Corporate Data, Supply Chains Remain Vulnerable to Cyber Crime Attacks, Says Open Group Conference Speaker

Transcript of a BriefingsDirect podcast in which cyber security expert Joel Brenner explains the risk to businesses from international electronic espionage.

Register for The Open Group Conference
July 16-18 in Washington, D.C.

Listen to the podcast. Find it on iTunes/iPod. Download the transcript. Sponsor: The Open Group.

Dana Gardner: Hello, and welcome to a special BriefingsDirect thought leadership interview series coming to you in conjunction with the Open Group Conference this July in Washington, D.C. I'm Dana Gardner, Principal Analyst at Interarbor Solutions, and I'll be your host throughout these discussions.

The conference will focus on how security impacts the enterprise architecture, enterprise transformation, and global supply chain activities in organizations, both large and small. Today, we're here on the security front with one of the main speakers at the July 16 conference, Joel Brenner, the author of "America the Vulnerable: Inside the New Threat Matrix of Digital Espionage, Crime, and Warfare."

Joel is a former Senior Counsel at the National Security Agency (NSA), where he advised on legal and policy issues relating to network security. Mr. Brenner currently practices law in Washington at Cooley LLP, specializing in cyber security. Registration remains open for The Open Group Conference in Washington, DC beginning July 16.

Previously, he served as the National Counterintelligence Executive in the Office of the Director of National Intelligence, and as the NSA’s Inspector General. He is a graduate of University of Wisconsin–Madison, the London School of Economics, and Harvard Law School. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]

Joel, welcome to BriefingsDirect.

Joel Brenner: Thanks. I'm glad to be here.

Gardner: Your book came out last September and it affirmed this notion that the United States, or at least open Western cultures and societies, are particularly vulnerable to being infiltrated, if you will, from cybercrime, espionage, and dirty corporate tricks.

My question is why wouldn't these same countries be also very adept on the offense, being highly technical? Why are we particularly vulnerable, when we should be most adept at using cyber activities to our advantage?

Brenner: Let’s make a distinction here between the political-military espionage that's gone on since pre-biblical times and the economic espionage that’s going on now and, in many cases, has nothing at all to do with military, defense, or political issues.

The other stuff has been going on forever, but what we've seen in the last 15 or so years is a relentless espionage attack on private companies for reasons having nothing to do with political-military affairs or defense.

So the countries that are adept at cyber, but whose economies are relatively undeveloped compared to ours, are at a big advantage, because they're not very lucrative targets for this kind of thing, and we are. Russia, for example, is paradoxical. While it has one of the most educated populations in the world and is deeply cultured, it has never been able to produce a commercially viable computer chip.

Not entrepreneurial

We’re not going to Russia to steal advanced technology. We’re not going to China to steal advanced technology. They're good at engineering and they’re good at production, but so far, they have not been good at making themselves into an entrepreneurial culture.

That’s one just very cynical reason why we don't do economic espionage against the people who are mainly attacking us, which are China, Russia, and Iran. I say attack in the espionage sense.

The other reason is that you're stealing intellectual property when you’re doing economic espionage. It’s a bedrock proposition of American economics and political strategy around the world to defend the legal regime that protects intellectual property. So we don’t do that kind of espionage. Political-military stuff we're real good at.

Gardner: This raises the question for me. If we're hyper-capitalist, where we have aggressive business practices and we have these very valuable assets to protect, isn't there the opportunity to take the technology and thwart the advances from these other places? Wouldn’t our defense rise to the occasion? Why hasn't it?

Brenner: The answer has a lot to do with the nature of the Internet and its history. The Internet, as some of your listeners will know, was developed starting in the late '60s by the predecessor of the Defense Advanced Research Projects Agency (DARPA), a brilliant operation which produced a lot of cool science over the years.

The people who invented this, if you talk to them today, lament the fact that they didn't build a security layer into it.

It was developed for a very limited purpose, to allow the collaboration of geographically dispersed scientists who worked under contract in various universities with the Defense Department's own scientists. It was bringing dispersed brainpower to bear.

It was a brilliant idea, and the people who invented this, if you talk to them today, lament the fact that they didn't build a security layer into it. They thought about it. But it wasn't going to be used for anything else but this limited purpose in a trusted environment, so why go to the expense and aggravation of building a lot of security into it?

Until 1992, it was against the law to use the Internet for commercial purposes. Dana, this is just amazing to realize. That’s 20 years ago, a twinkling of an eye in the history of a country’s commerce. That means that 20 years ago, nobody was doing anything commercial on the Internet. Ten years ago, what were you doing on the Internet, Dana? Buying a book for the first time or something like that? That’s what I was doing, and a newspaper.

In the intervening decade, we’ve turned this sort of Swiss cheese, cool network, which has brought us dramatic productivity and all and pleasure into the backbone of virtually everything we do.

International finance, personal finance, command and control of military, manufacturing controls, the controls in our critical infrastructure, all of our communications, virtually all of our activities are either on the Internet or exposed to the Internet. And it’s the same Internet that was Swiss cheese 20 years ago and it's Swiss cheese now. It’s easy to spoof identities on it.

So this gives a natural and profound advantage to attack on this network over defense. That’s why we’re in the predicament we're in.

Both directions

Gardner: So the Swiss cheese would work in both directions. U.S. corporations, if they were interested, could use the same techniques and approaches to go into companies in China or Russia or Iran, as you pointed out, but they don't have assets that we’re interested in. So we’re uniquely vulnerable in that regard.

Let’s also look at this notion of supply chain, because corporations aren’t just islands unto themselves. A business is really a compendium of other businesses, products, services, best practices, methodologies, and intellectual property that come together to create a value add of some kind. It's not just attacking the end point, where that value is extended into the market. It’s perhaps attacking anywhere along that value chain.

What are the implications for this notion of the ecosystem vulnerability versus the enterprise vulnerability?

Brenner: Well, the supply chain problem really is rather daunting for many businesses, because supply chains are global now, and it means that the elements of finished products have a tremendous numbers of elements. For example, this software, where was it written? Maybe it was written in Russia -- or maybe somewhere in Ohio or in Nevada, but by whom? We don’t know.

There are two fundamental different issues for supply chain, depending on the company. One is counterfeiting. That’s a bad problem. Somebody is trying to substitute shoddy goods under your name or the name of somebody that you thought you could trust. That degrades performance and presents real serious liability problems as a result.

The supply chain problem really is rather daunting for many businesses, because supply chains are global now, and it means that the elements of finished products have a tremendous numbers of elements.

The other problem is the intentional hooking, or compromising, of software or chips to do things that they're not meant to do, such as allow backdoors and so on in systems, so that they can be attacked later. That’s a big problem for military and for the intelligence services all around the world.

The reason we have the problem is that nobody knows how to vet a computer chip or software to see that it won't do these squirrelly things. We can test that stuff to make sure it will do what it's supposed to do, but nobody knows how to test the computer chip or two million lines of software reliably to be sure that it won’t also do certain things we don't want it to do.

You can put it in a sandbox or a virtual environment and you can test it for a lot of things, but you can't test it for everything. It’s just impossible. In hardware and software, it is the strategic supply chain problem now. That's why we have it.

Gardner: So as organizations ramp up their security, as they look towards making their own networks more impervious to attack, their data isolated, their applications isolated, they still have to worry about all of the other components and services that come into play, particularly software. [Registration remains open for The Open Group Conference in Washington, DC beginning July 16.]

Brenner: If you have a worldwide supply chain, you have to have a worldwide supply chain management system. This is hard and it means getting very specific. It includes not only managing a production process, but also the shipment process. A lot of squirrelly things happen on loading docks, and you have to have a way not to bring perfect security to that -- that's impossible -- but to make it really harder to attack your supply chain.

Notion of cost

Gardner: Well, Joel, it sounds like we also need to reevaluate the notion of cost. So many organizations today, given the economy and the lagging growth, have looked to lowest cost procedures, processes, suppliers, materials, and aren't factoring in the risk and the associated cost around these security issues. Do people need to reevaluate cost in the supply chain by factoring in what the true risks are that we’re discussing?

Brenner: Yes, but of course, when the CEO and the CFO get together and start to figure this stuff out, they look at the return on investment (ROI) of additional security. It's very hard to be quantitatively persuasive about that. That's one reason why you may see some kinds of production coming back into the United States. How one evaluates that risk depends on the business you're in and how much risk you can tolerate.

