Learn how TBM gives technology leaders and their business partners the facts they need to collaborate on business-aligned IT investment decisions.

Excerpted from Technology Business Management: The Four Value Conversations CIOs Must Have With Their Businesses, published by the Technology Business Management Council.

Technology Business Management (TBM) is a value-management framework instituted by CIOs, CTOs and other technology leaders. Founded on transparency of costs, consumption, and performance, TBM gives technology leaders and their business partners the facts they need to collaborate on business-aligned decisions. Those decisions span supply and demand to enable the financial and performance tradeoffs that are necessary to optimize run-the-business spending and accelerate business change. The framework is backed by a community of CIOs, CTOs and other business leaders on the Technology Business Management Council.

While TBM applies common business management practices to IT — ones that have defined the modern, data-driven enterprise — it also represents nothing less than a business revolution in IT. As Brian Adams, CIO of WorleyParsons put it, “TBM represents the first real change to the way IT is managed that’s occurred during my 25-year career. Everything else has been evolutionary; TBM is revolutionary.” Adam’s viewpoint and his passion for TBM, have been shaped by his somewhat unique perspective. His career actually spans roles far beyond IT, including CFO, strategy and development, marketing, product quality, and customer satisfaction.

IT is not the first domain to undergo a similar revolution. In the 1970s and the 1980s, manufacturers implemented a data-driven approach to optimize their supply chains from procurement through production. For the first time, they used technology to connect supply to demand, in turn reducing inventories, cutting production times, and improving margins. Manufacturing resource planning (MRP), as this method was known, led to new manufacturing techniques, such as just-in-time (JIT) inventories and total quality management (TQM). MRP was a game changer, and it gave birth to today’s enterprise resource planning (ERP) software.

Figure 1: Applying MRP and ERP, manufacturers used technology and data to manage their supply chains

More recently, marketing departments have made similar changes. Just a decade ago, they were led by brand-savvy, creative leaders who made only gut-check decisions based on a knowledge of their products, buyers, and competitors. Marketing was a battle of wits, not data. Now, many chief marketing officers (CMOs) apply data to every aspect of their discipline. Using marketing automation tools and analytics, CMOs are working hard to connect every part of the marketing supply chain from website inquiries to qualified leads to active opportunities to closed deals. Many CMOs understand the conversion rates and costs at each stage of this supply chain, which they call the revenue engine. They continuously optimize that engine using data. Marketing is today quickly becoming as much science as it is art.

Figure 2: With marketing automation and CRM, CMOs use data to manage and tune their revenue engines to improve corporate returns

It works the other way around too. By measuring conversion rates, CMOs now understand the total cost of generating a single deal, what they call their customer acquisition cost. They use these facts to create a practical plan and a defensible budget. If the business needs 20% more transactions (deals) next year, it will need to fund a sufficient number of inquiries and leads at a known (historical) cost. The CMO’s budget request is now based on a formula based on facts and figures, not educated guesses and/or long-held assumptions.

Managing the Supply and Demand of IT

Now it’s your turn. IT must use facts to answer important questions about its own supply chain: How are your resources (money, people, and time) spent to deliver towers of infrastructure and other technologies? How are those resources used to deliver projects? How are your towers cobbled together into applications and services? How are those apps and services consumed by your business partners to generate revenue and manage costs? If you can make these connections, you can make decisions that improve efficiency, grow return on capital, and add business value. Further, you can change the conversations you have with your business partners.

Figure 3: With TBM, CIOs manage the supply and demand of IT

As with the marketing supply chain, you can look at yours in reverse. You can see precisely how business demand drives the cost of your apps and services, and in turn, you can identify the consumption of infrastructure towers and resources. This is powerful information. Not only does it help you create a financial plan based on how resources are actually allocated and consumed, it connects everything your people do to business outcomes.

Early TBM Successes

It is no coincidence that the development of TBM was influenced by someone who understands firsthand the challenges of managing supply and demand. Rebecca Jacoby, SVP of Operations at Cisco, started her career in manufacturing and supply chain roles, and at one point she was responsible for the global consolidation of Cisco’s supply chain. After becoming CIO in 2006, she advocated a management approach that addressed both the supply of and the demand for IT. For Jacoby, this went beyond the supply-chain management for only IT. Instead, it would fundamentally change the conversations that she and her team were having with their business partners.

