This guy whines, but oh what a whine
a guy who likes the previous guy
Sunday, March 30, 2008
Wednesday, March 19, 2008
To lock or not to lock - it's a deeper question than you thought
3/17/2008
I had a plan.
Last week's column listed three factors to take into account in deciding how far you should open up or lock down desktop PCs: The company's size, how heavily it is regulated, and the role of the individual employee. Bigger, more heavily regulated companies tend to need more tightly controlled PCs. The same is true of employee roles that are more regimented and less flexible.
I'd planned to continue this week with three more factors. One was going to be company strategy. Specifically, companies that sell strongly commoditized products -- products whose only differentiation is price -- have to focus heavily on cost control, meaning lockdown makes sense.
So much for planning: On reflection, I don't buy it.
I don't care if your company manufactures cinder blocks, or buys and sells lentils. It doesn't matter if the product itself is a commodity. Any company that wants to enjoy continued success needs to be on a constant lookout for new and better ways of getting things done.
There are two ways to go about finding these improvements. One is top-down planning. The other is bottom-up initiative. Since the business case for opening up PCs is built on the importance of bottom-up initiative, this is a subject we need to explore in depth.
Top-down planning has the advantage over bottom-up initiative when it comes to engineering elegance. Since the only way to optimize the whole is to sub-optimize the parts, business leaders should engineer the corporation from the top down, according to a carefully rendered program of progressive decomposition -- from core process to sub-processes to sub-sub-processes to activities to tasks to procedures, all carefully orchestrated and controlled.
It's the organization as machine. The gears mesh, the shafts turn, the subassemblies integrate, and everything hums. IT locks down the desktops because any variation from the grand design can only optimize a part at the expense of the whole.
Now imagine you're an employee who performs actual, for example, work. You know how the work gets done because you do it every day. You see an opportunity -- a way to do it better.
Which is too bad, because better people than you have already designed the whole company. There's no room for bottom-up initiative. How could there be? Change anywhere could unbalance the whole machine.
Sure sounds convincing, doesn't it? Well, no, it doesn't. Company processes aren't as carefully engineered as all that. They aren't perfectly optimized from a global, top-down perspective.
The situation is messier than that.
In a typical company, core processes ... the processes that form the heart of the business ... are well-engineered and well supported by the company's enterprise systems. It's hard to escape this conclusion because by definition, a company's core processes are what give it a competitive advantage. That being the case, they will have received the most attention, brainpower, and investment.
Move away from the core processes and you typically find solutions that are more ad hoc in nature. That makes sense. Company leaders should invest more time and attention in competitive differentiators than in business responsibilities that support business responsibilities that support business responsibilities that support competitive differentiators.
So we'd expect to find more opportunities for bottom-up innovation in non-core areas of responsibility than in core processes. This logic dictates a policy that locks down most rigidly the PCs of employees who play primary roles in core and near-core business functions and processes. The PCs of employees whose responsibilities are farther away from the core would be more open.
This makes for a neat, tidy little business paradigm, not too different from Geoffrey Moore's "Keep the core and outsource the rest."
Don't trust tidy little business paradigms. Too often they are on the wrong side of the line that separates the simple from the simplistic.
Here's one of the nasty little conundrums (conundra?) that get in the way. Imagine your company's core and supporting processes really are carefully engineered and perfectly balanced. If that's the case, then in addition to perfect optimization, the company will have achieved perfect stagnation and stasis.
Look at any large organization that's optimized from the top down and you'll find it almost has to discourage front-line innovation. How do you innovate in a world where, when Manufacturing sneezes, Marketing has to say "gesundheit"?
The price to be paid for tight integration is rigidity, and a powerful resistance to change. Today's efficiency almost guarantees tomorrow's obsolescence.
On the other hand, advocating inefficiency and poor business integration just doesn't sit very well.
Do you still think desktop policy is a simple matter?
Think again.
I had a plan.
Last week's column listed three factors to take into account in deciding how far you should open up or lock down desktop PCs: The company's size, how heavily it is regulated, and the role of the individual employee. Bigger, more heavily regulated companies tend to need more tightly controlled PCs. The same is true of employee roles that are more regimented and less flexible.
I'd planned to continue this week with three more factors. One was going to be company strategy. Specifically, companies that sell strongly commoditized products -- products whose only differentiation is price -- have to focus heavily on cost control, meaning lockdown makes sense.
So much for planning: On reflection, I don't buy it.
I don't care if your company manufactures cinder blocks, or buys and sells lentils. It doesn't matter if the product itself is a commodity. Any company that wants to enjoy continued success needs to be on a constant lookout for new and better ways of getting things done.
