, and I simply reject it as misguided, naive, and ultimately counterproductive to the needs of a modern organization.

Next up: two more novels of IT that I believe show a (much) more even-handed, useful, and insightful approach.

Lagniappe:

• Colin Beveridge. Book review: Fruition. http://www.colin-beveridge.com/index.php/book-review-fruition/.
• John Gøtze. FruITion. http://gotze.eu/2008/08/29/fruitio/.

Yes, it’s déjà vu: certain topics crop up again and again on IT-related blogs. The age-old question: does a CIO really need to have IT experience?  I’ve touched upon this before, here and here, but it’s time for a full column covering the standard arguments posed in this debate.

I’ve gone through every article I can find on this topic (most of these are listed at the end of this post), read all the associated comments, and culled out the arguments that are typically cited in support of a CIO’s ability to be successful without IT experience. These are:

• A non-technical CIO can surround himself with a capable team who can support him in all technical matters
• It’s the ability to lead that’s really needed, whereby the issue of technical capabilities becomes secondary
• After all, there are some successful business CIOs without technical background
• Even supremely technical CIOs have been known to fail
• Considering today’s rapid pace of change, past IT experience can be a hindrance to many CIOs today as often as it is a help: that experience can make a CIO “unduly resistant to the possibilities.”

As I looked at these arguments, though, I found them all strangely uncompelling. I felt truly puzzled: how could anyone argue vehemently in favor of a lack of experience as a job qualifier, for anything? But as I thought about it, I realized it’s a matter of basic definitions. As in so many debates, this topic has been seriously hampered by many parties failing to define clearly the basic terms: what does “IT experience” or “technical” mean, and what does it mean for a CIO to “be successful”? Without a clear and common understanding of what is meant by those phrases, advocates on both sides tend to drift into “straw man” postulates, where they reach a strong and usually quite self-righteous position based on divergent definitions.

Let’s look at what could be meant by “does a CIO need IT experience”, or, as it’s sometimes phrased, “does a CIO need to have a technical background.” These two things are usually conflated, but they are not the same. “Technical background” seems to usually mean academic qualifications: e.g., a Ph.D. in computer science, or at the very least, deep, low-level understanding of bits, bytes, protocols, APIs, etc.  “IT experience”, on the other hand, may be garnered through years of working on either the development or operations side of information technology, and may have involved relatively little purely technical activity. It’s easy for any given individual to have a great deal of one and not the other. But it should be noted that having more of the first (technical skills) doesn’t substantially improve your ability to cope with CIO-level issues, while having more of the other (IT experience) most certainly does.

What about the notion of a CIO being “successful”? What does that mean? Length of tenure in the position (not getting fired)? That seems like a dubious yardstick. Almost any industry veteran is aware of instances where highly competent CIOs have been let go due to political shifts within a company (e.g., advent of a new CEO), or retained for similar reasons despite questionable performance. Does it mean, perhaps, having measurable achievements? These too often depend on perceptions and political whims: a CIO can, for example, “successfully” roll out a system which works exactly as designed but fails to deliver hoped-for benefits.

A more meaningful definition of success, to my mind, is when a CIO can mobilize both his team and the company at large to obtain measurable value from the investments it is making in technology, and, moreover, gets that team demonstrably exercising continuous improvement in its processes and products. CIO success is not just about sticking around in the position; it’s not just about rolling out systems and supporting an infrastructure. It’s the impact on company results that matters.

If a given debate on a CIO’s necessary background assumes one set of definitions for these key facets, it’s easy to have the resulting arguments and conclusions dismissed out of hand by people who hold different definitions. And often, participants in the debate don’t even recognize the root of their disagreement: that they’re using the same terms for quite different situations.  In reality, they may agree more than they differ.

A CIO must have a good amount of IT experience (not necessarily specific technical skills) to be successful.

So using the definitions that I think are meaningful, as outlined above, my answer is that a CIO must have a good amount of IT experience (not necessarily specific technical skills) to be successful. (Note that citing that there exist occasional anecdotal exceptions to this, aside from depending on a usually unprovided definition of “success”, may be interesting but isn’t necessarily useful; Steve Jobs and Bill Gates both dropped out of college and still achieved prominence and prosperity, but they’re not examples one would logically use to formulate a general rule about the path to becoming CEO of a multi-billion dollar corporation).

