The new CIO: Chief of the information supply chain
Thin client technology and the Java card have enabled business to create a data-centric world with a mobile workforce. The creative possibilities in this environment are boundless, but freedom from the office comes with increased risk. The CIO is in charge of creating and securing that new workspace, and organizations have no choice but to deal with this new reality. Maybe a new title is in order, too: chief of the information supply chain.
Robert Worrall, the new CEO of Sun Microsystems, Inc., started his day recently working at home on a presentation. When he left for the office he extracted the Java card from his computer and took it with him. Throughout the day he used the card to return to the session he began at home and accessed his slides at several offices. That evening he boarded a plane to London, where he plugged the card into a laptop and completed his speech.
This is a typical itinerary for any busy executive, but what is different about Worrall's experience is that the data in his presentation was never stored on any of the devices he used. Their function was video display. The Java card, combined with thin client technology, enabled Worrall to work on his project while it remained safe at the back end of Sun — on Sun servers — surrounded by the company's robust security fence.
Knowing where your company's data is, and securing it, could be a thumbnail job description for any CIO. And it's a complicated job, given the mobility of today's workforce. Sun employs 38,000 worldwide, for example, and 20,000 of them are "nearly virtual," Worrall said. They work from home, from clients' offices, on airplanes — in a wireless world they could be working anywhere. And they use a plethora of devices including desktops, laptops, cell phones and Blackberries. CIOs have to worry about where, at the end of the day, their data will end up.
The challenge? "How do you control the information flow when you don't know who is connected to the network and where they are coming from," Worrall said. He was the keynote speaker at the opening session of a recent symposium sponsored by the W. P. Carey School's Center for the Advancement of Business through Information Technology. The topic was "Cultivating and Securing the Information Supply Chain."
390 gigabits per second and growing
Sun Microsystems is known as a hardware company, but Worall says "hardware is the easy part." Managing information is the challenge. "We treat information as intellectual property," he said. "The guy with the most information who moves the fastest wins this race — it's that simple."
Information, Worrall said, is "a critical element of competitive strategy and decision-making." Managing that information means addressing confidentiality issues ("I am joined at the hip with our chief privacy officer."), assessing risk, and recognizing the potential to create communities.
Additionally, information is "ubiquitous." In the past, companies could lock their files and shut down for the night, but today, "I have to make every critical piece of information available on any device in the world — whether a cell phone or a PDA — on a 24/7 basis." Worrall said that 390 gigabits of information move through networks worldwide every second. The volume is mind boggling. "Can I go to the audit bureau or my board or — heaven forbid — the SEC and testify that we have properly controlled access to all these things?" he asked.
E-mail alone poses a huge challenge. Worrall said Sun filters 45 million spam messages a day, up from 20 million spams per day two years ago. The number is projected to climb to 80 million next year. "Some of it is legitimate information," he said. "How do you develop a risk profile for filtering good information?"
Security for the information supply chain
Securing your data involves managing the entire information supply chain, Worrall said.
The issues surrounding the creation and destruction of information are difficult, he said, because they involve business processes and change management. "I am involved in a never-ending debate with legal about how long to retain e-mail." The lawyers don't want anything stored, and users want to save everything, he said. The tension between the two points of view highlight an important fact: "Information lifecycle management is technologically simple, but because it is a high-touch business process issue it's much harder."
Another challenge is distribution. "This is not your Dad's old distribution channel," Worrall said, "because you don't know where your data might wind up."
Worrall said that his job is to assure that Sun's mobile workforce has access to everything it needs to be as productive out in the world as they would be at corporate headquarters. At the same time, Worrall wants to know the current location of every bit of important data.
It's a tall order. Sun's approach is to hug its data close to the vest, where it can be protected, and give its employees the tools to see and work with the data they need, but from a distance. The first step is to "lock down data at the back end," Worrall said. Sun's data resides on its servers, and it stays there, even while it is being used by employees. Next step, he said, control those who access it, and how they do so.
Thin client technology makes each device employees use a window into the server, where the applications do the actual processing. This way Sun's precious data remains safe on its servers even when it is being used by employees scattered around the globe. The device that rests in the employee's hands displays the action, but the work itself is done on secured servers. The device itself retains no data at all — nothing to lose or otherwise go astray, but the work is available to the employee the next time he logs in. At the end of the day, employees save their work back to those secure servers, not to the hard drive on their personal device. In this way, Sun's information "sleeps" at home and is not running loose in the world, riding in a laptop on somebody's back seat.
Identity management is another key component. Individual access to information depends on the person's role in the company, Worrall said. When employees move from job to job, their technology permissions should change, too, Worrall said. This is another business process issue, and it's hard to implement.
Access also depends on the device the employee is using, Worrall explained. "If you come through a trusted device, like your computer at home, you could have access to all of the 150 applications we offer," he said. On the other hand, coming into the network through an unsecured cell phone, the same employee might be able to see only top level information. Sun's ability to dynamically image its portal views — opening or closing the aperture depending on circumstances — gives Sun employees portability and flexibility while at the same time protecting company data.
"Thin client has provided a very safe solution," Worrall said.
The new CIO
When he was offered the job of CIO at Sun, Worrall said, no one mentioned making the company's information secure . Yet, he added, all of the different functions that he is charged with managing — the help desk, the extranet, the portals — all represent parts of the information supply chain. And, "at the end of the day, if that information is hijacked, if that information is not secure, my pager will ring and mine will indeed be a short career."
It all adds up to a redefined role for the CIO. Technology like the Java card has enabled us to create a data-centric world with a mobile workforce. The CIO is in charge of creating and securing that new workspace, and organizations have no choice but to deal with this new reality. Maybe a new title is in order, too: chief of the information supply chain.
Bottom line
- Protect and archive data according to its value.
- Encrypt data, then manage access to it based on the identity of the user.
- Pay close attention to the distribution of data.
- Consider the entire lifecycle of data, including destruction.
Latest news
- Lab lessons: Roadcase.com VP shares how ASU's SMB Lab fueled growth and efficiency
The Arizona-based audio/visual equipment case manufacturer gets expert guidance on improving…
- Best installment loans
Loans should be prioritized by their ability to improve human capital, says an ASU finance…
- Why does online shopping make me feel like absolute crap?
Online shopping can cause anxiety and frustration, says a W. P. Carey marketing expert.