There are two ways to go about finding these improvements. One is top-down planning. The other is bottom-up initiative. Since the business case for opening up PCs is built on the importance of bottom-up initiative, this is a subject we need to explore in depth.
Top-down planning has the advantage over bottom-up initiative when it comes to engineering elegance. Since the only way to optimize the whole is to sub-optimize the parts, business leaders should engineer the corporation from the top down, according to a carefully rendered program of progressive decomposition -- from core process to sub-processes to sub-sub-processes to activities to tasks to procedures, all carefully orchestrated and controlled.
It's the organization as machine. The gears mesh, the shafts turn, the subassemblies integrate, and everything hums. IT locks down the desktops because any variation from the grand design can only optimize a part at the expense of the whole.
Now imagine you're an employee who performs actual, for example, work. You know how the work gets done because you do it every day. You see an opportunity -- a way to do it better.
Which is too bad, because better people than you have already designed the whole company. There's no room for bottom-up initiative. How could there be? Change anywhere could unbalance the whole machine.
Sure sounds convincing, doesn't it? Well, no, it doesn't. Company processes aren't as carefully engineered as all that. They aren't perfectly optimized from a global, top-down perspective.
The situation is messier than that.
In a typical company, core processes ... the processes that form the heart of the business ... are well-engineered and well supported by the company's enterprise systems. It's hard to escape this conclusion because by definition, a company's core processes are what give it a competitive advantage. That being the case, they will have received the most attention, brainpower, and investment.
Move away from the core processes and you typically find solutions that are more ad hoc in nature. That makes sense. Company leaders should invest more time and attention in competitive differentiators than in business responsibilities that support business responsibilities that support business responsibilities that support competitive differentiators.
So we'd expect to find more opportunities for bottom-up innovation in non-core areas of responsibility than in core processes. This logic dictates a policy that locks down most rigidly the PCs of employees who play primary roles in core and near-core business functions and processes. The PCs of employees whose responsibilities are farther away from the core would be more open.
This makes for a neat, tidy little business paradigm, not too different from Geoffrey Moore's "Keep the core and outsource the rest."
Don't trust tidy little business paradigms. Too often they are on the wrong side of the line that separates the simple from the simplistic.
Here's one of the nasty little conundrums (conundra?) that get in the way. Imagine your company's core and supporting processes really are carefully engineered and perfectly balanced. If that's the case, then in addition to perfect optimization, the company will have achieved perfect stagnation and stasis.
Look at any large organization that's optimized from the top down and you'll find it almost has to discourage front-line innovation. How do you innovate in a world where, when Manufacturing sneezes, Marketing has to say "gesundheit"?
The price to be paid for tight integration is rigidity, and a powerful resistance to change. Today's efficiency almost guarantees tomorrow's obsolescence.
On the other hand, advocating inefficiency and poor business integration just doesn't sit very well.
Do you still think desktop policy is a simple matter?
Think again.
-----------------
Copyright and other stuff -- The great KJR link point
Monday, March 17, 2008
Deciding how far to open the portal door
3/10/2008
What is it about vitamins?
When I was a kid they were chewable. Then I grew up and they were small, coated, and easily swallowed.
Now they make me feel like Mr. Ed: They're the size of horse pills, and if (when) they get stuck on the way down I taste alfalfa, or maybe straw.
Speaking of things that are hard to swallow, correspondent Mark Sowash made me aware that, since at least last October, Gartner has been predicting increased employee ownership of PCs (Ready or not, here comes user PC choice Computerworld 10/15/2007).
There is, of course, a difference between prediction and advocacy. Still, fair's fair -- Gartner got there first (ouch!) and I agree (the horror!).
The Computerworld article describes a 250-employee consulting company that's giving employee PC ownership a try.
It isn't going to be a free-for-all. The company is establishing standards for all PCs that connect to the corporate network, especially for security. It will scan devices for compliance before they connect. It's moving its enterprise applications to web-based access to keep enterprise data in the data center.
Sounds well-thought-out and workable to me.
Following last week's column on this subject (Getting to 21st century IT Keep the Joint Running 3/3/2008) I added two posts on Advice Line, the question-and-answer blog I do for InfoWorld (Can virtualization resolve the IT/end-user disconnect? 2/29/2008 and Getting to 21st century IT - User-owned PCs? 3/4/2008), asking for comments. The response was enthusiastic, perceptive, argumentative at times, and in all respects worthwhile.
