Thought Leaders Larry Moran, Executive Vice President - Chief Information Officer, CommonHealthQ: What are some of the unique challenges to managing IT within an ad agency? A: " The unique thing about advertising agency technology is that sometimes it enables the work, while at other times it is the work. We need to balance delivery of core technology services to our traditional agencies with support for our digital agency that does Web development and digital video production. Along the way, we are also a service department within a service business. We need to ensure that our business users have the tools they need to make their clients happy and that CommonHealth has the tools it needs to stay profitable and efficient while they do it. If we do our job properly, we can influence how our agency delivers work today, and what form the work will take in the future. "  Craig Bickel, CIO, Lawson SoftwareQ: What is the biggest challenge to overseeing the IT issues for a global organization? A: " Perhaps the key IT challenge in a global organization is managing the tension between running the business while providing the foundation for new business models. As companies globalize functions and processes, moving to shared services environments and standardizing processes and service delivery globally, the IT function must provide common, integrated services to support the organization. While this transformation is happening, the IT organization also has to support legacy environments and operations, which can consume more than half of available resources. This often feels like changing the wings of a fully-loaded cargo plane in midflight. Success hinges on management commitment and involvement, flexible staffing and funding models, and a committed and motivated organization. Difficult? Yes. But it must be met if global companies are going to realize the benefits of scale and scope that their size should provide. "  Bob Green, CIO and CPA.CITP, insync Information Management, LLCQ: Is regulatory compliance still a major issue for CIOs? A: " It's absolutely a disaster right now. Companies are trying to deal with records management in order to get the information in the hands of people who need it most and also remain in compliance with things required by law. There are other regulatory pressures beyond Sarbanes-Oxley and HIPAA. Email security and archival destruction procedures as well as the Federal Rules of Civil Procedure, which calls for availability of information for a litigation matter, are also a factor. It's all-encompassing. The concept of information and records management gets more pervasive every day with the use of email and Blackberrys. That's really hard to do. Information management isn't just about the CIO job. It's a bigger issue than IT. It's what is important to Finance and to the executive branch as well and should involve both the CFO and the CEO. It is their fiduciary responsibility to protect their assets. "  Tim Toews, CIO, Office DepotQ: What challenges do CIOs at global organizations face this year? A: " CIOs at large, global companies like Office Depot will be facing a number of challenges over the next few years. But with those challenges come a number of opportunities for positive change and growth. The top challenges that I see CIOs having to conquer are alignment to business and speed to market with IT solutions; delivering IT solutions at an appropriate cost and that we consistently meet our expected ROI; understanding the importance of security and of course compliance; motivating associates and offering them opportunities to develop their skill sets and work with new and innovative software; globalization; complexity of systems; and stability, where IT needs to be dependable and deliver stable and available platforms. "  Greg Buoncontri, CIO, Pitney BowesQ: How do you manage IT priorities in a weak economy? A: " It's about alignment and governance and setting priorities. For the most part, IT organizations have been efficient with their spending, but deciding which investments should get precedence over others and how you govern and stay aligned with your business partners can be a challenge. There's always more demand for IT services than there is man power or financial capacity to fulfill it. That's the reality of the IT industry, whether you are in flush times or lean times. We try to balance the company's priorities. You are constantly juggling. All the constituencies can't be served. There's internal governance which consists of trying to get business cases built for IT investments. Your workforce isn't fungible. If your priority has been sales force automation systems for three years, and the next two years the priority is the supply chain, it's not easy to shift the resources into that other discipline. The skills may be different; the technology is different. It's hard to deal with these very steep, cyclical changes. You wind up training, hiring and looking to third party providers to assist you. There has to be a good governance mechanism, and you need to communicate to key stakeholders outside of IT so they understand the way decisions have been made and the way priorities have been set. If priorities are well understood by the company, they get it. If you don't have alignment in the organization around priorities, there are going to be groups who feel they are not being supported which leads to dysfunctional behavior and IT becomes a block. "  Martin Trzaskalik, CIO, cleverbridgeQ: How are you dealing with the current spam and security threats within your organization, such as botnets, phishing, spoofing, spyware and the like? A: " Cleverbridge employs two strategies to protect both its internal office environment and its service platform from attacks. First, we have securely configured our infrastructure, making sure that all of our systems are hardened, all the latest available patches and up-to-date anti-malware tools have been run or installed, and we only grant access rights that are absolutely necessary. Equally important, or perhaps more so, is our second strategy: user education. Phishing attacks initially were successful because they hit an unprepared and uneducated audience. This is essentially true for every emerging threat. Ensuring that the technical staff, as well as all company employees, is familiar with new threats is a key to successfully thwarting attacks. It's about being proactive versus reactive. "  Ken Fell, CIO and Vice President of Information Technology, New York Independent System OperatorQ: Is NERC making energy IT better? A: " No. The only thing NERC is doing is putting security standards on us. We have lots of agencies that give us security standards and none of them are quite the same. That costs me something. It becomes a resource issue. We don't have any issue with the standards. We're trying to figure out how to provide the documentation required. How do I stay compliant with all of them and still maintain a budget and level of resources to be able to do it?
Matt Ebaugh, VP- CIO, Silvercross HospitalQ: There is often a big challenge in adoption of electronic medical records (EMR) technology among physicians. What is at the heart of this issue? A: " There are three reasons why physicians are reluctant. There's the price versus benefit issue. Physicians want to know what the value equation is. The second is about changing the process of how they have been practicing medicine. Physicians who've gone through their residency with EMR are more likely to accommodate the adoption of EMR. The third reason is a little more controversial, and it's the unspoken one. It is the fear of privacy concerns and data sharing. There is unfortunately a great ignorance on all our parts on what the Health Insurance Portability and Accountability Act (HIPAA) is and is not. Banking solved the problem by putting in the Federal Deposit Insurance Company (FDIC). The federal government needs to drive that fear out of the medical community. The fear is real. Having gone through governance structure with physicians, I can tell you it's real. The great irony is that the old processes are much more non-private and insecure today. "  Mark Zielazinski, CIO, El Camino Hospital in Mountain View, Calif.Q: Is the electronic health records (EHR) approach the Holy Grail in healthcare IT? A: " I think it is. It's what everybody has been talking about, and I've been in health care since 1980. Here at El Camino Hospital, we've had physician order entry and results reporting since 1971, and all our pharmacy orders are done electronically, with no transcription. Although we've done some interesting things, I'd say we're still fairly far away from electronic records. I think the technical problems are easily resolved, but it's impossible to achieve because of security requirements. A national identifier for patients is a sociopolitical issue. "  Steve Lapekas, CIO, Pegasus Solutions Inc.Q: Which skill set is hard to find in an IT employee? A: " In my role at Pegasus Solutions, I've found the most important yet hardest skill to find in an IT employee is advanced problem-solving skills. In our industry, we offer and work with technology to simplify tasks and business processes for hotels, travel distributors and travel agencies, which are brought together through an underlying complexity. An employee should one, understand the end-to-end process; two, isolate problems; and three, resolve issues in a dynamic environment. Our company is the global leader in providing reservations, distribution and commission processing technology. With a global presence, eager competitors, and so many products and services, it's key we find the right talent to not only "get it," but also continue to make it the best. "  William Gruszka, CIO, Southern Polytechnic State UniversityQ: Are there unique challenges for you in overseeing IT at a university that specializes in science and technology? A: " There certainly are unique challenges. The primary challenge is managing user expectations, and it manifests itself in two different ways. The first is that at SPSU we use technology to teach technology. That creates an environment where the technology has to work. At more traditional universities, if the technology does not work, the professor can fall back to another method of teaching. At SPSU we have "hands on" technology in many of our classes and labs. If the technology does not work, the class cannot go on. The other challenge of user expectations is that as a science and technology university, we are expected to have the latest and greatest of technology at all times. Further, we have a high concentration of faculty who are very technologically savvy, which tends to magnify the situation. With the economic challenges facing all of us in higher education, meeting these lofty expectations is a continual struggle. We are forced to take a creative approach to investing in technology, while providing all of the services that our faculty and students need and hopefully most of the services they want. "  Jeff Huegel, Chief Security Officer, USiQ: How do new regulations and laws concerning electronic document retention impact your organization? A: " Organizations, ours included, are faced with conflicting requirements in the area of document retention. In the balance are laws and regulations that increase requirements for document retention vis-à-vis costs of storage, costs of security, and increased administration. In addition, companies need to be concerned about aspects of liability and discovery of long-term record retention. To strike the proper balance, we review and accommodate legislated requirements and develop or modify our company policies to meet the regulations in the most cost-effective manner. Then, the important element is consistency of policy enforcement. To manage liability and discovery risks, policies must be effectively and consistently implemented. Compliance with published policies is key to all aspects of effectively managing document retention requirements. "  Bernard F. "Bud" Mathaisel, Senior VP and CIO, Achievo CorporationQ: What is the biggest challenge for you as a CIO in integrating analytics within your organization? A: " Data sourcing is my primary concern. Even the most capable analytics engines will produce meaningless analytics if the source data are wrong. Achievo has three major sources of operations information: our enterprise resource package, which contains the transactions and financial audit trail for the outsourcing work we do; our customer relationship management system; and our project management system, which contains workflow and details about how we execute to client engagements, most importantly those that involve onshore and offshore coordination.  W. Hord Tipton, CIO, U.S. Department of the InteriorQ: What are some of the biggest IT challenges you face? A: " Keeping up with changing technology can be difficult, as well as communicating the need to adapt to our department's culture. A lot of it is really about getting the other employees to understand how important information technology is to their day-to-day operations. Public sector workers are much more resistant to change than their counterparts in the private sector.
 Bill Miller, CTO, XAwareQ: Will a recession be good for open source? A: " First, let's make an important distinction between usage and revenue. Growth in open source usage may be somewhat "recession proof" as IT organizations look for ways to get things done without spending scarce budget. But growth in open source company revenues is certainly not. No spending means no spending, including no spending on open source-related services. It probably will be a good time for commercial open source companies to get aggressive and pick up market share on a usage basis, planting seeds that will produce revenue growth later. The inherently lower cost structures of open source business models will help these companies weather the storm versus license model competitors, allowing them to focus on growing adoption instead of cutting heads and reducing expenses. "  Clark Kelso, CIO, State of CaliforniaQ: What can the public sector teach the private sector about IT? A: " IT in the public sector has learned a lot from the private sector. But the private sector can also learn from the public sector, where we do IT in a fishbowl. For example, I think that public sector IT has a better grip on its fiduciary responsibility as a custodian of private information. We tend to be more sensitive about observing fair information practices. This certainly can increase the costs associated with data collection and sharing, but public trust is promoted by following these practices. The private sector can be oblivious to these concerns, and that risks a regulatory response. Sometimes, you can do well by doing good. "  Rob Israel, CIO, John C. Lincoln Health NetworkQ: What is your overall strategy for data protection and IT policy enforcement? A: " We use a combination of technology and end users' needs to balance out a program that allows them to continue to do their job while protecting electronic assets. Policies and procedures aren't enough. We have to balance it out so that people can still do their jobs.
 Stuart Sugarman, Senior Vice President and the CIO for NYU Medical CenterQ: Which will play a bigger role in your IT strategy this year, HIPAA or A: " For healthcare, HIPAA has arrived, while Sarbanes-Oxley is threatening to arrive. As such, the three HIPAA regulations of privacy, electronic data interchange and security currently impact all facets of our IT strategy.
 Roger Batsel, CIO-VP and managing director of Information Systems, Republic Bank & Trust Co.Q: What was the biggest challenge in implementing an integrated voice response (IVR) and call center management solution for your organization? A: " The biggest challenge for an organization like ours is that we tend to grow organically. So, you grow around the technology and the tools you have. You begin to realize that with call center technology, you don't need to have everyone in one area. They can be distributed. They can also contract and expand depending on our needs at any given time.
 Dawn Powers, Vice President, Information Security, Prudential FinancialQ: What are some of the biggest issues you deal with in information security administration, and what are some techniques that have proven especially helpful in securing the company's network? A: " Prudential Financial has processes in place to continually enhance its security administration. One of the biggest challenges we face is streamlining the administration process. In many cases, a single administration request can generate 50 to 80 transactions within our application suite. We are working to implement Functional Role Basing which provides individuals with the systems access to perform their specific work assignments. These roles enhance the implementation of automated provisioning tools that provide consistency, create efficiencies, improve quality, and enables proactive monitoring, which in turn reduces risk. "  Gary Masada, CIO, ChevronTexacoQ: What is the single biggest challenge energy companies face from an IT standpoint? A: " For a large, global organization like ChevronTexaco, IT is not simply a service function; it is a fundamental business enabler. You have to look at integrating technology into every aspect of your business, and that poses significant challenges, particularly in the energy sector. We have to manage the flow of information throughout the company, including managing huge volumes of data coming from remote locations in extreme parts of the globe, typically from highly specialized applications. We also have to stretch beyond the traditional role of IT services to become a partner in our R&D efforts, to create innovative new applications of technology to improve exploration. IT must also manage information flow in a very complex supply chain environment. Last, but certainly not least, we have to ensure we handle data in a way that satisfies complex regulatory requirements. "  Susan Brennan, CIO, Sierra Pacific PowerQ: What is the key to protecting your system? A: " Good planning is essential. We also make sure our protocols are in place and tested, both internally and externally. "  Jim Dillon, CIO, New York StateQ: Can the public and private sectors work together to achieve better IT? How? A: " With a clear understanding of each other's goals, the public and private sectors can work well together. New York State is the size of a Fortune 10 company but we don't always act like one. The public and private sectors have different goals - corporations to earn profits for shareholders and government to deliver constitutional or statutory services to citizens - but we can often achieve them with similar strategies. We can learn from large corporations who have consolidated and standardized business processes across multiple business units to achieve greater efficiencies and savings. We have taken steps in this regard but more still can be done. In addition, vendors need to be aware of our statewide strategies and goals for enterprise architecture. Vendors who are selling products and services contrary to our strategic plans are not helpful to us. But working "together" I believe we can achieve better IT. "  Paul Schieb, CIO, Children's Hospital BostonQ: What are some of the biggest information security issues you're dealing with today? A: " We are working to protect the desktops from viruses and spyware, but there's also a lot of focus on account management and identity management. Since we're a teaching hospital, we have many physicians coming and going, and we need to be able to manage their accounts as they come and go. We're doing a lot of identity and account provisioning, and automating the account provisioning process so that a manager can simply enter the request and the accounts are automatically created. We're also working on a single sign-on initiative, so that a physician can enter their credentials once and get access to everything they need. Because we have so many people sharing machines and the systems are so integral to patient care, there are a lot of issues in automating it and making sure it's secure. "  Brian Furumasu, CIO, Bonneville Power AdministrationQ: What are the coming IT threats that you're preparing for right now? A: " Security is always a threat we have to be vigilant about. I see across the industry the downward pressure to lower costs and deliver all of what a company needs. It's not as much of a threat, but a challenge for us. I am going through a consolidation across IT at Bonneville. We're looking at what we can do differently, do it at a lower cost, and meet the needs of the business and mission of the agency. The most frequently asked question of a CIO is, 'Why does this cost so much?' We're looking at a 25% [budget] decrease over the next two years while still providing and maintaining the same high level of service. I need to be able to provide the same or better services at lower cost. "  Lisa Schlosser, CIO, Department of Housing and Urban DevelopmentQ: Is IT playing a big enough role in supporting major government programs? A: " Government overall has done a really good job in the past four years at improving and focusing on the use of IT and supporting major programs. Citizens can go to benefits.gov and get access to most services the federal government offers -- and in many cases, the services the state and local governments offer online. We're also looking at ways to eliminate redundant systems, to save costs in the way technology is used, and to increase efficiency. "  Jeff Scime, VP-Operations, SEMDirectorQ: How does your organization use instant messaging (IM) products? A: " We are a distributed software organization, with six different offices in the U.S. and Latin America. Instant messaging is widely used within our organization, both for internal and limited external communication. We are heavy users of IM and like the productivity and nature of the communication it provides.
 Kamal Bherwani, CIO, New York City Department of Health and Mental HygieneQ: You are the CIO for three New York City government agencies. What is the biggest challenge for you and the IT team in terms of that breadth of IT responsibility? A: " The biggest challenge for me has been to create a model of sustainable IT staffing. While private markets are quite adept at adjusting budgets up and down dynamically, the pace at which this can be done in government is limited. The solution is to create a compelling IT work environment, using the latest technologies. This creates a career path where technology workers learn and grow quickly alongside technology service contractors during the build phase of a project. This allows hands-on learning and has allowed the maintenance of systems to be brought in-house. The turnover rate at all three agencies has turned out to be lower than industry standards. IT professionals who want to do good and have fun have been able to grow professionally, while turning a lower than private-sector salary into a self-investment. "  Stephen Michaele, VP-CIO, Direct Marketing AssociationQ: Are there IT challenges that are unique to a trade association? A: " We have many different constituencies we need to support across lines of businesses. We need systems in place that will do things like track complex information and allow our members to find that information. We are creating systems to help us track user interest and interactions that inform how we can help them, what information they need and how we can get that information to them. We have a database that we've built to track those interests. We use various technologies, including Web technology, database technology and CRM technology.
 Gayle Vernon Simkin, CIO, Catholic Healthcare WestQ: What is the most interesting project you're working on these days? A: " A project that is not just interesting but also fundamental to our core operations is the CareConnect project. The physician-led CareConnect project, also known as the Enterprise Clinical Information System (ECIS), has a goal to directly and dramatically enhance our ability to provide high quality patient care by providing clinicians with ready access to clinical data and effective decision support tools.
 David J. Farrer, VP-product development, Apangea Learning Inc.Q: What is the biggest challenge in making your IT organization more business responsive? A: " There are several equally important challenges. First, finding and developing qualified personnel are persistent concerns. We have streamlined our interviewing processes and created a mentoring program to address this issue.
 Joe Oesterling, CIO, CbeyondQ: How are you currently handling regulatory requirements? A: " We are moving into what I'll call Year Two or Year Three of living in the regulatory environment. It is now about orienting yourself and your team to the fact that this is a part of life.
 Ed Bell, CIO, ING DirectQ: As a financial services company, what is your biggest obstacle to better information security? A: " I'd address it from three perspectives knowing the demands for more and more data by clients -- both internal and external -- is furthering the challenge.
 Rich McNeil, CIO, Boston Software SystemsQ: As a company that provides hospitals with workflow automation software, what should hospitals consider when evaluating these technologies? A: " Whenever you introduce one piece of technology, the whole technology fabric of the organization is affected. You'll want to ensure the least amount of disruption to your existing systems and processes. Script development tools allow you to choose the tasks you want to automate without bringing in consultants or vendors.