“At Cisco, we recognized that in order to drive business value and innovation, we had to become a competitive provider of IT services. This meant, among other things, that we had to change the very conversations we were having internally and with our business partners. Our conversations and our vocabulary needed to move beyond technologies, SLAs and projects, to discussions about the tradeoffs needed to balance cost, quality, and value. Only in doing so could we free up resources for business growth and strategic execution. These tradeoffs are at the core of Technology Business Management.”
— Rebecca Jacoby

Jacoby went so far as to define those value conversations by setting standards for them. They included strategy alignments, IT portfolio planning, architectural reviews, and quarterly value discussions with stakeholders. They centered on value considerations — scope, source, architecture, quality of service, time to capability, risk — all balanced by a new dimension — cost. The result allowed her to align business and IT plans more closely, shape the portfolio of applications and services to meet the business’s needs better, tweak their technology stack to increase performance (even while reducing costs), and shape demand by putting a price tag on consumption. Now, as Chief Operating Officer, Jacoby is putting these practices to work beyond IT.

Still, it’s not just former CFOs and supply chain leaders who are shaping TBM. Many CIOs who have spent a majority of their careers in IT also are putting their mark on TBM. Larry Godec has spent the majority of his career working in various IT roles — much of it as the CIO of First American, a leading provider of title insurance, settlement services, and risk solutions for real estate transactions.

In 2012, with the housing market starting to recover, Godec needed to shift his IT department to respond to the demands of a growing business. Godec recalls in great detail precisely when his TBM journey began — a budget meeting with his CEO Dennis Gilmore. “Dennis said, ‘We’re going to focus on growth.’ He told me I needed to know where we should be investing in customer-facing technology, because that’s what the business will need to compete.”

However, with a majority of his budget dedicated to supporting the existing IT estate, Godec needed to figure out how to shift resources quickly without putting the business at risk. He needed to see his resources in business terms, so he could collaborate with his CEO, CFO, and his line of business leaders on where to make the changes.

In a stroke of good timing, Godec heard what he needed to hear at a presentation by Tony Scott, then the CIO of Microsoft. “I was at Microsoft for a briefing by Tony when he showed this dashboard I had never seen. For the first time, I saw someone who put IT costs, resources, and investments into terms I could easily explain — by the applications and technologies that the business was using.”

Godec now saw the way to put everything he did into business terms. Godec’s first pass at TBM helped him create a simple portfolio view of the IT-business landscape, so he could have informed discussions about which apps and services were being consumed and by whom; how much he was spending on each of his major applications; and how much he needed to spend to support each line of business.

These facts led to several revelations about their portfolio. Many of the insights helped lead to cost reduction, while others led to the opposite conclusion. For example, by seeing for the first time the percentages of total spending on their app portfolio, they could justify increased investment in customer-facing technologies.

Other insights came in rapid succession, such as identifying end-of-life applications that were still consuming infrastructure and resources. In the end, these insights added up to significant budget savings and reallocations to more valuable purposes. Godec knew there were more, so he put his team on the hunt for new discoveries. His goal? Significantly reduce annual operating costs without reducing the quality of service and support. His team of only two people, mostly in their spare time, exceeded this goal in just a few months.

This is an important lesson. TBM isn’t necessary because IT is too expensive. Instead, it’s needed because your resources are in short supply. IT budgets of course never satisfy everything your business wants; but the real problem is that skilled people are hard to find and your business competitive clock is ticking faster and faster. You can’t afford to waste people or time. IT may represent less than a tenth of your business cost structure, but it is inextricably linked to your ability to compete, serve your customers, and reduce those business costs. Your IT capital must thus be invested wisely to create the most value.

Value is what TBM — this business revolution in IT — is all about.

SOURCE

Sharing files has become a staple in contemporary business IT needs. More often than not, these files are proprietary and confidential business information, and therefore security becomes a major consideration.

There are several ways of sharing files securely. In this post, we will outline three methods of secure file sharing, as well as the pros and cons of each method.

OPTION 1 – E-Mail

METHOD

To share files over email, you can simply send files as an email attachment.

PROS

• Easy to send.
• Easy to track when it was sent and to whom.