I was struck by something: The positions taken were generally rooted in a hidden assumption about the nature of the workplace and employee. Those advocating employee ownership, for example, tended to be travelers or knowledge workers who are expected to creatively solve problems for their employers. Many of those who rejected the idea (and the idea of significantly loosened controls) support production workers with well-defined responsibilities that are entirely supported by the company's enterprise applications.
The more I think about the subject the more I'm convinced the right answer isn't yes or no. It's "it depends." This is, in retrospect, obvious. It's also woefully incomplete, because the moment you say the words, you have to then explain what "it" depends on.
We'll start the ball rolling this week with three factors: size, role, and regulation.
Size: Small companies tend to succeed through individual initiative, employing generalists who understand a broad swath of what the company does. Most "business process" happens inside one employee's head.
As companies grow they gain economies of scale. To get them, they have to standardize what was idiosyncratic, whether the subject is business process, HR policy or PC configurations. Employee roles specialize, and what used to happen in one person's head now happens through defined workflows.
It's a sad trade-off: With success comes increasing bureaucracy, because the alternative is having costs increase as fast as revenue, or even faster.
Role: Some jobs are defined by their lack of clear definition. While the desired outcome might be clear, the means for achieving it is not. The list might include sales, marketing, consulting, IT developer (yes, IT developer) and varying kinds of analyst.
If you can't predict what someone will have to do to get the job done it seems futile to lock down a specific toolkit and say, "that's all you need."
Other jobs are rigidly defined and narrowly focused. Call center agents come to mind. While they might, and often are called on to be flexible in how they converse with callers, when the time comes to pull data out of the company's systems and put new data in, you want every agent to use the exact same tools in the exact same way.
Regulation: Some businesses are more highly regulated than others. This is neither bad nor good (I remember the pre-environmental-regulation United States and like what we have now much better). It's a fact.
Another fact: Regulators care about compliance and only compliance. If compliance means a reduced ability to innovate, too bad. HIPAA regulators care about protecting patient data. The impact on creativity elsewhere in the company isn't their concern.
The Big Finish: The smaller the company, the broader and fuzzier the role, and the less regulated the industry, the more likely it is you can open things up.
The really tough challenge is figuring out what you can do, if you're big and highly regulated, to provide as much empowerment as possible. After all, the people who run big companies rarely want to preside over bureaucracies.
They just need an alternative.
What is it about vitamins?
When I was a kid they were chewable. Then I grew up and they were small, coated, and easily swallowed.
Now they make me feel like Mr. Ed: They're the size of horse pills, and if (when) they get stuck on the way down I taste alfalfa, or maybe straw.
Speaking of things that are hard to swallow, correspondent Mark Sowash made me aware that, since at least last October, Gartner has been predicting increased employee ownership of PCs (Ready or not, here comes user PC choice Computerworld 10/15/2007).
There is, of course, a difference between prediction and advocacy. Still, fair's fair -- Gartner got there first (ouch!) and I agree (the horror!).
The Computerworld article describes a 250-employee consulting company that's giving employee PC ownership a try.
It isn't going to be a free-for-all. The company is establishing standards for all PCs that connect to the corporate network, especially for security. It will scan devices for compliance before they connect. It's moving its enterprise applications to web-based access to keep enterprise data in the data center.
Sounds well-thought-out and workable to me.
Following last week's column on this subject (Getting to 21st century IT Keep the Joint Running 3/3/2008) I added two posts on Advice Line, the question-and-answer blog I do for InfoWorld (Can virtualization resolve the IT/end-user disconnect? 2/29/2008 and Getting to 21st century IT - User-owned PCs? 3/4/2008), asking for comments. The response was enthusiastic, perceptive, argumentative at times, and in all respects worthwhile.
I was struck by something: The positions taken were generally rooted in a hidden assumption about the nature of the workplace and employee. Those advocating employee ownership, for example, tended to be travelers or knowledge workers who are expected to creatively solve problems for their employers. Many of those who rejected the idea (and the idea of significantly loosened controls) support production workers with well-defined responsibilities that are entirely supported by the company's enterprise applications.
The more I think about the subject the more I'm convinced the right answer isn't yes or no. It's "it depends." This is, in retrospect, obvious. It's also woefully incomplete, because the moment you say the words, you have to then explain what "it" depends on.
We'll start the ball rolling this week with three factors: size, role, and regulation.
Size: Small companies tend to succeed through individual initiative, employing generalists who understand a broad swath of what the company does. Most "business process" happens inside one employee's head.
As companies grow they gain economies of scale. To get them, they have to standardize what was idiosyncratic, whether the subject is business process, HR policy or PC configurations. Employee roles specialize, and what used to happen in one person's head now happens through defined workflows.