 Tony Young, CIO, InformaticaQ: Is Sarbanes-Oxley making IT better or worse? A: " It depends on the IT shop you are in. If you are in a shop that has really strong processes and procedures, it shouldn't have been a significant change to how you do business. I think a lot of what Sarbanes-Oxley is doing is reinforcing good practices in your IT organization. Where some shops have found it to be extremely onerous is that they may not have been very strong in process and procedure to begin with.
 Dave Leonard, Chief Technology Officer, InfocrossingQ: How is your company instituting standardization practices across its national network for five data centers? A: " We've adopted a "best of breed" model which enables us to select the best tools for each data center process. After reviewing existing software licenses and processes across the five data centers, we picked the best products and integrated them into our proprietary "light" management framework throughout all the data centers.
 Raj Croager, CIO, FASTSIGNS International, Inc.Q: How does your organization support its different units that have desktop support issues? A: " With 500-plus franchisee units in the U.S. and around the world, we've discovered the key to efficiently handling desktop support is being able to see the issue in real-time and solve it, regardless of the franchisee's location. Expecting end-users to fix IT issues themselves is time consuming and frustrating for all involved. To overcome this, we use a remote support tool from NTRglobal called NTRsupport that allows our technicians to either share or take control of their desktop in order to fix their IT issues, thereby reducing the time and cost required to support our franchisees. "  Michael Spears, CIO and Chief Data Officer, National Council on Compensation Insurance, Inc.Q: What is your strategy of protecting the security of data? A: " Managing the nation's largest database of workers compensation insurance information is a commitment that NCCI takes very seriously. Information security is a top priority for us. Our strategy is multi-pronged. From an IT perspective, we stay up to date with the latest security technology such as firewalls, network security, vulnerability tests, penetration tests, application scans of Web-based code, laptop data encryption, password reset strategies and so on.
 David Barley, Chief Technology Officer, Casdex, Inc.Q: What is your biggest IT challenge? A: " As a digital archive firm that caters largely to small and mid-sized businesses, our main IT focus at Casdex is storage management. With multiple data centers located in various geographical locations, it's always a challenge to ensure that we keep up-to-speed with our timelines and space availability on our servers for our clients. Without doing so, we would lose our competitive edge. "  Larry Lotenero, CIO, University of California, San Francisco, Medical CenterQ: Which will play a bigger role in your IT strategy this year, HIPAA or Sarbanes-Oxley? A: " For us, it's HIPAA, but our security efforts extend well beyond that into the use of outpatient information and research. Throughout our organization, we make sure the capture and use of data is handled in a way that keeps the data secure, appropriate, and handled accordingly. Our work here is very much push and pull: In a research environment, we need to have information available to other scientists and medical centers, for research and collaboration purposes. But we also need to keep our system very secure. This presents quite a few challenges. "  David Wennergren, CIO, Department of the NavyQ: Can the public and private sectors work together to achieve better IT? A: " The strategic partnership between government and industry is absolutely crucial and the places where things work the best are where government and industry work together. The success of the Navy/Marine Corps intranet comes from a performance-based contract where we tell our private-sector partners the results we want to achieve and give incentive payments if they are able to exceed our expectations. The idea of performance-based contracting is powerful, and it brings together government and industry as strategic partners. We take advantage of all the great talents and intellects out there to help us get the mission of the Navy/Marine Corps done. "  Ken Orgeron, CIO, Gardere Wynne Sewell LLPQ: How does the possibility of natural disasters impact your organizational disaster recovery and business continuity plans? A: " The possibility of natural disasters is a key focus when designing a Business Continuity/Disaster Recovery Plan. Each part of the plan must be approached differently. The BC Plan focuses on long-term recovery, where the DR Plan will focus on the short-term impact immediately after the natural disaster.
 Nicole Spelhaug, Chief of Product Development, Mayo ClinicQ: What is the most interesting project you are working on? A: " We're evolving an integration strategy between claims, pharmacy, and lab data with the kind of information tools that we provide to help people manage their health. So as areas of need are identified through a health risk assessment, we can integrate that with health management resources that we provide and the claims data that another partner of ours might supply. We're offering interactive programs and tools to help Fortune 500 companies give their employees resources that help them reduce their healthcare costs through the interventions our site provides. "  James McDonnell, Vice President and Chief Information & Security Officer for USEC, Inc.Q: What are the IT challenges that power companies face this year? A: " First and foremost is the continued integration of business systems and operational systems as companies migrate from proprietary control systems to commercial off-the-shelf systems. You have to set up an entirely different controls regime, to make sure you're allowing people to do their jobs but segmenting information that is extremely critical. You also have to start segmenting the network and data processing systems internally with much more care. "  Scott Thompson, Executive Vice President of Technology Solutions for Inovant, a Visa Solutions CompanyQ: How is data storage essential to an always-on business environment? A: " Merchants and cardholders increasingly demand more information with each transaction. Understanding the sensitivity of this data, we have implemented a robust security infrastructure at both the physical and logical levels to prevent unauthorized access to this information. Our job is to make transaction data available to our members in a way that maintains the integrity of the payment system. The Member bank can access the cardholders' transactions by card number and determine in real-time what the transaction was and where it occurred. "  Tim Lemieux, CIO/ Vice President of Information Services, Ratner CompaniesQ: What is the biggest challenge for you as a CIO managing IT in the retail environment? A: " Providing effective systems in the highly distributed landscape of a retail environment creates the greatest challenge. Ratner Companies owns and operates nearly 1,000 hair salons on the East Coast, in the Midwest and in the United Kingdom. We are currently implementing a new system to manage the customer flow in all of our salons. Training all of our locations to use it consistently is a challenge [as well].
 Martin Davis, Executive Vice President and Corporate CIO, WachoviaQ: How will ongoing Sarbanes-Oxley requirements impact your organization going forward? A: " In addition to the quarterly attestations, Sarbanes-Oxley and Wachovia's CIO groups are more closely aligned with other risk management activities. This has prompted a thorough review of key IT controls throughout the company. "  Basil Maloney, CIO, PresenceIDQ: What is the most effective way to get users in your organization to comply with new regulatory standards? A: " The most effective way to make sure employees comply with new regulatory standards is through a combination of training and deployment of IT systems that help them comply. Training is critical to making sure employees know what regulations mean in relation to how they perform their jobs. Things like not emailing sensitive information to unauthorized people, not sharing passwords, and many other security and privacy procedures. Equally important is improving IT systems to ensure compliance by synchronizing security throughout the enterprise, not just the perimeter. Using rights-based provisioning of users and content combined with virtual desktops that only allow access to what they are authorized, and not entire directories they can explore, keeps employees, temps and consultants in line. "  Walter Milligan, Chief Information Officer, Michigan Technological UniversityQ: How is your organization using collaboration tools? A: " The use of collaboration is in its infancy here. Purchasing decisions are very distributed. The coordination issue with any new software initiative is something we're struggling with right now. For example, we have recruiters out in the field who are not in our home town making visits to high schools. They need to share documents with each other. Doing so with collaboration tools is much more efficient that sending around Microsoft Word documents.