This is a problem not just for really sensitive hardware and software, special kinds of operations, or sensitive activities, but also for garden-variety things. If you’re making titanium screws for orthopedic operations, for example, and you’re making them in -- I don’t want to name any country, but let’s just say a country across the Pacific Ocean with a whole lot of people in it -- you could have significant counterfeit problems there.

Explaining to somebody that the screw you just put through his spine is really not what it’s supposed to be and you have to have another operation to take it out and put in another one is not a risk a lot of people want to run.

So even in things like that, which don't involve electronics, you have significant supply-chain management issues. It’s worldwide. I don’t want to suggest this is a problem just with China. That would be unfair.

This is a problem not just for really sensitive hardware and software, special kinds of operations, or sensitive activities, but also for garden-variety things

Gardner: Right. We’ve seen other aspects of commerce in which we can't lock down the process. We can’t know all the information, but what we can do is offer deterrence, perhaps in the form of legal recourse, if something goes wrong, if in fact, decisions were made that countered the contracts or were against certain laws or trade practices. Is it practical to look at some of these issues under the business lens and say, "If we do that, will it deter people from doing it again?"

Brenner: For a couple of years now, I’ve struggled with the question why it is that liability hasn’t played a bigger role in bringing more cyber security to our environment, and there are a number of reasons.

We've created liability for the loss of personal information, so you can quantify that risk. You have a statute that says there's a minimum damage of $500 or $1,000 per person whose identifiable information you lose. You add up the number of files in the breach and how much the lawyers and the forensic guys cost and you come up with a calculation of what these things cost.

But when it comes to just business risk, not legal risk, and the law says intellectual property to a company that depends on that intellectual property, you have a business risk. You don’t have much of a legal risk at this point.

You may have a shareholder suit issue, but there hasn’t been an awful lot of that kind of litigation so far. So I don't know. I'm not sure that’s quite the question you were asking me, Dana.

Gardner: My follow on to that was going to be where would you go to sue across borders anyway? Is there an über-regulatory or legal structure across borders to target things like supply chain, counterfeit, cyber espionage, or mistreatment of business practice?

Depends on the borders

Brenner: It depends on the borders you're talking about. The Europeans have a highly developed legal and liability system. You can bring actions in European courts. So it depends what borders you mean.

If you’re talking about the border of Russia, you have very different legal issues. China has different legal issues, different from Russia, as well from Iran. There are an increasing number of cases where actions are being brought in China successfully for breaches of intellectual property rights. But you wouldn't say that was the case in Nigeria. You wouldn't say that was the case in a number of other countries where we’ve had a lot of cybercrime originating from.

So there's no one solution here. You have to think in terms of all kinds of layered defenses. There are legal actions you can take sometimes, but the fundamental problem we’re dealing with is this inherently porous Swiss-cheesy system. In the long run, we're going to have to begin thinking about the gradual reengineering of the way the Internet works, or else this basic dynamic, in which lawbreakers have advantage over law-abiding people, is not going to go away.

Think about what’s happened in cyber defenses over the last 10 years and how little they've evolved -- even 20 years for that matter. They almost all require us to know the attack mode or the sequence of code in order to catch it. And we get better at that, but that’s a leapfrog business. That’s fundamentally the way we do it.

Whether we do it at the perimeter, inside, or even outside before the attack gets to the perimeter, that’s what we’re looking for -- stuff we've already seen. That’s a very poor strategy for doing security, but that's where we are. It hasn’t changed much in quite a long time and it's probably not going to.

We’re talking about the Balkanization of the Internet. I think that's going to happen as more companies demand a higher level of protection.

Gardner: Why is that the case? Is this not a perfect opportunity for a business-government partnership to come together and re-architect the Internet at least for certain types of business activities, permit a two-tier approach, and add different levels of security into that? Why hasn’t it gone anywhere?

Brenner: What I think you’re saying is different tiers or segments. We’re talking about the Balkanization of the Internet. I think that's going to happen as more companies demand a higher level of protection, but this again is a cost-benefit analysis. You’re going to see even more Balkanization of the Internet as you see countries like Russia and China, with some success, imposing more controls over what can be said and done on the Internet. That’s not going to be acceptable to us.

Gardner: So it's a notion of public and private.

Brenner: You can say public and private. That doesn’t change the nature of the problem. It won’t happen all at once. We're not going to abandon the Internet. That would be crazy. Everything depends on it, and you can’t do that. It’d be a fairy tale to think of it. But it’s going to happen gradually, and there is research going on into that sort of thing right now. It’s also a big political issue.

Gardner: Let’s take a slightly different tack on this. We’ve seen a lot with cloud computing and more businesses starting to go to third-party cloud providers for their applications, services, data storage, even integration to other business services and so forth.

More secure

If there's a limited lumber, or at least a finite number, of cloud providers and they can institute the proper security and take advantage of certain networks within networks, then wouldn’t that hypothetically make a cloud approach more secure and more managed than every-man-for-himself, which is what we have now in enterprises and small to medium-sized businesses (SMBs)?

Brenner: I think the short answer is yes. The SMBs will achieve greater security by basically contracting it out to what are called cloud providers. That’s because managing the patching of vulnerabilities and other aspects and encryption is beyond what’s most small businesses and many medium-sized businesses can do, are willing to do, or can do cost-effectively.

For big businesses in the cloud, it just depends on how good the big businesses’ own management of IT is as to whether it’s an improvement or not. But there are some problems with the cloud.

People talk about security, but there are different aspects of it. You and I have been talking just now about security meaning the ability to prevent somebody from stealing or corrupting your information. But availability is another aspect of security. By definition, putting everything in one remote place reduces robustness, because if you lose that connection, you lose everything.

Consequently, it seems to me that backup issues are really critical for people who are going to the cloud. Are you going to rely on your cloud provider to provide the backup? Are you going to rely on the cloud provider to provide all of your backup? Are you going to go to a second cloud provider? Are you going to keep some information copied in-house?

By definition, putting everything in one remote place reduces robustness, because if you lose that connection, you lose everything.

What would happen if your information is good, but you can’t get to it? That means you can’t get to anything anymore. So that's another aspect of security people need to think through.

Gardner: We’re almost out of time, Joel, but I wanted to get into this sense of metrics, measurement of success or failure. How do you know you’re doing the right thing? How do you know that you're protecting? How do you know that you've gone far enough to ameliorate the risk?

Brenner: This is really hard. If somebody steals your car tonight, Dana, you go out to the curb or the garage in the morning, and you know it's not there. You know it’s been stolen.

When somebody steals your algorithms, your formulas, or your secret processes, you've still got them. You don’t know they’re gone, until three or four years later, when somebody in Central China or Siberia is opening a factory and selling stuff into your market that you thought you were going to be selling -- and that’s your stuff. Then maybe you go back and realize, "Oh, that incident three or four years ago, maybe that's when that happened, maybe that’s when I lost it."

What's going out

So you don’t even know necessarily when things have been stolen. Most companies don’t do a good job. They’re so busy trying to find out what’s coming into their network, they're not looking at what's going out.

That's one reason the stuff is hard to measure. Another is that ROI is very tough. On the other hand, there are lots of things where business people have to make important judgments in the face of risks and opportunities they can't quantify, but we do it.

We’re right to want data whenever we can get it, because data generally means we can make better decisions. But we make decisions about investment in R&D all the time without knowing what the ROI is going to be and we certainly don't know what the return on a particular R&D expenditure is going to be. But we make that, because people are convinced that if they don't make it, they’ll fall behind and they'll be selling yesterday’s products tomorrow.

Why is it that we have a bias toward that kind of risk, when it comes to opportunity, but not when it comes to defense? I think we need to be candid about our own biases in that regard, but I don't have a satisfactory answer to your question, and nobody else does either. This is one where we can't quantify that answer.

Gardner: It sounds as if people need to have a healthy dose of paranoia to tide them over across these areas. Is that a fair assessment?

People need to understand, without actually being paranoid, that life is not always what it seems. There are people who are trying to steal things from us all the time, and we need to protect ourselves.

Brenner: Well, let’s say skepticism. People need to understand, without actually being paranoid, that life is not always what it seems. There are people who are trying to steal things from us all the time, and we need to protect ourselves.

In many companies, you don't see a willingness to do that, but that varies a great deal from company to company. Things are not always what they seem. That is not how we Americans approach life. We are trusting folks, which is why this is a great country to do business in and live in. But we're having our pockets picked and it's time we understood that.

Gardner: And, as we pointed out earlier, this picking of pockets is not just on our block, but could be any of our suppliers, partners, or other players in our ecosystem. If their pockets get picked, it ends up being our problem too.

