The five minute CIO: Gerry Luttrell

16 Nov 2012

Gerry Luttrell, Dublin Airport Authority's group head of IT&T & Shared Services

Ready for takeoff: Dublin Airport Authority’s group head of IT&T & Shared Services explains what it takes to make technology change projects fly.

Can you describe the scale of DAA from an IT perspective?

The IT estate, effectively, provides services to over 3,000 users when you take in the overseas business. That’s in different locations and overseas.

What implications does that have about how you provide services?

We’ve gone through a process of reorganisation so we’re working to put a central organisation in place for IT management with different disciplines: part of the organisation having a focus on projects, the other part having a focus on service delivery and uptime on systems and the other part having a focus on planning and what needs to come next and what the business actually needs. It’s very much a business-driven agenda in terms of planning.

There are two other areas that come in parallel with that – security and compliance and how we manage our security, and IT contract and sourcing. Most of the services we buy in are third party. We don’t do development in our own right, we buy in applications and services and essentially use those to provide what the business needs.

So you see outsourcing as a strategic tool in your locker to supplement what you have in house? Is it something you wholeheartedly embrace, or do you manage it very closely?

We refer to it as smart sourcing in the sense that we want to get the right services at the right quality and the right price. We don’t want to vest all of our applications or services in any one vendor. We want the vendors that are appropriate given parts of the business.

You have to bear in mind, we have different dimensions of the business, so the vendors you might want in a retail space would be quite different from the vendors you want in an operations space.

Do you build into any of your contracts where the vendor must train your team so you retain skills and continue to stay current?

Absolutely. If you look at the contract we’re talking about today, part of that contract was about skill and capability transition. Three members of the team would have been trained up so that we can actually manage the environment in house.

Does your background in business change and accounting give you a different perspective, that you’re less interested in the latest and greatest toys, but there has to be a clear business application for technology?

I’m very much focused on standardisation and process-driven events, and focused on managing the environment in a way that it is reliable and stable. Those are the dimensions that I bring to the piece.

It isn’t about the latest and greatest – though that might be appropriate in certain areas – it’s about how do you use the technology you have effectively and well, and how do you move everybody along on that journey, because it isn’t just about the technology.

One of my first roles at the DAA was in the specification and rollout of ERP in the business. That was a very significant project because it brought the whole element of standardisation into play. But again, that was not without effort because getting people to move away from what they had was the difficulty, and getting them to embrace the new technology, and what that would bring, painting the vision was the biggest idea.

With ERP, the challenge is whether you tailor the features to suit your business, or change the business to match the system. Was that a big challenge?

That was one of the challenges but we took a very conscious effort that we were effectively going to go with vanilla processes in those systems and we were going to change our business processes to what the standard processes were on the system.

We achieved that to the order of maybe 90-92pc. We kept it to a vanilla implementation as much as we could and that has given us huge benefit over the years in that we’ve been able to upgrade, we’ve been able to change the system to keep it current, and all that with reasonably minimal effort.

How strategic is the virtualisation deal you’ve signed?

It’s very significant … The benefit of this project is that it sets the scene for how we’re going to deploy systems over the next four to five years.

It’s also going to speed up how we deploy those systems. Previously, people had to wait for physical infrastructure and there was a three-week provisioning period. All that would have to be built into the project schedule. Now we have that on demand and effectively people can get on with the real meat of the issue, which is the implementation of whatever the application is.

The other thing it has allowed us to do is rationalise the support and management behind all that. You can imagine managing 360-odd servers for different applications had proved somewhat of a challenge in its own right.

HP talked about the 70:30 ratio of spending on IT maintenance versus innovation. Is that something you’re interested in?

Absolutely. We want to use what we have available by way of funding to deploy it on ‘grow and transform’ as opposed to on ‘run’ and this platform is part of that journey in allowing us to do that. This project is a key part of that journey but we’re very much at the start of that.

Overall, is your IT budget static for the next year, will you spend more or less, or will you just allocate it differently?

We’re spending marginally more but we’re allocating it somewhat differently. The one thing you can’t ignore: keeping the lights on, particularly in an airport context, is huge. Whenever you’re making a particular move, you have to move carefully, and it can’t impact the business.

Was this the kind of project that you could lose sleep over,  because of that pressure to avoid downtime?

This was a technical project, and it was difficult enough to explain to the business why this was important. You have to get down to: ‘we’re managing a lot of servers on your behalf; we need to do that better.’ A lot of assurances had to be given as to why this was a good fit for DAA.

Do you have to do more persuasion of the board for a project like that, as opposed to a business project?

It’s not about persuasion. If you can explain it succinctly and simply, that’s the trick. You go back to why this is of benefit to the business. If you can answer that with the numbers behind it, people generally come around.

What is the IT department’s role at DAA: carrying out the orders of the business, or actively contributing new ideas?

There is an interplay here. Before the budget process, we have a business relationship role. We would have had a whole series of engagements with the business  –  for 2013, what do you want to do, what are the priorities and where do you want to spend the money? That round of engagement would have come through with a list of things, so there is a consultative process, definitely.

With virtualisation done, is it a case of cloud next?

We’re thinking about it in different areas. We haven’t quite made the move just at this point. The key thing about an airport is, integration is a key dimension so we want to make sure that if we were to go with any cloud service, that integration would be dealt with properly.

It isn’t that we’re not satisfied, it’s about being careful about where we start on this. But we do see it as having a place, no question about that.

But you’re not going to be racing into it?

We don’t aim to be the first over the fence. We need to see how it’s going to work in different environments, particularly in an airport environment. Then yeah, we’ll look at adopting it.

Why does security and compliance play such a key role in the business?

If you think about it, we have a retail business, we would have credit card information so there’s PCI-DSS and all of that. The impact of anybody getting at our systems would be significant so we have to be very clear that we have the right security environment.

Does that mean you have to spend proportionately more on security than your peers in other industries?

We don’t see that. We build in the security into our design. When we’re deploying systems, security is a very large dimension of that. How is the architecture, is it secure, how is it going to be managed over a period of time, who is responsible for what in that space.

We have our own security officer in house and we would use a mix of services available in the market in different areas.

As a proportion of overall IT spend, how much goes on security?

It could be the order of 7pc.

From an IT agility standpoint, where do you see the organisation a year from now?

I see us as having standardised more in terms of how we manage the overall infrastructure, I see us having done a lot of work around our service delivery processes and I see us having delivered quite a number of key projects during that time. One example would be a CCTV replacement project and we see that completed successfully.

Gordon Smith was a contributor to Silicon Republic