Knowledge@Wharton

Unless you haven’t picked up a business magazine in the past eight years, chances are you’ve at least heard of Enterprise Risk Management. And if you’re reading this, there’s a good chance that you’re intimately familiar with it.

Not to be confused with that other ERM familiar to IT types (Enterprise Resource Management), risk management falls under the umbrella of yet another acronym that’s reached buzzword-status among IT managers: GRC, short for Governance, Risk and Compliance. After all, what has taken down some of the greatest names in business recently? Lousy governance, failure to predict risk and sloppy adherence to regulatory requirements.

Proactively and prudently managing these challenges, which include an assortment of technology-related risks, has become part of the financial responsibilities that make up fiduciary duty.

What’s more, scenarios that several years ago may have seemed outlandish to most businesses – a terrorist attack or a calamitous natural event — now warrant straight-faced consideration. In a post-9/11 world, overlaid with threats of rapidly shifting climate patterns, it seems that nothing can be ruled out. Read More »

Throughout history, we’ve experienced life through increasingly greater layers of abstraction. We created language to represent physical objects. Then we applied it to those ephemeral yet enduring patterns of thought known as ideas.

The industrial economy of manufacturing things gave way to the knowledge economy of trafficking in information. And of course, computing has seen an accelerating progression toward the miniaturization — and the ephemeralization — of tangible hardware.

Which brings us to today, when organizations are virtualizing their enterprise computing infrastructure for any number of reasons: risk management, disaster recovery, high availability, reduced energy consumption and cooling requirements, smaller facility footprint, reduced maintenance costs, and the list goes on.

Kartik Hosanagar, professor of operations and information management at Wharton, thinks virtualization could have an even bigger strategic impact on organizations — the near disappearance of the internal data center, at least as we’ve come to know it. Read More »

As mentioned in an earlier post, purchasing decision-makers will want to know the projected return on investment (ROI) of any major IT proposal. But since ROI can be such a slippery and subjective measure, they may also consider other financial metrics, such as total cost of ownership (TCO) over the life of the asset and how much a project impacts the capital expenditure budget (Capex).

The on-the-ground impact of IT on a business can sometimes be underestimated. It directly affects a wide range of stakeholders: customers, employees, investors, business partners and more. Often, IT is the first and primary interface that stakeholders have with an organization. Their interaction can be efficient and satisfying, or in some cases, confusing and frustrating.

Investors recognize this and will want to know that an organization’s IT spend is well considered and not a frivolous boondoggle. So the case for shifting to a different model with something as impactful as IT infrastructure needs to be clear and compelling.

In addition to following the medical practitioner’s creed of “Do no harm,” new implementations should provide overwhelmingly clear benefits (which, sadly, is often not the case). In the case of IT virtualization, the general value proposition seems pretty clear. Read More »

It’s nearly impossible these days to overstate the importance of keeping company data secure. The implications range from preserving hard-earned client trust to protecting in-house intellectual property. Compliance needs, such as staying on the lawful side of protecting private health records, also provide strong incentive to zealously guard the gold in the company database.

For example, improper handling of private health information, under the Health Insurance Portability and Accountability Act (HIPAA), could result in up to $250,000 in fines and 10 years imprisonment.

Whether it’s brand damage, weakened competitiveness or headaches with regulators, inadequate security has the potential to be quite costly. End-users might see IT managers as cranky and overly restrictive. But IT shops see strong security procedures as a fiduciary duty.

Off-site virtualization solutions then — for all their advantages — do raise legitimate questions about security: Who are these people, exactly, that we’re about to entrust with our organization’s data? What types of systems and processes do they use to safeguard customer data? What do we know about their track record? Read More »

On the evolutionary continuum of server side technologies, virtualization obviously stands out as the next macro-trend up for widespread adoption. But that alone isn’t what persuades corporate decision makers to make room in the capital expenditures column for large IT platform migrations.

Leading-edge concepts and technologies are frightening to many executives: Risk of a botched implementation or miscalculation of projected benefits is high; rewards of a successful transition can be difficult to trace and measure. Meanwhile, there’s always the comfort of knowing that if the technology is in fact the real deal, it will continue getting cheaper and richer with features over time (a la Moore’s Law, even as competitive advantage vanishes with increasing adoption rates).

In Data Center Decisions 2008 Purchasing Intentions survey of 600 IT professionals, 61% said they already use some form of virtualization in their organization. Another 29% plan to test, evaluate or deploy it this year. And a mere 10% reported no plans for virtualization. Meanwhile, IDC predicts 2009-2010 will see the tipping point of logical virtualized servers for the first time outnumbering physical, non-virtualized units. Read More »

Here’s a scenario that IT professionals managing older networks might recognize: Your team keeps the corporate network functioning for a broad user base, yet the aging infrastructure’s inadequacies show. Precious time is lost every day helping users recover from flooded e-mail inboxes and from terminals frozen by insufficient processing resources. Clearly, migrating to a more adroit, configurable and modern infrastructure is the logical thing to do. But even in good times, getting management buy-in on large capital expenditures can feel more like the 12 Labors of Hercules.

So how exactly do you pitch a virtualization project to those people with the three-letter titles and three-second attention spans?

You communicate the benefits very clearly. Let’s face it, IT and the C-suite can and do speak completely different languages. So if you’re in IT and you’re interfacing with purchasing decision-makers, make sure to speak the lingua franca of business: ROI (Return on Investment). In this corporate dialect, financial data rule. Facts trump best-case scenario projections. On the flip side, over-reliance on anecdotes or meaningless (to them) tech specs could earn you a curt, “We just don’t have the budget for that.” Read More »