Reg Roundtable The Register recently gathered together some of the great and good in an attempt to work out what is going on in corporate IT. Here's what happened next...
In the aptly named Sandra Blow Room of London's Soho Hotel, my role was to provoke conversation on the subject of IT governance and the structures by which large scale IT is organised, using my standard cross between management consultancy and stand up comedy. Between you and me, getting the conversation going wasn't the hardest 25 quid I've earned from El Reg.
After mentioning "governance" and "project failure" a few times, the IT execs and managers we'd gathered at our round table took control, leaving our dear group editor and myself to just drop in the occasional anecdote to keep them on topic. Being Reg readers, these IT leaders are realistic bordering upon cynical about governance, mirroring Gandhi's view when asked about Western Civilisation that, yes, "it would be a good idea".
So, what did we learn?
The Fear Agenda
It quickly became clear that security has stopped being an obscure "technical problem" and now pervades the way companies are governed, not just managed. Some of that is because of our work at The Register, because like any decent news site we just love horror stories about catastrophic security failures. So the reputation of the whole firm is now at risk and CEOs of big name outfits can suddenly find themselves out of their cushy jobs if they get it wrong enough.
A specifically UK fear is the former cuddly bunnies at the Information Commissioner’s Office. They now have both hunger and teeth, and their fines can go into hundreds of thousands per screwup.
Several of our panelists saw the day coming when IT execs face criminal charges. But so far this hasn't really happened and several felt that the threat of being personally prosecuted was just a random meatgrinder into which you feed the occasional scapegoat.
Yes, it's not actually a roundtable...
They’re not just worried about data being lost. Data quality consumes a lot of their time since it is coming from so many sources that are often either not easily made consistent but often just wrong.
Bring your own problem
BYOD wasn't at all popular, though the round tablers were divided as to which of its follow-on problems was the worst. One thing that shocked me was that some of them appear to work in organisations where if you set up an IT policy, you have a realistic prospect of it being obeyed.
Everyone agreed you need one, if only to protect your back when the fan is hit.
A clear and present danger is the way so many users are storing data on their own devices. In theory this can be remote-wiped, but the round tablers didn't so much disagree as jeer at trusting this could and would be done. Even if it did happen to work, they feared entering a world where you messed with equipment that didn't belong to you and unsurprisingly they were a lot happier with allowing users to choose from a range of hardware they provided and thus could kill with some confidence.
Terminating employees in general is seen as a real pain these days, now that they may be choosing their own apps and so you can't just block them from the servers and realistically hope they won't walk off with your intellectual property.
Also, the days when it was “your” IP are mostly behind us. Every single one of the IT execs ranging from academia through analytics and retail to banking held serious amounts of data that "probably" belonged to partners as well as their customers. That was clearly one of their biggest governance issues since contracts are often set without IT input. In any case not all of them felt they properly understood the Byzantine issues of multinational contracts and privacy laws. Actually none said they did.