 Don Kosak, CTO, LycosQ: You've led the integration of Lycos' acquired technologies for sites including Tripod, Angelfire, Matchmaker and Quote.com. What is the biggest IT challenge when it comes to integration? A: " The biggest challenge was selecting a common platform for Lycos's key systems. These systems weren't small "department" servers -- they were customer-facing applications with millions of daily users from all over the world. As much as Web 2.0 and software-as-a-service promise platform independence, there are critical IT functions such as customer registrations, billing and reporting, that can become unmanageable if not consolidated. The up-front costs can be hard to justify; however, the long-term savings in maintenance, increased business agility, and streamlined compliance more than pays for the effort in the long run. "  Greg Valdez, CIO, BMC SoftwareQ: What is the greatest barrier to IT compliance? A: " The biggest hindrance to IT compliance is a lack of focus on processes. All IT shops are working to achieve the effectiveness of the best shops which on average are five times more productive and run 25% cheaper. Obtaining this efficiency requires a strong focus on process management, especially in change and configuration management. If the right people, skills and processes are in place, compliance is essentially free. Compliance is but another set of metrics on processes. "  Mahesh Bhavana, CIO, Junosource Processing Inc.Q: How do you ensure the security of stored data? A: " When you work in an industry where compliance takes center stage, data security is of the utmost importance. As a technology-enabled loan packaging business, Junosource is constantly implementing innovative security measures to ensure our customers' sensitive information is protected. Our biggest challenge is to comply with the extremely strict requirements imposed by our business partners without sacrificing the cost effective solutions our clients have come to expect from us. In addition to utilizing role-based access and authentication, access to data servers is protected by VPN/Firewall, and our Web portal is secured by 256-bit Secure Socket Layer Certificates. With existing measures in constant review, we worry about security so our clients don't have to. "  Kelly Stephen, Chief Technology Officer, WebVisible, Inc.Q: As a company that specializes in leading-edge technology, what are some of the biggest internal technological challenges you face as its CIO? A: " We face a number of internal technological challenges in providing leading-edge technology to our customers. Number one is ensuring that all of our various platforms and products are integrated together seamlessly, especially from a customer's perspective, even if behind the scenes they may be completely separate products and platforms. Second would be remaining flexible in order to continue to improve our technology to incorporate the wide range of emerging technologies and ideas that we may not have known about before. And finally, we need to always balance our desire to be innovative and build products that drive our technology roadmap while continuing to meet the needs of our existing customers and new prospects. "  Rick Brouwer, Vice President of Information Services, Total Logistic ControlQ: Which skill set is most important and hardest to find among IT employees? A: " At Total Logistic Control, we are finding it increasingly difficult to recruit employees with that rare but necessary combination of business and operational skills, combined with technical skills. When looking to deploy best-of-breed supply chain applications, like warehouse management or transportation management systems, we seek candidates who understand the operational problems that are being solved by the application. Also, finding multi-disciplined technical managers such as project managers and development managers is becoming more of a challenge. To round out the recruiting spectrum, security and system administrators are routinely in demand. "  Joel Smith, Co-founder and CTO, AppRiverQ: What is the biggest challenge in balancing your network operations responsibilities with your R&D responsibilities within your organization? A: " Staying involved in the R&D process is a challenge in the midst of day-to-day operations, but we try to maintain a balance through effective communication both internally and with our customers. We are constantly gathering data through customer surveys as well as weekly meetings with our sales and customer service groups to ensure our R&D road map stays on target with what the customers need.
 Gregory Veltri, Chief Information Officer, Denver Health & Hospital AuthorityQ: In healthcare IT, what is the greatest obstacle to electronic health records implementation? A: " Our organization cares for more than 150,000 patients, providing two billion in uninsured care since 1992, yet we continually leverage technology to improve patient safety and quality of care while managing cost. For many organizations, the biggest challenge to implementing electronic health records (EHRs) is gaining the acceptance from the clinical staff. If clinician users do not clearly understand how technology can help improve safety or quality of care, this can lead to strong resistance and slow down the entire implementation process.
 Bob Mitchell, Senior Vice President, Operation & CIO, GTSI CorporationQ: How do you best promote the importance of IT to C-level executives? A: " A successful CIO doesn't overtly promote IT. If you do, you risk positioning yourself as an IT program or infrastructure manager, not a CIO, and are likely to fail. The successful CIO must be an executive business leader working cross functionally to facilitate real business process improvement through the rest of the leadership team, not around them. To succeed, you must (1) show a strong and credible multidiscipline business understanding, (2) establish influential relationships throughout multiple levels across the company, and (3) bring together all relevant departments to work together to maximize business process improvements, including, but not limited to, those facilitated by technology. If you do this, the team will go forward together and the value of IT and your leadership will be implicit. "  Yossi Jan, Chief IT Officer, Maccabi HealthCare ServicesQ: How has mobile technology changed your organization? A: " Maccabi Healthcare Services uses mobile technology intensively to improve the delivery of health services beyond the bounds of our own clinics. Maccabi doctors and nurses can access and update patient's Electronic Medical Records stored in our central database while performing on-site occupational health diagnosis, treating patients at their homes, or visiting them in the hospital. Those capabilities were found useful also during emergencies or even during the last war with Lebanon last summer. We are now working on adding the capability to view these medical records on PDAs as well. Israel is not big, but our portable capabilities make it even smaller. "  Christopher S. Andoh, COO-CIO, Global Integrated Development GroupQ: Given your company's focus on developing business in Sub-Saharan Africa, an emerging economy, what are the unique IT challenges you are encountering? A: " On occasion we experience communication challenges while traveling in various countries. Making adaptations from an IT standpoint is essential for international business success and requires patience and in many cases persistence.
 Abraham Elias, CIO, Circle L RoofingQ: What are the business benefits and risks related to developing new applications with open source code? A: " The advantage in using open source is that you have a whole network of resources developing software for you to use. The problem is that it needs to be compliant with your internal corporate policy. One of the biggest drawbacks of using open source is that you constantly have to manage the license. We hire good programmers, but we don't hire programmers who double as attorneys. We take that away from the developers and use the compliance software to manage that.
 Anthony Vaccarelli, CIO, Aptuit Inc.Q: What is the most effective way to get users in your organization to comply with new regulatory standards? A: " It's essential to have a consistent standard across all locations and all business units. We're in the UK and Scotland, the East Coast of the U.S. and Kansas City, Missouri. We've used the framework of an industry standard called Good Automated Manufacturing Practices. That's the standard for all computer systems validation and qualification. It's any computer software that supports a regulated activity. In using those standards, we're actually using standards put together by our customers. Those standards were established by the pharmaceutical industry.
 Dan Demeter, CIO, Korn/Ferry InternationalQ: How do regulatory requirements impact your IT strategy? A: " Regulations might be costly and add complexity, but compliance may provide -- by way of example -- improved security and reduced risk. What should matter most is not the positive or negative impact of regulations, but rather the process by which one deals with the constant changes in this area. CIOs should make regulatory requirements an integral part of the IT strategy. Dealing with regulatory change should be baked into the IT design, architecture and infrastructure of the firm. It is so much easier to implement Sarbanes-Oxley requirements when proper security procedures are followed as a matter of good business practice. Privacy regulations are a cinch when proper access control and permissions are an integral part of system design. Equal Opportunity regulations are easier to implement when flexible workflow and data segmentation are part of the enterprise architecture. Anticipate change, design for change and regulatory requirements will become just another repeatable process. "  Bill Nadal, Chief Technology Officer and Senior Vice President, Full Capture Solutions, Inc.Q: How does your organization use instant messaging products? A: " Full Capture uses Instant Messaging as a lightweight communication tool within a larger set of collaboration products. IM is a great way of determining a user's online presence and getting real-time responses for simple inquiries. Full Capture's staff, customers and vendors interact across many time zones. When a timely response is critical, knowing that a key resource is online can save us time and money and provide better customer service. A quick IM chat often avoids the delay and overhead of an email or phone call. Sensitive information or files should never be sent over IM. When used appropriately, IM can be a valuable collaboration tool in your organization. "  Chris Hall, CTO, International Association of Business CommunicatorsQ: In overseeing the re-design of your organization's Web site, what was the most challenging aspect of incorporating Web 2.0-type features? A: " On the IABC Web site, while our blogs are open to both members and non-members, many of the discussion forums are tucked away behind member-only areas of the site. In addition to integrating the discussion forums with our existing member database, it was a challenge to match their look and feel to the newly redesigned site. Moreover, we wanted our members to only log in once, regardless of which parts of the site they visited, so we had to customize the login codes to pass in their credentials transparently, assuming they are already logged in. We've been taking a piecemeal approach with other Web 2.0 features, such as AJAX or other rich user interface enhancements, adding them only to select sections of the site. "  David Michael, CIO, PR NewswireQ: What are some of the IT challenges unique to a news aggregation and distribution service? A: " PR Newswire distributes nearly 1,000 news releases to the media, general public and financial community each day. We use both satellite and digital delivery technologies to deliver our clients' content directly into the newsrooms of more than 4,700 media outlets, as well as to more than 3,600 Web sites and online databases. Our clients -- public relations and investor relations professionals -- send us news releases in various document formats, and it is our job to convert these documents into a standard format that can then be subsequently delivered to a wide audience.
 Campbell Dobbin, CIO, The ADWEB AgencyQ: How do you handle security concerns within your organization? A: " The current business climate has a strong need for more real-time access to information, which has altered the nature of security concerns. Security concerns require innovative solutions and long-term strategic direction on technologies that impact your business processes.
 Michael Peterson, CIO, CHG Healthcare ServicesQ: How do medical professionals use IT these days? A: " Technology is the lifeline of the medical profession today, whether the medical professionals are using handheld devices to quickly and accurately diagnose their patients, access the latest research updates and medical journals, or perform surgeries or treatment for their patients.
 Michael Lederman, Director of Information Technology, Alvin Ailey American Dance TheaterQ: What has been your biggest challenge in streamlining and integrating the business processes of your company's disparate departments? A: " We are currently working on two strategic initiatives to help our staff collaborate better and eliminate the inefficiencies in their workflows: a digital asset management system and an organizational intranet. While common in larger enterprises, these systems are rare to find in smaller arts organizations and represent a significant shift in our workflow. In creating buy-in for these projects, the greatest challenge has been identifying the different sources of resistance from each department as well as which benefits would motivate change. Some departments are open to change but are stuck in their existing, inefficient processes and cannot create time to evaluate or even hear alternative solutions. Other groups may easily identify the benefits of a new system, but something about the idea of change is unsettling. As a result, they develop a resistance to the project, not because of the results, but simply because it represents a change. "  Amit Shah, CTO, Void CommunicationsQ: What are some IT challenges you are dealing with right now? A: " On December 1, 2006, FRCP Rule 26 came into effect and solidified years of case law regarding the admissibility of stored electronic information for legal discovery. Essentially, this rule states that as part of the legal discovery process an organization must be able to produce any stored data that was collected during a timeframe designated by a company or industry.
 Jeanne Skül, Vice Chancellor for Information Technology, The University of South Carolina UpstateQ: What is your disaster recovery plan? A: " At the University of South Carolina Upstate, we are committed to protecting the welfare of our faculty, staff, and students, as well as our intellectual property and facilities. Our incident management system (IMS) identifies roles and responsibilities in a formalized response hierarchy for all types of emergencies, from minor events to catastrophes. Tied to and incorporated into the IMS, we have [plans that include] an Information Technology & Services plan.
 Wendy Cebula, Executive VP and COO, VistaPrint USA IncorporatedQ: What is your IT department doing to combat rising energy costs? A: " VistaPrint is moving to a new technology platform that simultaneously provides a more scalable production environment while reducing hardware and energy costs. We migrated away from existing servers to products that give us more flexibility. This choice has reduced the number of servers by a factor of five and cut energy requirements by 50%. VistaPrint also started leveraging virtual machine software to run nearly 100 servers on just nine physical machines. Aside from the energy reduction, it has enabled us to reduce our data center footprint and corresponding hardware and maintenance costs even in a period of rapid growth. We are also in the process of switching from CRT monitors to LDC monitors to lower energy costs. "  Tom Franke, Chief Information Officer & Assistant VP, University of New HampshireQ: What was the biggest challenge in overhauling the university's storage infrastructure? A: " The biggest challenge has been with people and with timing. I had been CIO at the University of New Hampshire for three months when asked to purchase a storage area network (SAN) to replace direct-attached storage on an MS Exchange cluster that was showing performance problems. An existing SAN in another unit was two months from lease renewal. With expected dramatic increases in storage demands we lack resources to manage multiple SANs. As CIO, I value technical staff recommendations, but here they were in disagreement. We engaged an outside storage consultancy to do a comprehensive storage review, and followed their recommendation for a central storage service model with a single SAN. It's been tough quickly changing support models and technology, but it was right for the university. "  Carmella Cassetta, Senior Vice President and Chief Information Officer, Corinthian CollegesQ: Are there unique security challenges for the CIO of a college that has an online education component? A: " While not necessarily unique to online education, there are specific security considerations. The first relates to implementing appropriate authentication and authorization methods for both students and faculty. This involves validating the identity of the person requesting the service and determining the appropriate access for that person. These applications are accessed via the Internet, which dictates the use of technologies to protect the data as it traverses the public network. There are various technologies that can be used, such as VPN and SSL. Because these applications contain sensitive information, it is also necessary to encrypt the stored information and often requires physically segregating these applications from internal networks. However, the biggest challenge is balancing the right level of security with the ability to offer the functionality and information required by students and faculty. "  Melissa Mullinax, Chief Information Officer, Seattle UniversityQ: What is the most challenging project you're working on right now? A: " My most challenging project is the establishment of an IT governance structure. Since IT touches every aspect of higher education, it is imperative that governance be put in place and be comprised of decision makers from across the university. The governance committee is charged by the executive team with the authority to review, recommend modifications, and grant approval of the office of information technology for the tactical plan and technology capital plans and expenditures. This allows the university to set the priorities of the IT team according to their current needs. Some of the challenges arise from the perception that control of IT purchases will be relinquished when in fact with governance oversight the individual departments will have more resources at their disposal. "  Frederick Dillman, CTO, Unisys CorporationQ: How does the CIO-CTO relationship impact business goals? A: " Actually, it's more that business goals are reshaping the CTO-CIO relationship. The CTO was once responsible primarily for discovering new and emerging technologies that could help address his or her organization's needs, while the CIO was focused on managing IT assets, functions and budgets. Yet, the current business climate has altered their roles as a number of demands, including the push for more real-time access to information, and increasing security concerns, now require more need for innovation and long-term strategic direction on technology solutions that impact business processes. Business goals now focus more on establishing strategic IT infrastructures that offer security best practices. The CTO and CIO must now share a combined business/technology mindset to bring value to their organizations. They must combine their technology and business expertise to effectively identify leading, proactive solutions, uncover new methods where needed and manage the risk along the way. "  Richard J. Schaeffer, Vice President and CIO, St. Clair HospitalQ: Healthcare has been slow to adopt RFID Technology. Within a hospital, where does the initial RFID implementation make the most sense? A: " It is every hospital's responsibility to provide a safe patient environment. In the delivery of care to the patient, there are mistakes that will occur due to human error involved in the process. Even in a patient care process that has been optimally engineered, errors can not be completely eliminated without the introduction of a technological aid. RFID is an ideal technology to assist the caregiver at the bedside in eliminating medication administration errors that threaten the patient's safety. Using RFID on patient and caregiver IDs should be the organization's top priority. Dual mode scanners handle the bar-coded medications and RFID-tagged patients and caregivers utilizing a PDA device. The same application can be used for other patient safety tasks such as lab specimen verification. "  John Pavlov, VP of Engineering and Chief Technology OfficerQ: How does the CIO-CFO relationship impact business goals? A: " The CIO has significant impact on the ability of an organization to support its business goals, particularly with respect to revenue generation and cost controls. Many of the efficiencies organizations seek in streamlining their business operations -- both in generating revenue and in cutting costs -- are achieved through technology, and it is the CIO's responsibility to help identify, evaluate and implement these solutions. In addition, CIO's must work closely with CFOs to blueprint and execute security strategies to protect intellectual property and support compliance initiatives, such as those associated with Sarbanes-Oxley. Proactive CIOs will work with CFOs to leverage technology strategies and process improvements to support the organization's growth." "  Jack Chen, Chief Information Officer, Adelphi UniversityQ: What are the coming IT threats you are preparing for right now? A: " IT security has evolved to be the most challenging area, especially in an institution of higher education where collaboration and openness are an integral part of its operations. Students returning from a long summer vacation will most likely bring back computer viruses and worms. This creates a huge challenge for the institution every year. Compounding the problem is the fact that network hackers have become more sophisticated and they're creating new and dangerous viruses and worms with only slight modifications to the codes.
 John C. Reece, Chairman-CEO, John C. Reece & Associates, LLCQ: What is the most effective thing a CIO can do in terms of better managing security and risk management within the organization? A: " The CIO should proactively engage their chief executive to embed an all-risk (tactical, operational and strategic) identification and mitigation approach in their institution's culture and in its fundamental ways of doing business. That approach makes theirs a "trusted" enterprise by all its stakeholders; that is, an institution where global risk management, compliance and governance are perceived as competitive advantages. This approach is the genesis by which "securing the enterprise" becomes a positive and enabling process. One that most fully opens the organization's total resources to serving the greatest needs of all of those it seeks to engage -- customers, employees, channel partners, outsourcers, suppliers, shareowners, community, et cetera. It is a strategy that ultimately vests those enterprises delivering totally "trusted" (secure) operations with market leadership and competitive dominance over extended periods of time. "  Chris Levan, CIO, BlueCross BlueShield of TennesseeQ: How do medical professionals use IT these days? A: " The healthcare and business communities are in agreement that information technology has the potential to re-shape the healthcare landscape in America. It is widely accepted that IT will improve diagnostic processes, better track medical conditions, encourage early prevention, reduce medical errors and help contain costs.
