From now on, the US can target individuals engaging in cyberattacks against America from abroad, according to US President Barack Obama, citing a new law.
Dublin: 02.04.2015 05.23AM
Consultant Derek Mizak
Derek Mizak, the former IT manager of Mercury Engineering for 10 years, now a consultant offering ‘CIO as a service’ to Irish organisations, explains why he favours outsourcing to external providers and why the best CIO is a business person first.
Tell me about the challenges of running IT in a company like Mercury Engineering.
The main problem is a dispersed multinational organisation with different jurisdictions, you have different availability of services, you have different requirements. When you look from the global perspective, you try to somehow unify it. But all of those jurisdictions want to do something different, so striking the balance is very difficult.
The trend in IT has been to standardise: one image, one laptop. Do you have to accept that that notion is harder to achieve now, and has BYOD been the catalyst for this?
I think that there’s too many things happening in IT for IT departments trying to stick to the old way of thinking. When you actually look at it, what do you protect? You don’t protect devices, you protect data. So as long as you can protect data, as long as you stay compliant as long as those devices don’t pose a threat to your contractual or legal obligations, then you’re fine with it.
You said in your presentation at the Enterprise Mobility Summit it’s not a battle you have to fight. Is IT maybe getting too focused on the device and missing the bigger picture?
I would say a little bit, but what it’s driven by is, when you’re in an IT manager’s shoes and he has to protect the data centre. You look at the advent of cloud computing and the fact it’s getting mature, when you look at it from the corporate perspective now, he doesn’t have his own data centre.
When your whole IT estate will move to an external cloud provider, all of those offices, including head office, are like another site or another branch office.
Your provider will give security. You gave it to be managed, you specified the SLA [service level agreement] you want, what legal obligations you want to have fulfilled and so on. These mobile devices need to be looked at together with cloud computing and hosted services.
I remember always hosted email for us was a challenge because of the amount of data, backing it up and so on, and I was able to calculate how much it cost me to hold emails in house. I always said for such an amount of money, I’ll just send it out.
When Microsoft introduced Office 365 - the same as Exchange, the same conditions - and all you pay is a couple of euro per month per user. Fantastic.
You can go up or down, you don’t have to worry about storage, about backup and restore, disaster recovery.
Is there a trust issue with using cloud providers that you may not be as familiar with?
There are standards like ISO 27001, like ISO 9001, and you look at what compliance level those guys guarantee. You will find very often that those providers provide far better quality of service and better security than you can, ever.
Even if you’re a 1bn, 2bn, 10bn company, you will never be able to accumulate so many specialists and skilled people as someone like Microsoft or Amazon is able to do.
Was that an issue for you at Mercury?
Mercury was meant to be a three-year journey and became 10. When I joined, I was aware from the very beginning that when you work for internal IT, you face a fixed number of issues. You face the same infrastructure all the time.
When you work outside, you work with different customers, your brain is exposed to new challenges all the time. So you develop yourself.
However, Mercury was exceptional. It was like working for an external provider because there were so many companies. But for the average IT person working inside [a company], he will develop himself slower than working for a provider.
When you rely on your own IT department, you put yourself at a disadvantaged position from day one. Internally, I made multiple attempts to push the IT out, and to outsource it.
I do believe that IT delivered externally to the company, if managed properly, will give you better value and better quality - and this is where the role of CIO or IT manager is.
As a CIO or an IT manager, I am sitting inside this company and I need to understand the company. I need to be the guy who is sitting on the board, and understands the challenges and is able to translate them to the techies - into SLAs, into requirements and so on.
What IT managers need to do is to understand the IT ecosystem. He doesn’t need to know which checkbox is ticked.
You’ve moved on from Mercury to a consulting role, and there’s a huge change happening in the role of the IT leader. From where many CIOs are now, where do they need to get to and what skills do they need to get there?
I would go a little bit further. Someone who has business experience who has a little bit of IT education will become the best CIO. I have a technical background and I realise all the time that I’m missing this business element.
What a CIO has to do is, it has to be the business person who happens to manage IT. He will have people explaining to him and he needs to understand the difference between a storage and an application server, but that is basic knowledge. There are courses that can be taught, papers that can be read, but he has to understand the business. Then, he can look at what IT can offer and translate that for the business.
In Ireland, companies of 100 to 200, 300 users, very often don’t have IT managers in place. They get someone who shares responsibility for IT with some other role - maybe finance or HR.
Is that the right way to do it, in your opinion, or does it need to be a dedicated role?
I’m filling the gap in some of those companies. I’m becoming a kind of ‘CIO as a service’. I spend time with them, I give them tasks, specify things and I come back to check and move it forward.
Very often they do not realise actually what problems they have. They know they cannot connect somewhere, maybe they can’t connect to some application in a country and they don’t know why. They go to the vendor who says ‘you need to buy that box’.
It’s either a CIO who is aware of all those things and can translate that to the market, or you contract someone who doesn’t sell anything. There is a gap in the enterprise market because of that.
You’re in favour of pushing IT out to external providers, and there’s now an array of services in the cloud, so do you think the IT department of the future will be staffed by just one person?
No I don’t, and I’ll tell you why. You may find yourself that you can go to some sort of call centre and manage users through a third party for desk-side support. It depends on the size of the organisation.
There’s low-level work that’s needed. But if you think of bigger organisations, the CIO will have to have some kind of business analyst.
I would say the nature of internal IT departments does change, They are not going to disappear, but I would say if I would tell someone, if you want to be a sysadmin, if you want to be a techie, don’t work for internal IT. That’s what I would say to every college student.
So your advice is, work for a service provider if you want to work in pure technology?
Yes, because what’s going to happen is, one month you will work in this company, and the next month you will be allocated to another. And your brain will grow.
When you work, you get 20 servers, the same data centre, a life cycle of five years ... The boredom never happened to me at Mercury because we implemented SAP, we rolled out mobile devices ... that was never boring but it was exceptional.
When I work with various clients and I see how it looks, it’s very difficult for them to get things right without some sort of outside perspective.