The five minute CIO: Richard Harpur

6 Dec 2013

Richard Harpur, CIO, Aspen Grove Solutions

The CIO of enterprise property software provider Aspen Grove Solutions Richard Harpur outlines why service levels and communication flow matter when weighing up a move to the cloud.

As a company, you provide your own software as a service, so does that automatically make you more likely to use cloud services, or does the business case still have to stack up?

The business case always has to stack up. Ironically, given we have been managing our own infrastructure for years, and in that time we have built out numerous processes, we are very specific in our requirement when looking at third-party service levels. With our own infrastructure, we are used to understanding the full health status and when an incident occurs we need to know very specifically what the response from our own team, as well as our vendors, is at any point in time.

Even though there has been a marked improvement in the last two years, cloud providers need to further improve their communication flows during incidents, as well as reduce the number of service impacting incidents.

Is there anything you wouldn’t consider moving to the cloud?

We are actively planning to move non-core business support systems to the cloud in 2014, and evaluating cloud offerings as part of compiling the business case. We have no plans to move our core systems to the cloud in the short term and will require an extremely high level of confidence before we would make that transition. We have tens of thousands of users that depend on our systems every day, so we owe it to them to move with great caution.

There’s a lot of hype around cloud at the moment, especially in the light of revelations from former CIA contractor Edward Snowden. Do you still think the cloud model has merit, or are you more wary of it now?

Cloud absolutely has merit; however is it not a blanket solution. From an information security perspective, you still need to do your due diligence, including proper risk assessment for cloud providers as you would do with all third parties and your own internal processes.

The Snowden revelations haven’t changed that, they just highlight that security covers many aspects, including third parties – in fact, we launched a new product offering this year that addresses many factors around security of third-party workers, which is getting a lot of traction in the US.

A lot of IT people see the cloud as a threat to their jobs. What’s your view on this?

There is a whole new market opening up with channel partners for the more dominant cloud providers, which demonstrates that even as more in-house IT migrates to the cloud, there are still more skills to learn. This may be focused on integration of cloud providers, DevOps or ITIL process, but there is a still lot to do for people in this space. Remember, if you outsource your servers to a cloud provider, you don’t outsource the responsibility to ensure your solutions perform operationally for your clients – that remains with you.

In your experience, what’s the key to a successful IT and business project?

A clear end goal and a committed team to achieving it.

Why do so many organisations still get IT projects so wrong?

A strong project sponsor with technical knowledge and experience is essential to make a project succeed.

There’s a big push to ‘do more with less’ with IT budgets: what’s your opinion – can it be done, and if so, how?

Challenging the status quo is essential; there are many choices available now. You need to factor in a full total cost of ownership (TCO) when looking at options, however. For example, with hardware becoming more energy-efficient and disks becoming denser, it is possible to condense your data centre footprint and power costs to a size that would not have been possible only a few years ago. This reduces costs but doesn’t impact the business. On the software side, there are many options available today also to take costs out.

Aspen Grove Solutions recently launched two new products in the US and the UK markets. Can you tell me about the work that was involved from an IT point of view in setting this up and supporting it?

In the US, we recently launched Aspen iRecord, a vendor background check compliance solution that enables financial institutions to meet increasing consumer protection guidelines and regulation. This includes validating whether any third-party vendor contracted to carry out field services work at a bank-owned property has passed a criminal background check. This is an industry-led solution that is enabled through Aspen Grove Solutions’ leading-edge technology.

In the UK and Ireland, we are in the process of launching Aspen iVerify. This enables organisations with a large multi-location presence to secure, control and manage any third-party contractor or service provider who visits any of their locations to carry out work. Aspen iVerify reduces threats similar to those highlighted in the media recently in relation to plots to steal millions of pounds from UK high-street banks, where a criminal impersonated an IT engineer and illegally fitted equipment to a bank’s network.

Do you have a large in-house IT team or do you rely on external providers – if so, for what functions?

About 90pc of the Aspen Grove Solutions team is technical; we complete the majority of projects with our in-house team, but do engage external providers for highly focused work when necessary.

Tell me about your own role: is it down-in-the-trenches IT work, or is it more business-focused?

It traverses both the business side and technical. It is essential that a CIO has business savvy to ensure there is strong alignment between the solutions that are brought forward and business strategy.

Do you think a business-first approach is necessary for taking a strategic approach to the CIO role, or is it more important to know about the capabilities and limitations of a particular technology?

I think you always have to start with the business view of the world. Whether that is identifying a business problem or opportunity and then need to see how technology can help solve for this. However, there are times when you need to look beyond current business strategies, especially when making large technology decisions, to give the business a level of agility when business strategies change.

How much of a hearing does IT get at board level: is it just seen as a service provider to the business, or is IT’s opinion sought when the company strategy and execution is being discussed?

Technology is core to our business so it is constantly referenced.

Can you give an example of a recent technology project that delivered measurable value to the business?

We recently implemented VMware’s Site Recovery Manager to automate replication between our primary and DR sites. We also completed automation of our software deployment process; both initiatives saved significant time on a daily basis.

In the past, Aspen Grove has obtained certification like BS25999 for business continuity. How important are standards and repeatable processes in your IT, and have you considered others?

Standards are essential to providing high quality service, and having control. We are certified to ISO27001 and ISO22301 [previously BS25999]. We also have trained all our infrastructure team on ITIL and have further investment planned in this area.

Gordon Smith was a contributor to Silicon Republic