 Michael McNicholas, Webmaster and Director of Information Services, PrintingForLess.comQ: What qualities or abilities are most important to you when choosing an outsource partner? A: " The critical qualities we look for in a partner are adaptability and responsiveness. Because most of our systems and information processes are custom built by our internal developers to meet our exact needs and are key to sustaining our competitive advantage, we look for vendors that welcome and support the customization and even innovation of their products or services. Detailed functionality that meets our needs and the quality of support are usually significantly more important than price, which is only one, frequently small, component of the total cost of ownership or the value of the relationship. "  Mark Headland, Vice President and CIO, Children's Hospital of Orange CountyQ: How are you handling the emerging trend towards digital medical records? A: " In the not-too-distant future, we will be able to say that we remember when doctors and nurses used to write down patient information on paper and keep it on charts. CHOC transitioned into the world of electronic patient charts with the launch of our Clinical Documentation system, or ClinDoc, this past year. It began as a pilot program in the NICU in April 2005, and was rolled out to the rest of CHOC in May. Using tablets or wireless devices, patient information is now collected at the bedside to create an electronic medical record, a "paperless chart."
 Jonathan Kass, CIO, Veterinary Pet Insurance Co. (VPI)Q: What is the most challenging IT issue you are contending with right now? A: " At VPI, our business has been growing rapidly as the concept of pet insurance becomes more popular. We are now investing heavily in support of multiple ongoing business initiatives and in preparation for future growth. Ultimately, our number one challenge is change management.
 Cheron Vail, Senior Vice President and Chief Information Officer, RegenceQ: Since Regence is a not-for-profit, monetary resources are likely an issue. What are the recruiting challenges in hiring well-qualified, highly-competent IT employees? A: " For 20 years, the computing technology at Regence has been mainframe-based and the IT skill sets supporting the major applications have not changed appreciably during that time. Therefore, there has not been significant training on new technologies. As we move to those newer technologies, we are challenged in our ability to attract talent in a timely fashion with the existing compensation programs. Positions in IT that are technically equivalent in complexity and responsibility may not experience the same market demand. We must be able to adjust our compensation packages to compete for the skill sets that are in greater demand, for example Java developer vs. Cobol developer. Moreover, we must constantly review our annual incentive bonus program to ensure that it can compete with the attractiveness of an employee stock purchase program at a for-profit company. "  E. Glenn Rogers Sr., Deputy Chief Information Officer, Food and Drug AdministrationQ: What are the coming IT threats that you are preparing for right now? A: " The Food & Drug Administration continues to observe significant increases in e-mail and Web-based threats, including spam and "phishing" campaigns, spyware, and adware. These issues not only pose a serious threat to any computing environment, but they also adversely impact the user computing experience.
 John Lambeth, Vice President-Information Technology, Blackboard Inc.Q: How does the CIO-CFO relationship impact business goals? A: " The CIO-CFO relationship at Blackboard, a provider of technology to the education industry, is crucial. Our CFO Michael Beach and I determine what infrastructure and key performance measurements must be in place to support Blackboard's business priorities: financial, strategic, and tactical.
 Bob Worrall, CIO, Sun MicrosystemsQ: What quality or ability is most important to you when choosing an outsource partner? A: " While competitive pricing and technical capabilities are certainly key to vendor selection, the true differentiator is a strong process orientation and how it is implemented. Vendors must demonstrate their processes and the support model to be implemented from the transition phase through sustaining operations.
 Dr. Peter Murray, CIO, University of Maryland, BaltimoreQ: What is the biggest challenge to managing IT for a university from a security perspective? A: " The distributed nature of the institution presents an inherent challenge. The campus network comprises numerous connected sub-networks, so each respective sub-network has some independence even though it is connected to a campus network. An effective IT security program in this environment requires a great deal of communication and collaboration between IT security administrators. We call our IT security program a "safety quilt" since it is a well connected group of people and technologies that blankets the entire enterprise. My biggest challenge at UMB is the work required to create and maintain this collaborative IT security program. "  Steve Hassell, VP and CIO, Emerson ElectricQ: What is the biggest challenge in managing the IT of a global company with multiple offices and business units? A: " Emerson has 116,000 employees around the world, and about 1,200 of them work in IT. They're spread across 150 countries and more than 60 divisions. Our challenge is pulling all of these people around the world together. To address this issue, we created an IT portal specifically for the worldwide IT staff. The idea is to open a new communication channel that is the most accurate and most definitive source of IT information throughout the company. It also will provide visibility into active projects and allow people to reach out to colleagues across the globe to better leverage skills and best practices.
 Arthur Downing, CIO, Baruch CollegeQ: How is your job as CIO of an educational institution different or distinct from a corporate CIO's world? A: " Working in academia allows me to develop and apply technology specifically to advance student learning, as well as work with faculty to research how digital media can enhance pedagogy. That said, corporate and academic IT environments are increasingly similar as we focus on issues such as security and serving users worldwide.
 Roger Rehm, VP Information Technology, CIO, Central Michigan UniversityQ: What is the most interesting IT project you are working on right now? A: " One of the most exciting projects in which I expect to find myself engaged over the coming year is the building of a catalog of university IT services.
 James Boyce, CIO, PRCQ: How do you protect your company's data? A: " As a leading provider of outsourced customer management services, PRC has to be extremely focused on the security of its data network. The nature of PRC's business, which includes connecting to client systems and transmitting customer data, requires that we have multiple checkpoints in place to guarantee the integrity and security of our data systems.
 Chris Nabinger, CIO , MASERGYQ: What is the most challenging IT issue you are contending with right now? A: " The most challenging IT issue today centers around delivery end-user services in a predictable, reliable manner, at a cost they believe adds value to their departments and to the company bottom line.
 Jeff Williams, CIO, VP-operations, Medi-Call, Manila, PhillipinesQ: What are some of the technology challenges you face in your call center, where operators are using e-mail, voice over IP and chat? A: " A challenge for me is I use nurses in the call center. I'm not taking "call center people" and training them in nursing functions. I'm taking nurses and training them in call center functions. They have already gone through four years of school. All of the training and curriculum is in English. That works really well for them.
 Jari Tavi, CTO, BasWare CorporationQ: As an international company, what are some of the challenges to maintaining Sarbanes-Oxley (SOX) compliance? A: " The single biggest challenge in maintaining SOX compliance as an international company is the need to be compliant with different regulations from a variety of geographic regions. As legislation changes and requirements from different sources tighten, it is important for the software solutions we use to be agile so that we can remain in compliance.
|