It's a sad trade-off: With success comes increasing bureaucracy, because the alternative is having costs increase as fast as revenue, or even faster.
Role: Some jobs are defined by their lack of clear definition. While the desired outcome might be clear, the means for achieving it is not. The list might include sales, marketing, consulting, IT developer (yes, IT developer) and varying kinds of analyst.
If you can't predict what someone will have to do to get the job done it seems futile to lock down a specific toolkit and say, "that's all you need."
Other jobs are rigidly defined and narrowly focused. Call center agents come to mind. While they might, and often are called on to be flexible in how they converse with callers, when the time comes to pull data out of the company's systems and put new data in, you want every agent to use the exact same tools in the exact same way.
Regulation: Some businesses are more highly regulated than others. This is neither bad nor good (I remember the pre-environmental-regulation United States and like what we have now much better). It's a fact.
Another fact: Regulators care about compliance and only compliance. If compliance means a reduced ability to innovate, too bad. HIPAA regulators care about protecting patient data. The impact on creativity elsewhere in the company isn't their concern.
The Big Finish: The smaller the company, the broader and fuzzier the role, and the less regulated the industry, the more likely it is you can open things up.
The really tough challenge is figuring out what you can do, if you're big and highly regulated, to provide as much empowerment as possible. After all, the people who run big companies rarely want to preside over bureaucracies.
They just need an alternative.
-----------------
Copyright and other stuff -- The great KJR link point
Thursday, March 6, 2008
Tuesday, March 4, 2008
Getting to 21st century IT
3/3/2008
When is a computer not a computer?
Answer: When it's a portal to an entire universe, as I pointed out last week with perhaps-excessive lyricism. Lyrical or not, quite a few correspondents agreed with the column's core arguments:
Many, misreading last week's column as advocacy of a free-for-all in business computing, were horrified.
My point was something different: This, like it or not, is the situation. IT needs to figure out how to adapt, instead of establishing policies and procedures predicated on a world that no longer exists.
Look, for example, at an increasingly common class of employee -- the traveler. Few among us still entertain the notion that this is a cushy, glamorous existence. Travel delays, increasingly cramped airline seating, the need to schlep one's office and wardrobe along, and the rigors of threat levels eternally Orange combine to make business travel an annoying lifestyle at best.
Add to this the typical corporate no-personal-use computing policy. In practical terms it means no ability to answer personal e-mail for days at a time; no right to use the Internet for non-business purposes, even after business hours; no right to download music and add it to an MP3 player to help pass the time during the next cross-country flight.
In many companies, it appears corporate IT expects travelers to bring two laptops along -- one personal, the other corporate. Very nice.
Here's one more, related point: Many IT end-user support organizations are trapped in the "Whiteout-on-a-screen" mentality while many of the alleged Whiteout users routinely participate in (for example) on-line gaming environments with sophisticated interfaces they nonchalantly figure out on their own, without thinking much of it.
This is the challenge. The question is what to do about it.
Correspondent Richard Resnick provided the most extreme suggestion: No corporate-owned PCs at all. Let employees buy their own -- whatever they think they need to do their jobs. It's Nicholas Carr's vision in reverse: Only central IT remains. Employees take over ownership of the periphery, including responsibility for their own PC support.
It's an intriguing alternative, and one not easily envisioned. Certainly, the nature of the protections IT would institute would be very different given the change in boundary. I leave the specifics as an exercise for the reader.
Another correspondent, Will Pearce, provided a less radical alternative: Virtualize. Give end-users two virtual machines.
IT has valid concerns about having to support systems on which end-users have installed unapproved software, so one virtual machine would be buttoned-down, corporate, protected, fully supported, and strongly connected.
End-users and business managers, on the other hand, frequently discover useful software tools that are not on IT's list of supported applications. Enter the Sandbox -- a place end-users can install and use business-focused applications IT doesn't and doesn't need to support. If they work without creating conflicts with other applications, more power to everyone, and IT might even add them to the supported list.
If they don't ... it's the Sandbox. All the user has to do is switch over to the corporate virtual machine to continue working. All IT has to do is to restore the standard Sandbox virtual machine.
I'd add a third virtual machine as well. It would be open, personal, still reasonably protected ... but unsupported beyond restoring the virtual machine, and kept outside the corporate firewall. Travelers and other employees in the growing population of those who donate personal time to their employers would be able to use their personal virtual machine to take care of personal business without impinging on corporate IT.
