Helping CIOs meet the compliance and connectivity challenge

26 Dec 2008

With a US$700m R&D budget, CA chief technology officer Al Nugent is consumed with ensuring the IT departments of the future respond better to the business world’s needs.

It’s amazing how many things in the technology world come full circle. Once, the mainframe was the heart of a company’s IT engine, then the PC client brought about a world of benevolent chaos. Now, mainframes and servers are again back at the heart, threatened at the edges by worker bees equipped with all manner of paraphernalia – ranging from netbooks to USB keys and iPods – to make CIOs feel uneasy.

Calming their unease and restoring equilibrium is CA chief technology officer Al Nugent’s raison d’etre. His enthusiasm, idealism and realism on this matter are an inspiration to anyone who talks to him. He allows himself a smile at the irony of how CIOs wish to be seen in their respective organisations. Following the tech downturn earlier this decade and scandals such as Enron, accountability and compliance took centre stage, while at the same time IT managers and CIOs wanted a more advantageous and responsible position at the boardroom table.

Such ambitions, he reasons, are groundless, unless CIOs can prove they really can drive business value. “In order to understand the next 10 years, I think it’s important to talk about the past five to 10 years; it’s all part of something that we see as continuum. The notion of complexity and emergent complexity is the biggest problem that business and technology people face today. It’s really important to understand what’s driving this complexity and is it possible to contain it? Containment – to borrow from our friends in Star Trek – is futile.”

Nugent says CA is building its business around the idea that the complexity is not going away, but will increase. “One has to embrace it in order to be effective either in the business world or technology side of the house. The truth of the matter is the business side of the house is what will really matter here. The technology people need to understand how the complexity will continue to drive challenges for the business and be able to be proactive and respond.”

The biggest worry for businesspeople and their CIOs is information that is being blasted at us from every angle and to every single device – and which could also be stolen via these avenues. “As business problems become larger and larger, the amount of technology that’s required to address those problems will increase. It’s all the things at the fringe … the absolute explosion of mobile, and just in general, wireless devices,” he says, noting that in most companies, most peoples’ desks have some combination of a mobile phone, BlackBerry or notebook PC. “There’s an astonishingly large gap in terms of the control of those kinds of devices, which are not uniformly managed or uniformly secure.

“I have my own personal cell phone. Even though I’ve got a company BlackBerry, my activities on my cell are out of the scope of the IT team’s efforts. CIOs are wrestling with the notion that there an enormous collection of things that are either permanently or periodically attached to different kinds of networks.”

Nugent says this kind of connectivity complexity is going to have to become an accepted danger that businesses of all shapes and sizes will face. “If I buy an iPod and decide at the same time I’m going to put a small wireless network in my home and attach my company laptop to the wireless network and then access my company VPN [virtual private network] client – I’ve now got an open wireless network in home that my company laptop is connected to. I’ve basically created an open tunnel into my company that someone can access from the street outside if I haven’t put the right security in place – it happens all the time.”

Interestingly, Nugent says this rate of change is actually a good thing. “There’s a benevolent side to it and a dangerous side to it. The benevolent side of it is – I’m an IT person and I want to do everything I can to support my business and, in the process of doing that, things don’t happen in as structured a form as I’d like and accidental things occur and reveal gaps. We know this world is complex, we know it’s bordering on chaos right now. Let’s make it even scarier because in the next 10 years the number of generic devices connecting to public and private networks will go up by two orders of magnitude. What are these things? There isn’t a single company today that isn’t building a piece of equipment – refrigeration, Xboxes, cars, the list goes on – everything is going to be network addressable. If that happens, think about the potential of billions of devices out there, in some cases addressable in a more controlled fashion and in others a proprietary fashion.”

Nugent says he relishes the challenge. He believes it increases CA’s relevance not just from a security point of view but also from an organisational control perspective. At the heart of the company’s product plans over the next 10 years is the Unified Services model, which allows ordinary executives and CIOs to map out what’s happening across the organisation in terms of devices and access rights. “We have the technologies in the market today and we’ve expanded our portfolio in a variety of ways: integration of automation into existing infrastructure, identity management and governance.”

He clearly thinks about this a lot and the economics involved in managing this complex future are frightening. For businesses focused on cost reduction, it is unjust that the increasing complexity of technology and individuals’ use of a variety of devices should hinder simply getting on with business. “Whether off-boarding or on-boarding an employee, as it relates to business, IT is so expensive these days not because a server is expensive but because individuals are running around enhancing processes with a lot of footwork,” he says. “If 80pc of the cost of running an IT department today is people-related, and people are very skilled and therefore expensive, how can we reshape the investment portfolio from the business and technology perspective to balance that a bit more? Maybe 50-50, or if we’re very generous, 60pc on the strategic side and 40pc on the operational or day-to-day ‘keeping the lights on’ behaviour.”

Nugent says integration and automation are key. “We need to put technology in place to manage the technology, based on a rigorous set of processes and policies within an organisation. We have to be willing to take those people who were doing the day-to-day maintenance and operations work and move them to the strategic side of IT so that they’re doing the things they were hired to do.

“If you are a fly on the wall at a CIO staff meeting, and there’s a crisis in the organisation, you’ll have any number of different technology and business departments around the table. All these folks are going to be sitting there and the first question is ‘What happened?’ Everyone looks at each other: ‘The database went down – that was because the network failed – that was because the server went down.’ There’ll be a lot of finger pointing because there isn’t an inter-related view as to how the business relates to the technology footprint in an organisation.

“This is one of the driving forces in our company these days,” Nugent concludes in a voice that rings ‘bring it on!’

By John Kennedy

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years