Brenner: Yeah, I described this risk in my book, “America the Vulnerable,” at great length and in my practice, here at Cooley, I deal with this every day. I find myself, Dana, giving briefings to businesspeople that 5, 10, or 20 years ago, you wouldn’t have given to anybody who wasn't a diplomat or a military person going outside the country. Now this kind of cyber pilferage is an aspect of daily commercial life, I'm sorry to say.

Gardner: Very good. I'm afraid we'll have to leave it there. We’ve been talking with Joel Brenner, the author of “America the Vulnerable: Inside the New Threat Matrix of Digital Espionage, Crime, and Warfare.” And as a lead into his Open Group presentation on July 16 on cyber security, Joel and I have been exploring the current cybercrime landscape and what can be done to better understand the threat and work against it.

This special BriefingsDirect discussion comes to you in conjunction with the Open Group Conference from July 16 to 20 in Washington, D.C. We’ll hear more from Joel and others at the conference on ways that security and supply chain management can be improved. I want to thank you, Joel, for joining us. It’s been a fascinating discussion.

Brenner: Pleasure. Thanks for having me.

Gardner: I’d certainly look forward to your presentation in Washington. I encourage our readers and listeners to attend the conference to learn more. This is Dana Gardner, Principal Analyst at Interarbor Solutions, your host and moderator for these thought leadership interviews. Thanks again for listening and come back next time.

Register for The Open Group Conference
July 16-18 in Washington, D.C.

Listen to the podcast. Find it on iTunes/iPod. Download the transcript. Sponsor: The Open Group.

Transcript of a BriefingsDirect podcast in which cyber security expert Joel Brenner explains the risk to businesses from international electronic espionage. Copyright The Open Group and Interarbor Solutions, LLC, 2005-2012. All rights reserved.

You may also be interested in:

• Open Group Conference Speakers Discuss the Cloud: Higher Risk or Better Security?
• Capgemini's CTO on Why Cloud Computing Exposes the Duality Between IT and Business
• San Francisco Conference observations: Enterprise transformation, enterprise architecture, SOA and a splash of cloud computing
  
• MIT's Ross on how enterprise architecture and IT more than ever lead to business transformation
• Overlapping criminal and state threats pose growing cyber security threat to global Internet commerce, says Open Group speaker
• Enterprise architects play key role in transformation, data analytics value -- but they need to act fast, say Open Group speakers
  
• Exploring Business-IT Alignment: A 20-Year Struggle Culminating in the Role and Impact of Business Architecture

Investing Well in IT With Emphasis on KPIs Separates Business Leaders from Business Laggards, Survey Results Show

Transcript of a sponsored BriefingsDirect podcast on the results of a survey that show that innovation focusing on information and KPIs drives substantial positive business results.

Listen to the podcast. Find it on iTunes/iPod. Download the transcript. Sponsor: HP.

Dana Gardner: Hi, this is Dana Gardner, Principal Analyst at Interarbor Solutions, and you’re listening to BriefingsDirect.

Today we present a sponsored podcast discussion on some fascinating new findings from a recent survey on chief information officer (CIO)-level priorities. We'll uncover what distinguishes leaders from laggards among businesses, and identify which IT approaches and solutions are driving the most powerful business results these days.

To help dig into the survey, explain what it means, and learn how these results can lead to establishing winning new IT strategies we're joined by Joel Dobbs, President and CEO of Compass Talent Management Group. He's also an Executive in Residence at the School of Business at the University of Alabama at Birmingham (UAB), and a lead blogger and member of the Enterprise CIO Forum.

What’s more, Joel is a retired CIO himself, coming from such organizations as GlaxoWellcome, Schering-Plough, and Eisai. Welcome to our discussion, Joel.

Joel Dobbs: Thank you very much.

Gardner: We're also here with Daniel Dorr, a Worldwide Solutions Manager for HP Enterprise Marketing. Welcome to you, Daniel. [Disclosure: HP is a sponsor of BriefingsDirect podcasts].

Daniel Dorr: Thank you, Dana.

Gardner: Let’s start with just an overview of what we wanted to accomplish. Daniel, what was the idea behind doing this survey at this time?

Dorr: Dana, a lot of companies talk about how important technology is, and we all represent our technology as the right answer to the problem. But if our job is to help our CIO clients better use technology to solve business results -- and if our job is to help our CIOs work more effectively with their executive committees and CEOs -- the best way for us to help them is to determine which technologies actually change or correlate with in-market results.

In other words, if we look at revenue leaders in-market, which technology seems to be most closely associated with those who lead in-market performance? It's not technology for technology’s sake, or because it’s exciting or new -- but technology that actually seems to represent business results.

So our goal here was to help our clients do a better job of assessing which technologies lead to in-market business results and which technologies might not.

Gardner: Well, this has been a hot topic for decades, trying to establish the link between technology practices and business results.

Joel, you've been in the trenches as a CIO. You're now involved with the academic view of this at UAB and doing some IT talent work. When you reviewed these results, was there anything that jumped out, that was perhaps something new or interesting?

Not much separation

Dobbs: There were a couple of things that surprised me, one of which is how close statistically the leaders and laggards were in some areas. There was not as much separation in some of the areas that were looked at as I would have expected.

The other thing that surprised me is one of the areas that gets an awful lot of play in the press now -- this whole idea of bring-your-own-device (BYOD) policies for employees. For the most part, this seemed to have been a non-issue for most of these folks. This suggests that either this has not taken hold as much as we would be led to believe, or that companies have just basically decided they're not going to tackle this battle now and will save that for another day.

Gardner: Tell us a little bit, Daniel, about this survey. When did it happen? Who was targeted? HP was involved. Maybe you can tell us how, and then who conducted it?

Dorr: We wanted to understand the difference between market leaders, from a revenue perspective, and market laggards or followers, and see what their IT environments looked like. We surveyed 688 organizations. We spoke to IT decision makers, so we would call that "CIO minus one." We didn’t speak to the CIO directly. We spoke to the people that reported to him or her.

Everyone that we spoke to had to have significant knowledge about applications, information, data center operation, security, and cloud. The survey was conducted over nine different geographies: the US, Brazil, Mexico, UK, Germany, France, Japan, China, Australia, and covered a number of different industry groups.

This was not a public survey. In other words, the people responding didn't know the survey was coming from HP. It was a blind survey. We asked over 55 different questions around areas of application, security, information, cloud, etc. to understand which attributes were most strongly correlated with in-market or revenue performance, and those that weren't.

The questions we were trying to answer were what do market leaders do versus followers? How do industry leaders differ from followers? Is there a difference depending on the region or the market or the industry? And where do IT decision makers focus on a day-to-day level, versus the more CIO strategic forward two-year thinking level?

Gardner: Just to be clear, the surveys were delivered and answered in the last few months of 2011. Is that right?

Dorr: Exactly right. The results came into us in December 2011. So this is pretty accurate and up-to-date data.

Gardner: How about some of the top findings? Were there some nuts and bolts issues here around workload, automation, server capacity, things like that, that we could look to and just get a sense of who these organizations are and where they are on their journey toward a better IT outcome?

In search of priorities

Dorr: We asked more than 50 questions to understand from organizations where their priorities were and what they were doing today and then we compared that to their in-market performance. And I would say the answers fell into three buckets: They were around infrastructure issues, information and information management, and people and processes.

On the infrastructure side of the equation, we asked a number of questions, but the ones that rose to the top in terms of driving in-market or correlation between revenue performance were probably three or four. A lot of it had to do with application modernization and security, when it came to the infrastructure side of the equation.

For example, market leaders tended to have fewer custom applications and fewer legacy applications. They tended to use their server capacity more efficiently than their peers. Those were some of the big ones around the infrastructure side of equation.

With security, the market leaders tended to build security, not only into the boundary, but also into the applications themselves, versus the market followers who tended to focus on an us-versus-them mentality, or just boundary security.

… Companies that manage risk more effectively and more automated definitely outperformed their peers. As a technology company, we're always looking at the infrastructure. We're always talking about how infrastructure can lead to competitive advantage, and we saw that. But a lot of times we forget the people and process side of the equation.

Companies that manage risk more effectively and more automated definitely outperformed their peers.

One of the other areas that jumped out at me was the need for clarity and agreement of key performance indicators (KPIs). Market-leading companies who outperform in revenue over their peers had more clarity within IT about which KPIs were important and had agreement on those KPIs. Everyone is marching and working toward the same goals. That had a huge impact on me as well.

It’s not just about infrastructure. It’s not just about managing risk. It’s also the people/process side of the equation that is critical in market-leading companies.

Gardner: Joel, when you hear that those who are doing well seem to have fewer custom apps, fewer legacy apps, higher utilization rates on their servers, what does that tell you about these types of organizations?

Dobbs: It tells me a couple of things. We'll start with the second one, server utilization. What I think you're seeing there is the affected people who have really done a good job with virtualization. You're not having is a lot of equipment sitting around idle or used at under-capacity. So I suspect virtualization probably plays into that difference significantly for a number of people.

Custom and legacy applications was something I hadn't really thought about until I read this material. I suspect that what you're seeing is probably a result of modernization of the applications that I call commodity applications, things like human resources, some of the financial applications, a lot of things that are generic across businesses. You're probably seeing some of the leaders move to more software-as-a-service (SaaS)-type applications in order to free up their staff to work on things that are much more strategic to their business.

Unique value

So the things that they're working on are probably things that are adding unique value to their business, and they're not spending a lot of cycles doing things with generic applications that they can buy and let somebody else manage.

If you're just doing security on the boundaries, that's a cheap way to do security, if you think about it. You put a firewall in place, you configure the thing, and you do the boundary security stuff. But when you're building another layer of security into your applications, that tells me that there's a lot more focus on the realization of the value of what's in there, in terms of the data and the way that it’s used.

There's very much an intentional focus on protecting not only the perimeter of the institution, but making sure that there's added security and protection within the perimeter. I would expect that folks who are really serious about understanding the value of the information within those systems, and [understanding] the risk to their corporate reputation, should those be compromised, are being very intentional about mitigating those risks.

Gardner: So it's a strategic, comprehensive approach to security across the assets -- including the applications.

Daniel, before we move on, a question on the infrastructure. When I saw this, I said that sounds like services orientation (SOA) -- modernized apps, fewer monolithic stacks, higher utilization vis-à-vis virtualization. Was there anything else that would back up my hunch that services orientation or SOA was also prominent in the way they are doing infrastructure?

Virtualization, in and of itself, did not rise to the surface of market leaders versus followers.

Dorr: You're absolutely right, but the key component here is actually using it for the right purposes. Virtualization was one of the questions, but you'll notice virtualization, in and of itself, did not rise to the surface of market leaders versus followers.

It wasn't just that you're moving to a service-oriented view, but you're actually implementing it in a way that means something to the business. You're actually seeing a change in capacity usage. You're actually seeing a change in custom and legacy applications.

Again, not following that shiny object, but it's implementing it in a way that's strategic to the business, is what we are seeing here that leads to success. It's not just virtualization, but it's using virtualization to its full capacity.

Dobbs: I agree completely.

Gardner: So we have talked a little bit about infrastructure. What were some of the other major areas, Daniel?

Dorr: The second big area was around information. There was a huge difference around the area of audit and compliance. For example, we saw that more than half of the market leaders had automated their audit and compliance, about 52 percent. Market followers tended to be much less. Around 39 percent had automated their audit and compliance.

Information strategy

There was an information strategy in place in both market leaders and market followers. However, market leaders tended to have automated their information-management strategy, versus followers, who just had it documented.

Also, we see a big difference in the use of business intelligence (BI) to automate decision making. About 18 percent of market leaders are automating their decision making using BI tools, while only 7 percent, so less than half of them, less than half of them as leaders, are doing that.

Now, there is still a huge amount of room for growth on both leaders and followers there, but to see only 18 percent rise to the surface already tells you the importance of automating BI decision making as a clear difference for market leadership.

Gardner: Let's go back to Joel on those two items. This gets to a point that I'm really interested in, a movement in business nowadays to much more of a data-driven and analysis-driven decision process. Perhaps the older way might be summed up by the highest paid person's opinion (HPPO) being the way that ultimately decisions were made.

But Joel, how do you react to some of these findings around information management and BI?

Dobbs: There are a couple of things here. One is that there's been an interesting evolution over the last 20 years in this field. We started out in IT automating various business processes. The focus was on making those processes faster or more efficient or something of that sort. As a result of that, we were generating information that had valuable use, but really wasn't being used that much.

What you're seeing with the leaders is that they not only understand it, but they're doing it.

It was during the reengineering revolution in the early '90s that people began to look at that. Along with the uptake of Six Sigma and Lean Sigma, people began looking at harvesting that data that was collected almost as a byproduct of automation and using it for continuous improvement and various other things.

This whole field has matured. Take the example of just the retail industry and all the information that’s collected as a result of point-of-sale processing and things like that. What we've learned is that that’s a rich trove of information that can be mined and used for all kind of things.

What you're seeing with the leaders is that they not only understand it, but they're doing it. That’s a big differentiator between those who understand it and have the insight and the capabilities to take this information and look at it in different ways. I suspect some of the automating of business, the BI automation, as we were talking about, is really a way of going back and using technology to create options for decision making, based on automated looks at data.

Let's talk about the automation of, I think the term you used, Daniel, was the automation of their information strategy, versus documentation. What that tells me is one group is doing it and the other group is just writing it down, and that’s a big difference. It’s like the difference between what most people do with strategy. Most people develop a strategy and there comes nice a book that sits on a shelf somewhere, and very little gets done about it.

The ones who are really leaders are the people who develop a strategy and then part of that strategy is a strategy to implement the strategy. That’s what this automation that you saw among the leaders really reflects -- not just talking about it, but actually doing it.

Single view

Gardner: It strikes me too that this gets back to that theme that we raised earlier about being controlled and being comprehensive as an IT organization. You can’t gain that single view of the customer and you can’t gain insight across an entire business process, purchasing, supply chain, the relationship between cost and outcomes, without that ability to gather all the different bits and pieces and then manage that in some full way.

So it strikes me, again, as an indicator of maturity and comprehensive control vis-à-vis IT and makes them therefore more powerful when it comes to this level of insight. Daniel, what other areas were part of the top findings, and where can we go now to the next stage, which would perhaps a little bit better define what distinguishes leaders?

Dorr: Just to close on that information discussion, I agree completely with Joel’s points. If you think about it, there were seven key attributes that rose to the surface for market leaders, revenue leaders, and revenue followers.

Three of those were around information. Automating your audit and compliance, having an automated information strategy. In other words, as Joel said, doing it, versus just writing it down, and really using BI for decision making. Three out of seven are around information. So clearly this is a key theme for in-market performance.

One of the things we do at HP is workshops for CIOs to help align business and IT and identify the impact that IT can have on the business. This comes up every single workshop we do.

I don’t think we can understate the importance of helping the business see what’s happening and understand what’s happening through automating audit and compliance.

We did it with a retailer recently. It took them days to process in-store information, in order to know what SKUs were selling and how well marketing programs were doing. By the time they had that information, it was too late for them to do anything.

They couldn’t change the SKUs on shelf. They couldn’t update, migrate, manage, or move the marketing program into new regions or what have you. As a result, their performance in-market clearly showed the difference. They were at a 20 percent disadvantage to the revenue leader in their category.

So I don’t think we can understate the importance of helping the business see what’s happening and understand what’s happening through automating audit and compliance, through actually implementing the information management strategy and trying to automate as much as possible decision making using BI.

Dobbs: I would echo that and add one thing. Daniel pointed out that there is increasingly a competitive advantage. The competitive advantage becomes not just doing it, but doing it faster than your competitors and being able to understand the meaning and the application of the data ahead of your competitor.

The retail example is a great one, where you're lagging days behind in your ability to harvest and use the information. Increasingly, the competitive advantage becomes being able to make adjustments and move much more quickly, whether it’s deciding where to place inventory or how much inventory you need to keep on hand, and all those kind of things. Time is money, and being able to move quickly can be a huge advantage.

What about cloud?

Gardner: We haven’t talked too much about cloud computing, and this did come up as one item that distinguishes leaders over laggards. Perhaps we could address that. Daniel, what is it about cloud that popped out in this survey?

Dorr: The focus of the survey was what capabilities clients have today and how that correlates to their revenue performance. We didn’t see a lot of cloud attributes rising to the service in people’s current capabilities. We did, however, see it rising to the surface in the focus area, where we asked IT decision makers, the CIO minus one, what was important to them. We did see a pretty significant difference between what market leaders, revenue leaders, thought was important about cloud versus market followers.

In fact, almost half of revenue leaders see cloud as incredibly important to them versus their peers, almost half of that number in the market followers. So, we're seeing a lot more priority focus on cloud computing going forward.

We didn’t see it driving current revenue performance, which makes sense. Cloud is somewhat of a new technology. We haven’t seen it fully deployed in many cases in driving today’s revenue.

Gardner: For the benefit of our listeners, Daniel, maybe we could just go through the list at a prioritized basis, with descending priority, on what distinguished the leaders over the laggards. I think the top one is security as we mentioned, but let’s just go through it on a list basis, so they can get a sense of the importance.

Cloud is somewhat of a new technology. We haven’t seen it fully deployed in many cases in driving today’s revenue.

Dorr: Sure. Of the 50 attributes that we asked our CIO minus one IT decision makers and directors, what was happening within their IT environment, seven of those attributes rose to the surface, and they fell into three buckets, as we talked about briefly before. One was around the infrastructure side of the equation or the core computing environment, one was around information, and then the final one was around people and processes.

… With the survey, once we identified which specific attributes differentiated market leaders and market laggards or market followers from a revenue perspective, we then put it on a maturity score and we would score them based on those key attributes. You can see a clear difference between those with obviously a higher score, a higher maturity in their IT environment, around those key specific areas and their in-market performance.

Specific areas

So from the infrastructure side, it was custom applications and legacy applications. Leaders had fewer custom applications -- 38 percent versus the followers at 45 percent.

Leaders had fewer legacy applications -- 25 percent versus followers at 32 percent.

Leaders used their server capacity more efficiently. They used about 80 percent of their server capacity at peak usage, versus followers using only 71 percent.

Leaders had security built into the applications as well as at the boundary, versus only a boundary-level security, inside/outside view of the world.

In the information area, leaders automated audit and compliance at an average of about 52 percent versus followers at 39 percent.

Leaders had automated their information strategy, versus followers only documenting their information strategy.

Leaders tended to use more BI and automated decision making versus followers. So 18 percent of leaders had automated business decision making using BI, versus followers at only 7 percent.

Then there is the people and processes side -- and this is an area where CIOs can actually start working on right now without spending a cent -- which was clarity and agreement of KPIs. We saw a big difference in market leaders. There was a high degree of clarity within their organizations about what the KPIs were and agreement on those KPIs, versus only a moderate level of agreement within market followers.

That’s an area where CIOs can take action today. They don’t even have to talk to a vendor or an analyst at all. They can walk right into the CEO’s office and start working on that problem today.

Gardner: Let’s move to a separate lens to view this through. One of the things you asked was a series of questions that led to some conclusions about what distinguishes those who do best, and what leaders were focused more on. You broke it out into five different areas and you got some indicators of why it’s important, leaders versus laggards. Perhaps you could run through those as well.

Leaders had security built into the applications as well as at the boundary, versus only a boundary-level security, inside/outside view of the world.

Dorr: At the end of the survey, we asked them areas of importance, and we gave them security, information and insight, infrastructure convergence, application transformation, and cloud computing. We asked them to rank which were the most important to them. And we asked them to rank their current capabilities.

This was different from the attributes. For example, most of our IT decision makers ranked security, defined as keeping the lights on, as the number one priority. When they ranked their current capability, again, they ranked their current capabilities quite high, doing that well today. Although leaders tended to feel they were doing a better job of keeping the lights on, versus revenue followers.

Number two on the list was information and insight, in terms of driving what is important today from an IT organization. Again, the average of how important it is was not significantly different between leaders and followers. What was significantly different was how well they rated themselves.

We saw this in the individual attributes, but also when they ranked it at the end as well. Leaders tended to outperform, or believe they were doing a better job managing information and insight, than their followers by almost twice as much.

No huge difference

There were no huge differences on converged infrastructure or applications between leaders and followers, but the area where we saw a big difference was in cloud computing. Leaders ranked it much higher in importance and believed their current capabilities are much higher than their industry peers.

Gardner: Joel, let's go back to something you mentioned earlier. You were a little bit surprised that the difference on some of these areas between the leaders and the laggards was smaller -- there wasn’t a great deal of difference. Which of those were you referring to and what does that tell us about a baseline of IT functionality that everyone has, but it doesn’t really distinguish anyone either?

Dobbs: Some of the things really surprised me, security actually. The magnitude of that difference was somewhat surprising. Things like the infrastructure convergence were actually fairly close. I expected a little bit more of a spread there.

Around information and insight, there's a pretty good difference. It's statistically significant because of the size. In many ways I would have expected that spread to be even larger, because so many laggard companies are really just operationally focused, keeping the lights on, etc.

I was even surprised that you had that large of a percentage that rated themselves very capable. I would have expected it to be lower than that. In some ways, I would have expected more of the leaders to have considered themselves very capable. So that was a little bit lower than I would have expected.

We didn’t see a huge difference in the regions, particularly the U.S., Latin America, or Asia Pacific and Japan.

For cloud computing, the capabilities are probably not that surprising but, again, the spread was a little less than I would have expected. Because it's a new technology, one would expect that the leading companies would have been much more further out front, beginning to look at ways of exploring the capability there.

But you had only about 36 percent versus 20 percent. It's statistically significant, but was somewhat surprising to me that the gap was not even larger than that.

If you look back at how they ranked cloud computing by importance, it's the same sort of thing, I would have expected a higher percentage to have been looking, if that's something that’s potentially very important, particularly at some of the capabilities that are available today in SaaS. It's a way of getting away from having to maintain rudimentary legacy systems that really don’t add a lot of business value.

Gardner: Let's slice and dice this a different way. Daniel, what about regional differences, or similarities, but let's start with differences? What were some of the biggest differences by region that jumped out at you? Then, maybe we could ask Joel to tell us what he thinks that means in terms of the progression of these technologies and maturity models around the globe.

Dorr: We didn’t see a huge difference in the regions, particularly the U.S., Latin America, or Asia Pacific and Japan. In those regions we saw a little bit in terms of platforms -- Windows versus Linux, virtualization, and so forth -- but not huge issues. It was more kind of personal preferences.

Mainframe in Europe

The one that did jump out at us though was Europe. The biggest difference in Europe is that there is actually a growing movement around the mainframe. At the global level, we saw the mainframe was irrelevant to market leaders versus market followers.

In other words, some market leaders were moving more towards the mainframe, some market followers were moving more towards the mainframe. Some market leaders were moving off of the mainframe and some market followers were doing the same. So there was no correlation between a mainframe strategy and in-market performance anywhere, except in Europe.

In Europe, we saw that market leaders were those that were moving and growing their mainframe strategy, versus market followers who were just maintaining their current mainframe strategy.

Gardner: What does that tell you, Joel? What is it about Europe that has them so interested in mainframes or perhaps that leads them to be successful?

Dobbs: That’s a very good question. That’s actually a surprising finding. Having worked in Europe for a number of years earlier in my career, there are two things that I suspect that might be factors, and these are generalizations. So I don’t know if they're applicable in all cases.

In Europe, we saw that market leaders were those that were moving and growing their mainframe strategy.

What you see a lot of times in European companies is a much more conservative approach to a lot of things in business, and IT is certainly one of those. So change doesn't always come as rapidly in some of those cultures as one would see in cultures with a higher risk tolerance, like you may see in U.S. and other areas. That may be one thing.

The other thing I would wonder about is the extent to which the economic environment there may have an impact on this. You're seeing growth in the mainframe sector, largely because companies may be avoiding expensive investments in other technologies and simply expanding upon what they already have. There are a lot of implications, not only in terms of software and licensing and a number of other things, in being moved to another platform.

So I wonder if the economic environment there has been a factor as well. It's hard to say, but that’s interesting and somewhat perplexing finding.

Gardner: It makes sense that they are maintaining their current systems rather than growing and modernizing.

How about vertical industries, Daniel, anything that jumps out there in terms of which vertical industries that you examined and broke out in your survey seemed to be doing well, and for what reasons?

Vertical industries

Dorr: We looked at retail, communication service providers or telco, manufacturing, energy, healthcare, and banking. The results were comparable to what we saw in each of the regions with what we saw at a global level.

We saw a couple of differences in each of the industries. In retail, for example, when it came to their information strategy, a new aspect was how they managed both structured and unstructured data, versus only structured information.

This makes sense, if you think about it from a retail perspective. There is a lot of qualitative information coming in for leaders to understand, not just that the inventories are up or down or sales are up or down, but to understand why. So that was a big one that’s different from a retail perspective.

In communication service providers, no big differences there between what was happening at the global level versus the retail level.

In manufacturing, we saw a little difference in terms of external IT spend on new applications. In this case, leaders were spending less on new applications than followers.

In manufacturing, we saw a little difference in terms of external IT spend on new applications. In this case, leaders were spending less on new applications than followers.

In the energy sector, there were no significant differences there, or in healthcare. In banking, the one biggest one was cloud capabilities. We did see a lot more interest in cloud in banking than we saw in some of the other areas. Otherwise, it was very similar to what we saw at the global level.

Gardner: So we've got some interesting takeaways here about the role of modernizing, gaining visibility, measuring along the way, being comprehensive in how IT approaches these problems, being responsive to the business on the business terms rather than the technology terms, with an emphasis on culture as well and the people and the process. We've talked about this at a high level.

Daniel, for those folks who are intrigued and would like to get some of these statistics and findings themselves, do you have a place they can go to learn more to either perhaps see a slide deck, a white paper? What’s available for them?

Dorr: A couple of places. First of all, you can join us at the HP Discover 2012 event in Las Vegas in June. We'll be presenting these results there and sharing it with attendees there. In addition, they will be posted on hp.com.

Gardner: Great. Joel, what takeaways do you have from this in terms of whether people should readjust their thinking or perhaps take a pause and ask what they can be doing different when they sort of tease out some of the findings here?

Impact of investments

Dobbs: There was an interesting study published by MIT just a month or so ago that looked at a number of companies. What they found is that some of these companies that were investing heavily in IT, the IT investments actually had a greater impact on profitability than the same amount of money invested in research and development or in advertising. That’s a shocking finding.

I think what happens, when you delve underneath these companies who get such great returns on IT, you find two or three different things that are embodied in what we saw in some of the leaders here.

One of them is really good governance around decision making. The second thing is probably ownership of IT by the entire executive team. And I think the third thing is that they're probably measuring their return using business metrics on the investments that they make.

That’s what differentiates the leaders from the laggards -- they're approaching IT holistically as a core part of their business strategy, instead of seeing it as a support function or a back-office function.

That’s what differentiates the leaders from the laggards -- they're approaching IT holistically as a core part of their business strategy.

And things like this study that we've just been talking about today, as well as the MIT study, help add credence to the idea that money is well invested in IT, and I emphasize well-invested. It can have a tremendous payback, but only if you use it wisely.

Gardner: And that sort of runs counter to the perception of IT as a cost center, rather than as an enabler for growth and opportunity.

Dobbs: Precisely.

Gardner: Okay. Daniel, last word to you, are there takeaways or areas that we may not have covered that you think we should also uncover here?

Dorr: Joel said it very eloquently. There is a large body of research. Now, we have HP's own research. We have the MIT study, showing that there is a clear correlation between technology and in-market revenue results. As CIOs, we should feel confident to walk into the CEO’s office and talk to them about the strategic benefits that we can offer the organization.

The two biggest areas that we should be having conversations with our business counterparts today are clearly around information and KPIs. If we have agreement on those, we've covered more than half of the key attributes that we see between market leaders and market followers.

So there's a lot of opportunity for us in IT to start playing an even bigger leadership role in helping our companies innovate and drive in-market results. I look forward to seeing what the results look like two years from now, once we see cloud and other things deployed and driving even bigger benefits.

Gardner: As you point out, there's a lot more room for growth around those BI and analytics benefits. They're already sort of showing a great deal of worth even though we are still early into it.

You've been listening to a sponsored BriefingsDirect podcast discussion on some new findings from a recent survey on priorities for IT organizations and what distinguishes leaders and laggards in the field based on their business outcome.

I'd like to thank our guests, Joel Dobbs, President and CEO of Compass Talent Management Group, as well as Executive in Residence at the School of Business at the University of Alabama at Birmingham. He is also a lead blogger and a member of the Enterprise CIO Forum.

And we've also been joined by Daniel Dorr, Worldwide Solutions Manager for HP Enterprise Marketing. Thanks to you both.

Dobbs: Thank you.

Dorr: Thank you.

Gardner: This is Dana Gardner, Principal Analyst at Interarbor Solutions. Thanks also to you for listening, and come back next time.

Listen to the podcast. Find it on iTunes/iPod. Download the transcript. Sponsor: HP.

Transcript of a sponsored BriefingsDirect podcast on the results of a survey that show that innovation focusing on information and KPIs drives substantial positive business results. Copyright Interarbor Solutions, LLC, 2005-2012. All rights reserved.

You may also be interested in:

• HP Discover 2012 conference promises insights, information and user networking as businesses face a crossroads in IT delivery
  
• Expert Chat with HP on How Better Understanding Security Makes it an Enabler, Rather than Inhibitor, of Cloud Adoption
• Expert Chat with HP on How IT Can Enable Cloud While Maintaining Control and Governance
• Expert Chat on How HP Ecosystem Provides Holistic Support for VMware Virtualized IT Environments
• Continuous Improvement and Flexibility Are Keys to Successful Data Center Transformation, Say HP Experts
• HP's Liz Roche on Why Enterprise Technology Strategy Must Move Beyond the 'Professional' and 'Consumer' Split
• Well-Planned Data Center Transformation Effort Delivers IT Efficiency Paybacks, Green IT Boost for Valero Energy

HP Discover 2012 Conference Promises Insights, Information and User Networking as Businesses Face a Crossroads in IT Performance

Transcript of a sponsored BriefingsDirect podcast on the upcoming June 4 HP Discover 2012 event in Las Vegas.

Listen to the podcast. Find it on iTunes/iPod. Download the transcript. Sponsor: HP.

Dana Gardner: Hi, this is Dana Gardner, Principal Analyst at Interarbor Solutions, and you’re listening to BriefingsDirect.

Today, we present a sponsored podcast discussion on the upcoming HP Discover 2012 conference and why this June event in Las Vegas is both an exclamation point on the current enterprise IT climate of change, as well as a neon signpost for HP's strategy and direction.

We'll look at why IT is at a crossroads, and how the very nature of IT is being redefined as a result of such large and global trends as the accelerating speed of business, cloud computing, security needs, mobile, energy-conservation demands, and especially the new role of IT as a service.

Such trends are pushing those tasked with supporting their businesses, as never before, to meet and collaborate with their peers and colleagues, and really re-evaluate how IT and business come together.

We'll show how HP Discover 2012 provides an unparalleled opportunity for HP users to absorb the insights of the HP ecosystem and to learn more about their fields and technologies from their peers and associates. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

We'll further examine how this event marks an important time for HP, as it solidifies its responses to these trends, provides new levels of education and more insight into its new product services, vision, and leadership.

Lastly, we'll explore how attendees at such events can best benefit while there by identifying some best practices and by describing some of the meetings, fun events, and collaboration opportunities.

With me now to help better understand HP Discover and its benefits is Nina Buik, Chief Marketing Officer at Connect Worldwide, the largest user community of HP Business Technology customers with more than 55,000 members worldwide. Nina is also a noted blogger, author, and a longtime observer of all things HP.

Nina, welcome to BriefingsDirect.

Nina Buik: Thank you. Good to be here, Dana.

Gardner: Now, I've been at a few of these events, and you've been at a few of these events. Almost every time we’ll hear the idea that things are different and changing, but I honestly believe that this is really an exceptional time for IT. The amount of change, the pressure, the insistence from businesses on getting new and better results from IT make it an unprecedented time. I hope you share that, and maybe you can explain it better than I can.

A crossroads

Buik: Absolutely, Dana. You I have been in this industry for quite some time and have seen lots of changes, but I think we're at a crossroads right now, going into a new era of computing with cloud computing, bring your own device (BYOD), the challenges with security, and a laser focus on gaining better business outcomes through technology. This is why it's so important this year to come to events like HP Discover to get answers.

We've talked about networking with peers in order to be able to understand how they're achieving some of these goals, but also you want to look within the data center. You’ve got fewer and fewer people supporting IT.

IT has become very sophisticated, requiring fewer hands to touch the system. Therefore folks need to get out and hear messaging from their partners, HP, and HP’s partners to see how they can achieve these goals.

Gardner: One of the interesting things, when we talk about the effect on individuals who are managing and implementing IT, is that they're being required to be both specialists and generalists. The days of being niche oriented are over. You need to be very deep, but you also need to understand the business implications and how you play a role in the organization culturally.

So it's an important time for people to look within themselves and ask, "How can I improve my situation in order to help IT be better for my company?"

Folks who were in more of a management or a systems management role are being asked to be strategic as well.

Buik: You're absolutely right. You bring up an important point, because I think that the trend also is that folks who were in more of a management or a systems management role are being asked to be strategic as well.