Even if you ignore the issues discussed this week and last, virtualization would appear to provide an easier-to-administer alternative to maintaining standard images for restoring hashed-up systems. It certainly seems like a workable technological core for handling the challenges discussed last week and here.
End-user ownership of the periphery is a fascinating long-shot. Virtualization is a promising but unproven possibility. Entirely different alternatives might prove superior for supporting the 21st century workforce.
Underneath the specific solutions is the contrast between two corporate attitudes. One considers employees a necessary evil -- unavoidable, but suspect; untrustworthy entities from which the corporation must be protected. The other recognizes employees as the source of all success.
IT's response to the 21st century workforce depends on which sort of employee companies think they have.
So, as it happens, does every company's long-term financial success.
When is a computer not a computer?
Answer: When it's a portal to an entire universe, as I pointed out last week with perhaps-excessive lyricism. Lyrical or not, quite a few correspondents agreed with the column's core arguments:
- When using their home computers, end-users experience a vast array of possibilities, but at the office they operate in a very constrained space; and
- Increasingly, "work/life balance" is giving way to "live your life wherever you are."
Many, misreading last week's column as advocacy of a free-for-all in business computing, were horrified.
My point was something different: This, like it or not, is the situation. IT needs to figure out how to adapt, instead of establishing policies and procedures predicated on a world that no longer exists.
Look, for example, at an increasingly common class of employee -- the traveler. Few among us still entertain the notion that this is a cushy, glamorous existence. Travel delays, increasingly cramped airline seating, the need to schlep one's office and wardrobe along, and the rigors of threat levels eternally Orange combine to make business travel an annoying lifestyle at best.
Add to this the typical corporate no-personal-use computing policy. In practical terms it means no ability to answer personal e-mail for days at a time; no right to use the Internet for non-business purposes, even after business hours; no right to download music and add it to an MP3 player to help pass the time during the next cross-country flight.
In many companies, it appears corporate IT expects travelers to bring two laptops along -- one personal, the other corporate. Very nice.
Here's one more, related point: Many IT end-user support organizations are trapped in the "Whiteout-on-a-screen" mentality while many of the alleged Whiteout users routinely participate in (for example) on-line gaming environments with sophisticated interfaces they nonchalantly figure out on their own, without thinking much of it.
This is the challenge. The question is what to do about it.
Correspondent Richard Resnick provided the most extreme suggestion: No corporate-owned PCs at all. Let employees buy their own -- whatever they think they need to do their jobs. It's Nicholas Carr's vision in reverse: Only central IT remains. Employees take over ownership of the periphery, including responsibility for their own PC support.
It's an intriguing alternative, and one not easily envisioned. Certainly, the nature of the protections IT would institute would be very different given the change in boundary. I leave the specifics as an exercise for the reader.
Another correspondent, Will Pearce, provided a less radical alternative: Virtualize. Give end-users two virtual machines.
IT has valid concerns about having to support systems on which end-users have installed unapproved software, so one virtual machine would be buttoned-down, corporate, protected, fully supported, and strongly connected.
End-users and business managers, on the other hand, frequently discover useful software tools that are not on IT's list of supported applications. Enter the Sandbox -- a place end-users can install and use business-focused applications IT doesn't and doesn't need to support. If they work without creating conflicts with other applications, more power to everyone, and IT might even add them to the supported list.
If they don't ... it's the Sandbox. All the user has to do is switch over to the corporate virtual machine to continue working. All IT has to do is to restore the standard Sandbox virtual machine.
I'd add a third virtual machine as well. It would be open, personal, still reasonably protected ... but unsupported beyond restoring the virtual machine, and kept outside the corporate firewall. Travelers and other employees in the growing population of those who donate personal time to their employers would be able to use their personal virtual machine to take care of personal business without impinging on corporate IT.
Even if you ignore the issues discussed this week and last, virtualization would appear to provide an easier-to-administer alternative to maintaining standard images for restoring hashed-up systems. It certainly seems like a workable technological core for handling the challenges discussed last week and here.
End-user ownership of the periphery is a fascinating long-shot. Virtualization is a promising but unproven possibility. Entirely different alternatives might prove superior for supporting the 21st century workforce.
Underneath the specific solutions is the contrast between two corporate attitudes. One considers employees a necessary evil -- unavoidable, but suspect; untrustworthy entities from which the corporation must be protected. The other recognizes employees as the source of all success.
IT's response to the 21st century workforce depends on which sort of employee companies think they have.
So, as it happens, does every company's long-term financial success.
-----------------
Copyright and other stuff -- The great KJR link point
Subscribe to:
Posts (Atom)