informa
/
4 MIN READ
Commentary

CIO Summary: Killer Insights From The IW 500 Conference

From HP Chairman Ray Lane challenging IT to the confessions of a hacked CIO, the InformationWeek 500 Conference had plenty to make IT leaders squirm.
"A long habit of not thinking a thing wrong gives it a superficial appearance of being right." -- Paul DePodesta, New York Mets VP of player development and scouting

DePodesta quoted Thomas Paine to make a point of how hard it is to overturn long-held practices, something he did with the Oakland A's under general manager Billy Beane, of "Moneyball" fame. DePodesta and Beane were pioneers in evaluating baseball players based much more on data--including data they didn't have and had to start collecting--and much less on the judgment and intuition of scouts.

The A's management needed "absolute organizational consistency," DePodesta said. If they embraced a metric, it had to drive decision-making from the general manager out to every minor league scout. They had to challenge long-held beliefs by agreeing they would only trust judgments that could be backed up by data. It took a commitment to look at data first and intuition second. “The only thing we were going to be wed to is being open minded,” DePodesta said.

Many companies are pushing more data-driven decisions, from pricing to advertising to merchandising. It's a ticking time bomb for those who underestimate this imperative and the change management required.

"Social media points us in the direction of where we need to do more research." -- Jared Anderson, Best Buy senior manager of customer experience research

Best Buy is a leader in sentiment analytics, using software to monitor blogs and social networking sites to know what people are saying, good and bad, about new products and Best Buy itself. That monitoring helped it realize just how unpopular the chain's "restocking fees" were. Not only did lots of people hate them, but people in the most profitable and influential customer segments tended to be the biggest critics. That sparked more research, leading Best Buy to drop nearly all its restocking fees last December.

Best Buy has been using sentiment analysis for several years, but the effort started in its customer insight group, not IT. Only recently has IT played a more central role, and in doing so it's bringing the technology to new areas of the company.

Other IT leaders should learn from this example: Don't wait for someone else in the company to get started with sentiment analytics. Drive this effort with your marketing teams.

"It's important that organizations that do experience this kind of breach come clean and help others understand how this happened and what we can do to defend against them." -- Jerry Johnson, CIO, Pacific Northwest National Laboratory

Johnson did what few CIOs anywhere will do: He shared with the public, blow by blow, how his IT systems were hacked via an advanced persistent threat.

Johnson shared important changes the national lab, whose main customer is the U.S. Department of Energy, has made in the wake of the attack. It severed what had been a direct Web connection to a "trusted partner" that was an unknowing conduit of the attack, having concluded that the partner doesn’t have the same security standards as the lab. Johnson is also looking to get rid of any small-scale legacy systems that remain at PNNL--the hackers searched for and exploited one of just two ColdFusion-based websites the lab still had. Companies often don't keep up the attention and technical skills needed to keep those small systems secure. And PNNL's now collecting 90 days of full packet capture data, which helps it know whether hackers got what they came for, whereas it used to keep 30 days. (PNNL concluded hackers didn't get any sensitive information.)

Johnson's also looking at sandboxing Web browsers, so they live in a "virtual operating system" and any data --and therefore malware--is deleted when the browser is closed. Web browsers are a main attack vector.

Johnson made a tough call in the immediate aftermath of the breach: He shut down the lab's Internet connection and thus cut its scientists off from the peers they collaborate with worldwide.

An equally tough call was when to open the lab's network back up. Given the sensitive work PNNL does, attacks would no doubt happen again. But Johnson laid down this principle: "A re-compromise of the network any time soon would be unacceptable." Another quick breach would erode the confidence of partners and the government. Johnson made the accountability clear: He personally signed off on the firewall rules for each system that came back online.

There was plenty to agree or disagree with at the InformationWeek 500 Conference. Whether you attended the event or not, please add your insights to the discussion.


Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing