Editor's Note: Welcome to SmartAdvice, a weekly column by The Advisory Council (TAC), an advisory service firm. The feature answers three questions of core interest to you, ranging from career advice to enterprise strategies to how to deal with vendors. Submit questions directly to [email protected].
Question A: What approaches are effective for measuring the business value delivered from various IT investments?
Our advice: Tying IT expenditures to the business value they provide has long been a Holy Grail for senior executives. It's an issue pursued from two distinctly different viewpoints. Especially in tight economies, CEOs and CFOs suspect they're spending too much on IT for the value they receive, and seek ways to bring spending into alignment with that perceived value.
Not surprisingly, IT executives often believe that IT is under-funded for the value it delivers. As always, reality lies somewhere between these opposing viewpoints, but finding it has proven to be very difficult. A major stumbling block is the inability to meaningfully measure IT's contribution to the prosperity of the business it supports. Conversely, costs are easy to capture, providing a convenient fallback for measuring IT performance, but bearing no relationship to the results driven by IT expenditures.
Challenge Of Assessing Benefits
While costs are easy to track, measuring tangible benefits takes considerable effort. Unlike costs, there are no standard formulas for capturing benefits. Each process has its own unique benefits, and each benefit identified is likely to require its own custom method of measurement. Unfortunately, the best and largest benefits are often the ones that are the hardest to measure. As a back-office operation in most companies, IT tends to be several layers removed from the business outcomes enabled by its services. For example, IT may implement a new customer-relationship management application to enable the company's marketing and sales organizations to better serve their customer base. Presumably, the end result is happier customers who buy more products from the company. However, there are likely to be many steps and variables between the CRM system and this end result. Moreover, when revenue increases, was the major driver the CRM system, a marketing program enabled by that system, or the newly hired vice president of sales and marketing?
Measuring The Value Chain
If the company's sales and marketing processes are carefully documented, measured, and managed by their respective organizations, the questions posed above can probably be answered, and a fair share of the benefit can be apportioned to the new CRM system.
Creating an "as is" map to document the process's current state before implementing a new IT system enables the business area and IT to better predict benefits and to establish a baseline from which to measure those benefits. In the case of the example of the CRM system, the analysis may determine a per-customer value based on current purchasing trends. The goal of the CRM system and the activities it enables may be to increase that per-customer value by a given percentage. The change in this value can be measured after the system is in operation, and also can be translated into a direct revenue value for the company.
-- Ian Hayes
Question B: A growing proportion of our workforce is telecommuting, leading to increased use of our VPN from computers in employees' homes. What security measures should we be taking?
Our advice: The natural inclination when implementing a virtual private network is to focus on the security of the encrypted VPN connections themselves--what protocols to use (Internet Protocol security, Point-to-Point Tunneling Protocol, Layer Two Tunneling Protocol, proprietary); whether to use a firewall-based VPN versus VPN services on a general-purpose operating system; how to authenticate users, etc.
While it's necessary to consider all these issues, it's easy to overlook the most serious potential security exposure associated with VPNs--the remote-client systems.
Employees' home PCs with VPN access therefore require the same kinds of defense-in-depth that should be applied to office networks--up-to-date operating system and application patches, software firewalls, antivirus software, least privilege, strong passwords, etc., to enforce this discipline. To reduce this exposure, VPN access should only be permitted from computers that are under the control of the company's IT staff. If VPN access from home computers is permitted, there should be strict policies regarding the software configuration and other uses (e.g., by other family members) of the home computer.
-- Peter Schay
Question C: Our servers are more than five years old. Management wants to defer investment in new servers as long as possible. How long can we delay server upgrades before it will hurt our business?
Our advice: You aren't alone. Many companies in recent years have been saving money by extending the time between hardware upgrades for both servers and desktop systems. As the cost of servers continues to plummet (a decent rack-mounted server can be had for under $5,000), and computing power continues to rise, the question of when to upgrade becomes trickier. The answer, as always, depends on your industry, hardware, and specific application software requirements.
You Can Delay Upgrades If
You can hold off another year or so if:
You Should Replace If
Reasons to replace your servers include:
In conclusion, determine your requirements for up-time and tolerance for risk. If you configured your server environment appropriately five years ago, and you have no pressing need to upgrade your operating system or applications, then you can probably use your systems for another year or two. If your mission-critical application requires a major upgrade, then plan on buying a replacement system soon.
-- Beth Cohen
Ian Hayes, TAC Thought Leader, has extensive experience in improving the business returns generated by IT investments. He is the author of three IT books and hundreds of articles and is a popular speaker at conferences. He helps companies focus on value-creating projects and services by better-targeting IT investments, improving the effectiveness of IT execution, optimizing the sourcing of IT activities, and establishing measurement programs that tie IT performance to business value delivered.
Peter Schay, TAC executive VP and chief operating officer, has 30 years of experience as a senior IT executive in both IT vendor and research industries. He was most recently VP and chief technology officer of SiteShell Corp. Previously at Gartner, he was group VP of global research infrastructure and support, and launched coverage of client/server computing in the early 1990s.
Beth Cohen, TAC Thought Leader, has more than 20 years of experience building strong IT delivery organizations from both user and vendor perspectives. Having worked as a technologist for BBN, the company that literally invented the Internet, she not only knows where technology is today but where it's heading in the future.