CONS

• Most email services limit attachment size to 25-30 MB, however some private email services (e.g. Microsoft Exchange) can be configured for up to 150 MB.
• Delivery is not guaranteed.
• The sent file is stored on both ends, increasing space requirements.
• Files are scattered through different emails and may be difficult to locate.

OPTION 2 – FTP

METHOD

FTP stands for File Transfer Protocol. It allows for continuous file exchange with clients or customers. Files are stored on online FTP servers and accessible to anyone that has access to the server. Anonymous access may be allowed as well.

PROS

• Unlimited file size.
• Easy to create a folder structure on the FTP server when there are many files.
• Convenient for continuous file exchange with clients or customers.

CONS

• The user needs to wait until the file is uploaded to / downloaded from the FTP server (time depends on the file size).
• For secure file exchange, sender and received must have an account on the FTP server.
• An anonymous account allows anyone to access a public folder on an FTP server. IMPORTANT: Never allow access to confidential files by anonymous accounts.

OPTION 3 – Cloud File Sharing

METHOD

Cloud file sharing platforms like Dropbox, Microsoft OneDrive, Google Drive, allow to share files with authorised individuals.

PROS

• Almost unlimited file size. Typical limits for free accounts are in the 5-20 GB range, paid subscriptions allow for storage in the Terabyte range and beyond.
• Multiple files can be arranged into a folder structure for organisation purposes.
• Permissions can be assigned to control who can see and change documents.
• Easy to find files using search options and general structure navigation.
• Files are synchronised in real time. For example, a OneDrive or Dropbox client on your computed begins to sync files with the cloud immediately after you save it to a certain folder on your computer.

CONS

• User needs to wait until a file is uploaded to / downloaded from the cloud server (time depends on file size).
• Security can be an issue, since the files are not directly in your hands. Security breaches of cloud platforms may cause cyber liability issues.

SOME IMPORTANT DOs AND DON’Ts:

DON’Ts 

• DO NOT to share a company’s confidential files with other people, unless you and the receiving party are authorised.
• DO NOT use cloud file sharing services, unless authorised.
• DO NOT send large files (over 10MB) by email.
• DO NOT save important business documents on your desktop computer, save them on the network drives instead.
• DO NOT save confidential files on unprotected/un-encrypted USB flash drives (this is easiest way information can be leaked outside the organisation to unauthorised individuals).

DOS

• DO use email for small file exchange only.
• DO use FTP server for continuous exchange of files with clients or suppliers.
• DO use Cloud file sharing for collaborative work on documents.
• DO consult your IT team on the best way to share files.

What happens to an employee’s mailbox if they no longer work for your organization? Which steps should you take if you want to preserve their emails and forward any incoming correspondence to their addresses? In this short tutorial, we will discuss the necessary steps that you need to go through in Microsoft Office 365 for such scenario.

Summary:

1. Block user access to Office 365.
2. Block user access to Exchange Online.
3. Put user’s mailbox on ‘in-place hold’. (optional, works only with Plan 2 licenses)
4. Preserve data from mailbox by downloading it as PST file from eDiscovery. (Always do that before deactivating a user)
5. Forward the user’s email to another address. (optional, only if necessary)
6. Remove license from user.

Blocking Access to Office 365:

1. Log in to Office 365 Admin Center.
2. Go to Users => Active users.
3. Select the user that you want to block, and then click Edit besides Sign-in status.
4. Choose Sign-in blocked, and then save.

Blocking Access to Exchange Online:

1. In Office 365 Admin Center, look at the lower left corner.
2. Under Admin Centers, click
3. Go to Recipients => Mailboxes.
4. Click disable under Email Connectivity, then click yes

Mailbox Preservation:

1. Go to Exchange admin center.
2. Go to compliance management.
3. Click + to create a new hold.
4. Give it a name, for example: ‘PST Export’.
5. Choose which users to back up; you can select more than one. You can also select everyone if you want to.
6. You can filter what you want to backup per your specific criteria, or you can back up the whole mailbox.
7. Press the download arrow icon to run the app that will download the PST file(s).
8. If you are trying to run the app from Chrome, you will have to install this extension first.

Forward Emails to another Address:

1. Login to Office 365 Admin Center.
2. Go to Users => Active Users.
3. Go to the user that you want to DEACTIVATE.
4. DELETE their email Alias.
5. Go to the user you want them to receive emails meant for the user who is going to be deactivated.
6. Enter the OLD user’s alias
7. Example: John no longer works here, his email account needs to be deactivated, but emails meant to him should go to Jane.
   1. Delete John’s alias.
   2. Add same old alias that John used to Jane’s aliases.

Removing License(s)

1. Login to Office 365 Admin Center.
2. Go to Users => Active Users.
3. Select the user you want to deactivate their license(s)
4. Click Edit beside Product licenses.
5. Put the slide(s) of any license(s) you want to deactivate on OFF.
6. Click on Assign to save changes.
7. After finishing the clean-up, make sure to go to Billing => Licenses to remove any excess licenses.

IT governance and Information Technology policies is not generally a hot topic for SMEs. However, planning business growth and development is impossible without a solid technology platform. Therefore, putting in the proper IT policies and practices to ensure that your infrastructure (be it done internally or outsourced) aligns with your business mission is essential.

In large enterprises and organisations, matters of IT policy are within the competence of the Chief Information Officer (CIO). Such organisations will have quite large and verbose IT policies, often revised by a lawyer for legal purposes. But an IT policy does not need to be a large volume of legalese to be meaningful and valuable for corporate governance.

Defining Scope and Responsibility

The scope of any IT policy should clearly be defined – what it enforces, who it applies to, who is the Policy Owner, etc. An important aspect to consider are internal and external governing documents (provincial or federal legislation) that directly applies to IT practices in your industry. For example, institutions dealing with private health information fall under the Ontario Personal Health Information Protection Act (PHIPA).

There may also be certifications that influence IT policies and standards that must be considered. For example, ISO certification mandates certain IT practices to uphold certification.

Each policy should clearly indicate who is responsible for implementing/upholding it (executive, user, external consultant, etc.)

What are the essential IT policies relevant to SMEs?

 IT Infrastructure Documentation

IT Documentation is critical for business continuity and knowledge retention about IT systems. The IT infrastructure documentation policy should establish a minimal list of documents to be created and maintained. Some examples of IT documents that are critical for any organisation:

• IP address distribution table spreadsheet;
• System and Network diagram;
• Firewall access control list, or similar list of access rules;
• Active Directory user audit spreadsheet, including security group membership;
• etc.

Acceptable Use of Information Technology

The Acceptable Use policy determines what users can or cannot do with IT resources. It touches on things like who may use IT resources (authorisation), users’ responsibility, and limitation on personal use. 

Areas that are covered by Acceptable use would be:

• Telephones
• Computers
• Internet, including social media, and could platforms
• Email
• Printers
• etc.

Information Security

Arguably one of the highest concerns for some enterprises, as everyone tries to protect data leaks and security breaches due to high liability costs (as we discussed in our article on Cyber Liability). The policy should define and list the information (data) covered by it (Confidential company-owned data, private data, databases, hard copies, etc.) and cover areas like:

• Domain Access and Accounts;
• User and administrator passwords;
• Remote Domain and Computer Access, including access by Third Parties;
• Network security: firewall, Remote login and Administration, network segregation, wireless networks, etc. (in larger policies, there may be a separate policy on Network Security in addition to Information Security);
• Antivirus protection;
• External Storage Devices;
• Email and Content filtering;
• Portable computing and Mobile Devices;
• etc.

IT Services and Standards

This policy should define what services that IT department provides and what standards should be followed. For example, shared network storage and access to it, printing, data retention and backup standards, etc.

IT Systems Management and Maintenance

This policy should deal with things like hardware replacement and rotation (how frequently), managing firmware and software updates, monitoring, day-to-day operations, etc.

IT Incidents

This should talk about how IT incidents are handled at your company, i.e. who is responsible for reporting incidents and to whom, what are the resolution times (SLAs), what are standard procedures in handling incidents, etc.

IT incidents should be differentiated by severity. IT Disaster Events should be separately defined and a separate policy for Disaster Recovery should be written.

Information System

The Information System is a an aggregation of all IT resources (hardware and software) that support key business processes. With respect to the mission of any company with a (moderately) complex value chain, it is important to understand how the information system serves the business process, and how well the two should align. Information system policies should define the standards for developing and auditing key business processes and information systems.

Commit100 has experience in developing and consulting on IT policy for SMEs, as well as performing IT audits to determine de-facto (existing but undocumented) IT policies and practices.