Being a CTO/CIO is not about technology — I’ve stated that consistently, starting with my very first blog post. It is, however, about leadership and experience. The notion of an individual able to provide outstanding leadership but lacking a solid foundation of related experience doesn’t fly well in any situation or arena I’ve ever seen. Time and again, I’ve gone into turnaround situations at companies where IT matters have been completely bungled by having no CTO/CIO or otherwise inexperienced IT decision-making.  Bart Perkins’ recent excellent piece points out numerous specifics of what happens when there’s no CIO at all: business unit-centric decisions, standardization impasse, lack of new enterprise applications due to business unit parochialism, factionalism, and decreased economies of scale. I’d extend that: many if not all of those same situations tend to occur even with a CIO on board, if that person is inexperienced and thus unaware of these IT-specific pitfalls.

So again, my answer: to be a good CIO you don’t need to know, necessarily or specifically, what a left outer join is, or be able to reel off the seven layers of the OSI network protocol stack. You don’t need to know, necessarily or specifically, the difference between Java and JavaScript or to be able to have your way in either vi or emacs.  But, you’d better understand deeply the basic roles that IT elements play, how processes fit together to provide business value, and where the pitfalls may lie as your team goes about that fitting together.  You’d better be in position not to be easily swayed by a slick vendor or even a convincing pitch from one of your senior lieutenants; part of your job is to know when to push back. And that judgment comes from experience, not from some innate abstract leadership ability alone.

After all, IT changes radically every few years, and specific technical knowledge is of fleeting value in and of itself.  Only actual work experience, grappling with juggling priorities, making tradeoffs, and satisfying multiple constituencies, tends to teach people how to maximize the value from IT-related investments made by the company.  And there aren’t any true shortcuts. Again, the saying applies that I’ve cited here before: “good judgment comes from experience.  Experience comes from bad judgment.”

Lagniappe:

• Nick Lansley, “Are the best CIOs from non-technical backgrounds?”
• Arun Gupta, “Are the best CIOs from non-technical backgrounds?”
• Chris Curran, “Can a CIO be Successful Without IT Experience?”
• Kate Bulkley, “Will your next CIO be a non-techie?”
• Scott Wilson, Can a CIO be successful without IT experience?
• Michael Fisher, “How Technical Should The CTO Be?”
• Richard Hunter and George Westerman, “Should Your Next Job Be CIO?”
• Chris Curran, “CIO Background Check: IT Experience Mandatory?”
• Thomas Pelkmann, “CIOs müssen keine Ahnung von IT haben” (in German)
• Bart Perkins, “The Fortune 500′s disappearing CIOs”
• John Julius Sviolka, “The #CIO: The duck billed platypus of the C-suite”
• Sharon D’Souza, “CIO career query: Does your background make or break it?”

Oil and water? Some days, the disconnect between stakeholder expectations and IT capabilities (and sensibilities) seems staggering.

“System availability was 99.83% last month!  That’s up from 99.75% the previous month!”

Sounds kind of good, no? I mean, that’s a high number, right? Right?

Actually, no.  It’s not a very useful number, in and of itself. In fact, I regard the publication of uptime metrics like that as a regrettable symptom of IT focusing on technical aspects, rather than business impacts.  Here’s a discussion of why I see it that way, followed by a presentation of an alternative focus providing much more business value.

So, what’s wrong with a time-honored metric like “the system was 99.83% available”?

• The number is deceptive. Few people can mentally translate “99.83% availability” into a more meaningful real number, such as “system was down for 1.3 hours last month.”  Even fewer can tell you the real difference between 99.3% uptime (also sounds pretty good, right?) and 99.8% uptime.  Both 99.3% and 99.8% look (to the vast majority of business people) at first glance like pretty good numbers for uptime, but the first represents more than three times the number of “down hours” of the second.

• The number is ill-defined. It begs the question of what’s considered down: what if the system is just somewhat degraded in performance? Who decides that it’s down? Who declares that it’s back up? We’ve all seen situations where a technician will insist the system is up, even though no one is able to access it or get sufficient performance to actually use it.

• The number is often not comprehensive in what it includes. Most notably, many shops don’t count scheduled maintenance as downtime when calculating their uptime metric.  When you don’t count scheduled maintenance, you’re ignoring potentially many hours of real business impact per month. Scheduled maintenance can’t be a “free pass” for downtime.

• The number doesn’t compare apples to apples. Just tracking total raw downtime considers all outages to be the same, no matter what the time or situation.  A ten-minute outage at noon may impact your business much more than an hour-long outage at 3 a.m.  An outage that occurs right when you’re running a key campaign to drive people to your site can be especially devastating.

Alternatives

Somewhat better than the “99.83% uptime” style of metric is reporting on the specific number of system DOWN hours or minutes in the period.  It’s when the system is down that there’s business impact, so why not use that as your yardstick, instead of the reverse.  Some call these “impact hours”, in fact.  Stating that the system was unavailable for 20 minutes last week is much clearer (albeit sometimes more distressing!) to most business people, compared to saying it was 99.8% available.  Still, though, expressing the figure as down hours doesn’t address the other problems listed above.

The underlying insight here is that raw outage statistics, whether they’re expressed as an uptime percentage or as downtime hours, are nothing but a proxy for business impact. And not a very good one, for the reasons discussed.

Here’s a radical idea: the goal isn’t simply to report and then reduce your downtime per se.  Instead, you want to assess, promulgate, and then work down, the total business impact of your outages, and to do that effectively, you need to weight your outages by time of day and traffic. And you need to include every single outage in your assessment of business impact, including maintenance.

What’s the clearest expression of business impact?  In a nutshell: DOLLARS. How much did a given outage cost the company, in terms of missed sales and wasted expenses? Yes, there are a lot of factors and assumptions involved in figuring that out, but that’s what models are for.  Make some assumptions and build a model that will calculate the specific dollar cost for an outage, based on information about the outage’s duration, site traffic pattern at the time of the outage, etc.

We did exactly this at an internet site where the revenue stream was on the order of a million and a half dollars a week.  We incorporated considerations such as the following into our model:

• Upon analysis, we realized that any outage resulted in missed subscriptions, site advertising, and ancillary signups for partner services from which the company derived revenue. We needed the model to incorporate an understanding of the patterns and dollar costs for each of these.
• We also realized that an outage also meant that we’d wasted the money spent on external internet advertising during that outage that was driving people to our site. During an outage, external ads of course kept appearing for our site; people would click on those ads and land on our outage page. Ergo, wasted advertising dollars.
• Outages at different times (hour of day, plus even day of week) were vastly different to our site in terms of business impact and cost. Specific time of the outage needed to be a key part of the calculations of business impact.
• Outage impact also depended on whether it was a high-traffic day or not.  A high-traffic day might feature more than ten times the normal volume of traffic and transactions; an outage at that point would therefore arguably cost us ten times as much.
• Not all outages were total: sometimes performance was degraded but access was still possible. We decided to incorporate a “% degradation” parameter in the model for an outage, recognizing that deciding on that percentage would be a judgment call for any outage.
• As noted, most sites don’t count scheduled maintenance in downtime. But that’s still lost revenue. Assessing business impact requires both conservatism and full transparency. We decided to include all outages, scheduled or otherwise, when we published our outage business impact metrics.

Building the model required not just some adept spreadsheet skills, but the up-front accumulation (and regular updating) of various base data to drive the calculations.  Specifically, for each hour and day of week, we had to:

• Collect and average our aggregated historical traffic data
• Collect and average aggregated sales revenue numbers
• Determine how to calculate probable advertising revenue

Once built, our model not only let us state our downtime in terms of true business impact (i.e., total dollars for a given period), but it also provided a ready way of analyzing, up front, the specific cost of a planned outage. Using that as a tool, management could much more effectively assess alternatives and opportunity costs when system interventions to address various problems were being considered.

Here’s a snapshot of the model’s inputs (in yellow) and its outputs, slightly altered for presentation:

From here, it’s a small step to logging and tracking these total estimated costs across a given time period such as a month. (You should anticipate, by the way, that disclosure of the total dollar cost of outages will tend to invoke far more attention and commentary than the old-style percentage figure ever did!  Transparency brings scrutiny. This is a good thing.)

Yes, estimates and aggregations were necessary in coming up with these approximate costs; it’s just a model, after all, with all sorts of incorporated assumptions. And the estimates will never be utterly perfect. But still, they’ll be a far cry better at helping you express the approximate business impact of your downtime than just proudly declaring that the system was “99.83% available” last month.

Lagniappe:

• Publicly visible major SaaS system availability pages:

• • Amazon Web Services
  • Salesforce
  • OpenDNS
  • Intuit Quickbase
  • Clickability
  • Google App Engine

• Evan L. Marcus, “The myth of the nines”, September 1, 2003
• Continuity Central, “Five Nines: Chasing the Dream?”
• Paul Beckford, “Calculating Server Uptime”, February 13, 2010
• Lenny Rachitsky, “Transparent Uptime” blog
• George Ritchie, Serio Ltd, “Introducing ITIL® Availability Management”