They're having to expand their knowledge of systems, instead of just focusing on the network and the integration of how storage fits into this, how parts of our ecosystem work together and, talking about goals, how do we achieve these goals by integrating all of these aspects?

Gardner: HP Discover is at the Venetian Hotel and Sands Convention Center in Las Vegas. It is the week of June 4 and goes for 4-5 days. For those folks who might not be familiar, Discover is really the culmination and the integration of a number of other conferences that had been a part of HP and its other companies that came from the acquisition trend that led to the modern HP over the years.

So this isn't really a small event. I think it's something like 10,000 attendees. This is really the mother of all events for HP. Isn't that right, Nina?

Buik: Absolutely. I've been attending this event every year since it's started in Orlando. If you recall, Katrina forced the event to move to Orlando from New Orleans, and I've seen it grow every year. It's been so exciting not only to see the changes in technology, but to bring in other communities.

Important addition

As you know, the event brought in the software community. Software Universe merged with HP Technology Forum & Expo to become HP Discover. That was really an important addition to this event, because you really can't have one without the other. They need to be together, and it's very exciting to see the results of that. Last year was incredible with 10,000 people together, and really, it helps the attendees get the most out of their investments.

Gardner: You bring up an interesting point about the technology, the software, and everything coming together. All of those people involved with these aspects of IT will be under the same roof. This is another reason I think we’re at an really exceptional time in IT.

Innovation in the past sort of came on a spot basis. We may have had an ability to do networking faster. We may have had an opportunity for new standards to be brought to interoperability. Or perhaps there were accelerating benefits around best practices for development, test, deploy and performance management.

But when you look at trends like big data, cloud computing, hybrid computing, converged infrastructure, and modernizing applications -- these are trends that have cut across all aspects of IT. They show that IT needs to be done with a comprehensive strategic approach. It's not just bolting something on anymore.

One of the things about HP is that there are really just a very few organizations that can be brought to bear at that strategic level, where it’s not incumbent than upon the end-user organization to pull these threads together. You’ve got a partner in a company that also has its fingers in all the right places.

There are so many opportunities where you can sit down side by side with engineers and get questions answered.

Do you share that view that we're at a unique time, where being comprehensive is actually an asset to being able to change IT holistically?

Buik: You hit on something key. Partnerships and alliances are so critical right now. A lot of companies in the small-to-medium size business (SMB) space typically don't have that opportunity to sit down with a company like HP to discuss all of these concerns and how to tie them all in together. At HP Discover they can do that.

There are so many opportunities where you can sit down side by side with engineers and get questions answered. So you have that expertise at your fingertips. You're able to bring that back to your organization, make those plans, and achieve the goals that you're looking for.

But in terms of partnership, relationships are built on trust. When you have that trust relationship, there's accountability on both sides to communicate well, to focus on the goals, and look at HP as a trusted partner.

I use Pella as an example. You and I have spoken about Pella before. Pella is a great example of how an effective strategic alliance relationship with a key partner can absolutely yield better business outcomes. They're in the housing industry. I think they're the number one or two windows and doors company in the world, and they maintained their profitable status through the worst housing crisis we’ve ever faced.

Strong partnership

They’ve done that through proper utilization of their information technology, so that they don’t over order and they don’t over staff. It’s been remarkable to see how they’ve done this through a strong partnership with HP and they're getting ready to implement a hybrid cloud as well.

Gardner: We’ll revisit some of the users and ways that companies are benefiting a little bit later, but I’d like to hear some more about Connect Worldwide. You’ve also had a variety of different threads that have come together over the years and now you're large and global with 55,000 members. Tell me a little bit about the history of Connect and why this is such a big deal for you too?

Buik: This is near and dear to my heart, Dana. I’ve been involved with the HP user communities going back almost 20 years, as a former member of the community and a member of the board of directors. The communities decided to come together in 2008. You had the NonStop community, the traditional HP-Interex community, as well as Encompass come together to form one large HP enterprise user community, and we became Connect.

The things that we’ve accomplished together and the way that we focus on help the users become successful with the technologies they use. Our goal is to help a member get the most out of their business technology investments. We do that through providing opportunities to influence HP and HP’s partners, or advocacy, and education and awareness. We're making the members aware of not only what’s going on within HP, but educating them on products and solutions that HP has available for them.

Most importantly, we provide opportunities for like-minded users to get together and share best practices. They can learn from each other, and it’s magical when it comes together. It truly is. So we look forward to having a record number of members attend HP Discover this year.

They bring these two together and they're able to make some strategic decisions that they can bring back to their organizations.

Gardner: Why do you suppose that’s the case, Nina? Why do you have so many Connect users flocking to Discover this year?

Buik: There are a number of reasons. Number one, we're introducing new special-interest group meetings at HP Discover this year. We're launching a cloud special interest group (SIG). We have a Superdome SIG and a variety of other SIGs. But aside from community, I think this is the right time.

We're at crossroads in technology, and people within the community know that, at community events, they're going to be able to discuss with other folks how they're using a particular technology. For example, if they're interested in cloud computing, what’s a better place to come together to learn how other companies are using these technologies as well as understand what HP is offering? So they bring these two together and they're able to make some strategic decisions that they can bring back to their organizations.

Gardner: I should point out as full disclosure that I'm a blogger on the Connect site and really appreciate the opportunity to participate. It’s been three or more years that we’ve been doing that.

I envy the fact that you’ve got 55,000 people that you can tap into. As a researcher, myself, it’s probably an unparalleled opportunity to reach the HP ecosystem and find out what’s going on. Have you’ve been doing any polling recently? What have you been able to tell us about what the zeitgeist, the mentality, is among your users?

Peer networking

Buik: We can talk about a few polls that we’ve done recently. Just before the registration for Discover launched, we wanted to understand why our members wanted to attend Discover. The number one reason was peer networking, followed closely by education.

That ties right back into what we were just talking about, being able to talk to other members and just other attendees about their experiences working with HP and using various HP technologies. What is the saying, "Self praise is no recommendation?" You really learn more from others.

Then again, tie that right into speaking with the HP engineers and other professionals about what HP has to offer, and between the two, you can make great decisions. In terms of education, there are over 700 sessions in the session catalog. There's everything from cloud to security. There is just so much being offered.

Another interesting poll that we did on the top technology trends for 2012, a lot of folks are looking at platform migration, the Oracle announcement. So we know there are members who are looking at platform migration, and that could be a huge endeavor, depending on the company size, the size of the systems, or the number of systems involved.

So what better place to go to, to learn from others who perhaps have experienced that, than at an event like HP Discover?

There are members who are looking at platform migration, and that could be a huge endeavor, depending on the company size, the size of the systems, or the number of systems involved.

Gardner: You know, how dependent we are now on social media, with tweets, blogs, Facebook alerts, and walls of friends and associates scrolling by us. But there really isn’t a better place to do that than in person. If you're a big fan of social media then you'd think that you’d also be a big fan of social interactions that can be far richer and extemporaneous.

You are going to have interactions, as I often do at these events, that you don’t expect. We meet people that you don’t have on your list. It’s a way of broadening those concentric circles that we all seem to depend on more-and-more.

Buik: Absolutely, and you can extend the conversation beyond 140 characters.

Gardner: Tell me, before we move on to some of the particulars, what’s going to happen at Discover. Certification is also a big deal now. Getting back to that issue about career and how to position yourself at these crossroads for your personal future, isn’t there sort of a big opportunity around certification here at these events?

Buik: There is. The ExpertONE community is offering five free certifications with your registration. Each one of those certifications cost anywhere between $150 and $200. So that’s a huge deal. But more than that, through the years, the importance and significance of certifications has changed.

Now, more than ever, IT professionals are looking at certification as a means to separate themselves from the competition for particular job opportunities, or even within an organization, to show that they can kind of move up within an organization.

Flooded market

There are just so many people now looking for work. It’s a very flooded market. I recently spoke with the CIO who said, I post one opportunity and my human resource manager brings me 1,500 résumés. The only way I can differentiate, to weed out the first round, is through certification. So it’s really important.

Gardner: Discover, of course, provides an unprecedented opportunity for HP itself. They have the opportunity of getting 10,000 people under "one tent." They have their main stage presentations. It’s really the premiere coming-out party for HP, when it has new vision, when it has strategies that it wants to solidify, and when it comes to introducing and affirming leadership.

As I understand it, these main-stage events are going to have an emphasis on converged cloud, application transformation, enterprise security, and information optimization, that big-data part that’s so important for organizations now. Of course, that includes the non-structured information too.

We're going to hear from Meg Whitman, HP’s President and CEO. I think it’s her first big appearance in North America. She did, of course, present in Vienna at the fall Discover. Is this a big deal for Meg, in particular, do you think, Nina?

Buik: I think so. I did hear her speak in Vienna, as her first opportunity to address HP customers. She did absolutely what she should do, as explained in her vision for the company. Now it’s time to turn the corner and talk about technology, where we're going with technology, and how HP has committed to supporting the customer through these changes.

There are just so many people now looking for work. It’s a very flooded market

This is even more important than that first opportunity to say, "Here’s who I am. Here’s a little bit about me." She has established herself, and now it’s time to focus on the technology and on how HP is committed and dedicated to helping HP business technology customers achieve success in this new environment.

Gardner: And she is going to be joined on stage by such HP leaders as Dave Donatelli, the Executive Vice President and General Manager of the Enterprise Group; Todd Bradley, the Executive Vice President of Printing and Personal Systems Group; Bill Veghte, the Chief Strategy Officer and Executive Vice President of HP Software; Mike Lynch, the Executive Vice President for Information Management; and John Visentin, Executive Vice President for Enterprise Services.

I also understand that Jeffrey Katzenberg, the CEO of Dreamworks Animation, is going to be on stage. Of course, Dreamworks has been in tight collaboration with HP in the production of its animation and 3D products. So that should be very interesting.

You mentioned earlier that we’ve got something like 700-800 business and technical sessions. There is the Discover Zone of the exhibits area, where more than 350,000 square feet space will be devoted to IT solutions from the ecosystem, where you can find the partners and the folks that are part and parcel of the total-solution approach.

There is the one-day Partner Summit on Monday, June 4, and an invitation-only CIO Summit as well. Now, tell me about Connect. You’ve got some of your own events at Discover, I think there is a community night?

Opportunity to network

Buik: Absolutely. Connect will be part of the Community Lounge in the Discover Zone. It’s right next to the bloggers’ lounge. So it’s an opportunity for Connect members and folks who don’t know about Connect to come to learn more, as well as take a load off their feet. No one is trying to sell anything. We're just trying to make sure everybody is comfortable, happy, and has an opportunity to meet and network with others.

Typically, a lot of folks come to the Community Lounge and use it somewhat as an informational area. Where can they learn more about x, y, z, or where might there be a particular topic? The great thing is that so many people are attending, we can actually make those connections right there. So it’s really a neat place to be.

Also, on Wednesday evening, we're hosting a community appreciation night with Vivit which is the HP software community. That’s going to be at Gilley’s, across the street from the Venetian at Treasure Island. Wednesday evening, we're going to host a tweet up from 7:00 to 8:00 followed by a Going for the Gold community appreciation night. So there’s going to be a lot of fun, as we kind of celebrate the ancient Greek games, but western style with a twist. So we’ve got a lot of fun things coming.

As we talked about social media earlier, we're really tying in social media as part of this event to extend the buzz around the world.

Gardner: It’s in Vegas. So there are always interesting things going on there, and HP takes advantage of that venue.

My advice to folks who are attending an event as big as HP Discover is to define what your goals are for the event.

So I'm looking forward to this. There are a lot of fun things, a lot of interesting things for your personal career, for your company, and then of course, learning more about where HP is heading in the coming year or two.

Any other presentations that jump out at you? I know there are over 700 to choose from, but maybe you could tell us some best practices, when you’ve got this ocean to boil at an event this big, but you have limited time and availability for taking advantage of that. How do you triage? How do you find the best and tailor what to do to get the most bang for your buck and your time?

Buik: Dana, my advice to folks who are attending an event as big as HP Discover is to define what your goals are for the event. I want to learn more about XYZ or my goal is to come back with a plan for how we're going to implement a hybrid cloud or a private cloud? Or my goal could be that I find myself in between jobs. I know folks who are doing this. They've bought their registration and they're going there to network, because they’ve worked in the HP space for so many years.

But have a plan. Then, go look at the session scheduler and find the sessions that match your plan. You can do a keyword search. You can do a search by track. Identify the sessions that will meet your needs or help you meet those objectives.

Look for SIG meetings, if you want to hear from peers. Connect has 12 SIG meetings. So keyword search SIG. That's a great opportunity for you to interact not only with other like-minded professionals, but also with HP folks who are subject matter experts on that particular topic or SIG.

Have a plan

But it's really important to have a plan. As you just said, Dana, there is something going on every minute of every day for those four days. So you have to plan carefully.

But also take time to socialize. A lot of times at these evening events and member appreciation events, really good networking occurs, because everybody is not so focused on learning, but open to having discussions and conversations with others. So I definitely encourage folks to take advantage of the social opportunities, as well as so many educational opportunities that exist.

Gardner: I was looking over some of the presentations and a couple jumped out of me. I'm going to give some times and dates. They're subject to change, but I'm going to take the risk anyway.

One that grabbed my attention was "Winning with HP's Converged Cloud Solutions," 11:15 on Tuesday, June 5. Marge Breya, Vice President Worldwide Marketing for HP Software, will be presenting along with Steve Dietch, Vice President, Worldwide Cloud. That should be of interest.

"Project Odyssey," which is defining the mission-critical computing, 1:30 on Tuesday. Martin Fink, the Senior Vice President and General Manager of Business Critical Systems, will be presenting and redefining data-center economics with the new ProLiant Gen8 servers, a very interesting subject.

There is something going on every minute of every day for those four days. So you have to plan carefully.

Mark Potter, Senior Vice President and General Manager of Industry-standard Servers and Software, will be presenting "Enterprise Security," always a top topic, at 5:15 on Tuesday, June 5. Tom Reilly, Vice President and General Manager of Enterprise Security. So lots of big stuff, not just the main stage, but some really interesting subjects by some of the top people in the field.

So I hope we’ve enticed some people’s interest in this. I hope that they consider not only the event but also being part of Connect tin the community. More information of course is available online. You can do a search on HP Discover 2012 and get there very rapidly. There is also a full page devoted to HP Discover on the hp.com site.

And if you haven't registered, there are ways of doing that. Do you have any codes or any goodies for people that are registering that might take advantage of your organization?

Buik: We absolutely do, Dana. You can learn more about Connect by visiting connect-community.org, but also if you register for HP Discover you can get a $300 discount and be affiliated with the community, so that you can get your fast pass into the community party on Wednesday evening. The code is UG2012.

Gardner: That's worth $300?

Buik: $300.

Gardner: Not bad.

Buik: Easy money.

Gardner: Well good. I look forward to the event. I look forward to seeing you again, Nina. It's fun to hang out and learn more from the folks around us. I'm going to be doing some podcasting as well at Discover, as I have been doing for a few years now. So that should be fun.

You've been listening to a sponsored BriefingsDirect podcast discussion on the upcoming HP Discover 2012 Conference and why this June event in Las Vegas is both an exclamation point, if you will, on the current enterprise IT climate of change, as well as a neon signpost for HP's strategy and direction.

We've seen how this June 4 event marks an important time for HP and it certainly should mark an important time for the attendees, their careers, their companies, and how they're going to tackle this important time in IT and business in general.

I would like to extend a thanks to our guest, Nina Buik, Chief Marketing Officer at Connect Worldwide. Thanks Nina.

Buik: Thank you, Dana. See you in Vegas.

Gardner: Absolutely. This is Dana Gardner, Principal Analyst at Interarbor Solutions. Thanks again for listening, and come back next time.

Listen to the podcast. Find it on iTunes/iPod. Download the transcript. Sponsor: HP.

Transcript of a sponsored BriefingsDirect podcast on the upcoming June 4 HP Discover 2012 event in Las Vegas. Copyright Interarbor Solutions, LLC, 2005-2012. All rights reserved.

You may also be interested in:

• Expert Chat with HP on How Better Understanding Security Makes it an Enabler, Rather than Inhibitor, of Cloud Adoption
• Expert Chat with HP on How IT Can Enable Cloud While Maintaining Control and Governance
• Expert Chat on How HP Ecosystem Provides Holistic Support for VMware Virtualized IT Environments
• Continuous Improvement and Flexibility Are Keys to Successful Data Center Transformation, Say HP Experts
• HP's Liz Roche on Why Enterprise Technology Strategy Must Move Beyond the 'Professional' and 'Consumer' Split
• Well-Planned Data Center Transformation Effort Delivers IT Efficiency Paybacks, Green IT Boost for Valero Energy