The Friday Interview: Frank Kennedy, CA


25 Feb 2005

The new man at the helm of Computer Associates (CA) in Ireland, Frank Kennedy, is taking a leftfield approach to the data management and infrastructure issues impacting Irish businesses and public sector bodies. For one thing, he reckons one of the major security issues for 2005 will be spyware, which he estimates is responsible for 50pc of all computer crashes.

Kennedy, former general manager at Fujitsu Consulting, believes that in order to take CA to the next level, the company needs to build up its partner business, generate more revenues from the SME segment as well as bolster its position as a strategic partner for its enterprise customers, helping them to reduce complexities and derive greater value from their IT infrastructure.

His aims are reflected by the fact that CA’s Irish operations are among the few operations in the world that will not have to face job cuts at the organisation. The company will actually be adding five senior strategic sales managers to spearhead new business opportunities, bringing its localised workforce to 30 people.

In Ireland, CA is widely regarded as an enterprise player, including customers ranging from the Irish Government — the company last year completed a major portal strategy for the Revenue Commissioners — to large financial players, including Allied Irish Bank and Bank of Ireland. However, under Kennedy’s reign, the company will be moving to include SMEs among its client base, particularly in the realm of IT security, where he says SMEs lacking the investment levels of large corporates are most at risk. However, he argues, smaller businesses can boast less complexity in IT infrastructure than corporates and can use this to their advantage.

Spyware, Kennedy warns, is the major IT security threat for 2005. “Most people dismiss spyware as cookies for online advertisers, but keystroke loggers are also a major threat. The most prevalent spyware threat comes from the use of peer-to-peer, file-sharing sites such as Kazaa.com. Other threats come through the use of RSS (really simple syndication) feeds available from online news services. It is estimated that 50pc of all system crashes today are spyware related,” he comments.

Kennedy believes that the threat comes from a more general failure in managing IT security itself. “In general, people have taken a sticking plaster approach to date. A new threat emerges that exposes vulnerability, such as the recent emergence of spyware, and we stick a plaster over the problem in the form of another security solution. The problem is, firstly, that we are always one step behind the problem, and, secondly, we are building ever more complex security environments filled with multiple solutions, none of which integrate with each other and all of which need ongoing update and patch management. This firefighting approach leads to lack of control and consequently exposure to higher levels of risk.

“The answer is to put management controls in place to oversee the entire security environment, including all solutions. From that perspective all vulnerabilities can be assessed in advance of the organisation being breached and we won’t all find ourselves chasing this year’s latest security threat,” he says.

Moving beyond the security threat, Kennedy is convinced the key reason IT projects fail is the enduring disconnection between IT managers and the boardroom. “In a large number of cases the reason for the perceived failure of IT projects is that we take an isolated IT approach to what is a business issue. All IT projects are undertaken to support a business need and without considering the implementation from a business perspective we will never understand the full implications, consequences and opportunities that are likely to emerge.

“A holistic perspective to the business change is required that focuses on the business benefit and has the businesspeople and IT people working as a team. The IT project is then managed as a component of the overall business-change programme. With executive commitment to the change programme, the appropriate level of resources and attention can be leveraged, increasing the likelihood of success.”

Kennedy believes the most pressing data management issue facing large and small companies today is the inability to plan for data growth. “Exponential data growth-led issues such as compliance have forced many businesses to buy storage redundancy because they can’t plan how much storage they will need. Many companies are now starting to look into more effective storage management strategies because they can’t simply keep buying more storage. In addition, vendors need to look at more flexible capacity pricing policies that will allow businesses to pay only for the storage capacity they use rather than having to pay for redundancy,” he adds.

Issues such as compliance and corporate governance, which Kennedy believes will dominate the Irish business agenda during 2005, also need to be given greater profile. “The demands imposed by compliance and corporate governance are tighter controls and greater transparency in data, processes and accountability. Many businesses view the technology aspect of compliance as a storage issue, again taking a short-term isolated IT approach to what is an ongoing business problem. Unlike Y2K, compliance won’t just go away once the solution is implemented: it requires an ongoing system of accountability and transparency, and as such processes need to be put in place to ensure that system doesn’t break down.

“Simply automating many of the IT processes that are currently handled manually, such as backup and recovery, will reduce the risk of manual error and futureproof the business. Similarly, taking the opportunity to integrate processes and make IT more accountable to the business process will allow IT to enable tighter controls of the business rather than being an obstacle to them.

“The good news is that if a business can integrate its processes well enough to achieve compliance and good corporate governance it will be a much more efficient operation business overall,” he says.

While Kennedy admits to being excited by the possibilities of wireless working, failure to integrate the technologies is causing undue complexity in business operations. “In the majority of cases these advances are leading to a disconnected business because the various new technologies haven’t been integrated with each other.

“Take wireless for example — many businesses have adopted some elements of wireless technology on a piecemeal basis without a management strategy for incorporating those technologies, with all their consequences, into the wider infrastructure. The impact is that the businesses are simply using more devices rather than less. In technology terms, we often see companies that have implemented a wireless local area network [LAN] without incorporating it into the security environment. We would never allow strangers to come and physically connect to the network or give them passwords to desktops, but we permit them to work on the floor upstairs or downstairs and tap into our wireless LAN,” he says.

“The key is to implement management control and visibility over the entire infrastructure so that you can see when new devices are being added to the infrastructure or when new vulnerabilities are being opened up. Since complexity equals costs, by driving complexity out of the organisation, unwanted and unexpected costs will follow too. New technologies can then be incorporated easily into the management structure without exposing the business to risk,” Kennedy concludes.

By John Kennedy