Is traditional "cost cutting"really the answer? Cost reduction is a promising solution to sustain profitability for nearly all organizations. However, the key to success is finding creative ways to prevent costs.

Metrics are the way we see it.  Metrics based solutions allow enterprises to improve their understanding of the key drivers of profitability and enable them to develop a cost redistribution program that will ensure long-term financial viability. It is critical to identify the areas where cost can be eliminated or reduced and to create and implement a formal cost review process.

Enterprises of all types are feeling the pressure as customers' disposable income decreases while trying to keep up with higher costs of living. Over the last several years, cost management strategies have become the focus of executive management due to global economic challenges.

These external drivers of cost management include:

• Marketplace Competition - competitors providing similar products at lower prices
• Recession Fears - less cash flow in the marketplace
• Rising Production Costs - increasing cost of energy and material
• Inflation - declining value of currency and/or rising prices of goods and services
  Increased
• Investors and Boards of Directors Pressures - missed revenue targets, mergers and acquisitions

IT Service Management is possible only with client and IT agreement that service is being delivered.  The ITSM SOA Template is the perfect solution.

Next, call a meeting with your business analysts. Walk them through the full list, then parcel out the requests based on each analyst's expertise and ability to get along with the various execs. In this discussion, let them know you're looking for quick solutions that are good enough, not elegant solutions that will withstand the test of time. Their job is to figure out how to get each exec most of the improvement they're looking for and quickly, not all of the improvements they'd like done the "right way."

This means that if a twice-a-day batch extract into Excel file works, there is no need to create a real-time SOA-driven interface. It means that a once-a-night dump-and-load into Excel might be a better answer than enhancing the data warehouse and its business intelligence interface.

It might mean nothing more than teaching their staff how to assign tasks to each other using plain-vanilla existing software, instead of deploying a full-blown, enterprise-scale integrated project management solution.

This is not easy given the current economic situation.  Developing an adequate in-house talent pool demands more than a simple training program for employees' development. Establishing a strong, predictable internal talent pipeline requires:

• Clarity of role and expected performance
• Management of employees at every level
• Guided training, education, and career planning
• Assignment of eligible staff to the most exciting projects to motivate them and ensure a satisfying work experience

Many IT organizations are under increasing pressure from the board of directors, executive management, and business unit managers to demonstrate and improve the business value of their IT investments. However, IT organizations still struggle to measure business value. Many of the attempts to do so have been focused on ROI measures at the front end as part of developing a business case for the IT portfolioÂ’s proposed investments - but these are only estimates of expected business value. Actual delivered business value can only be measured by taking a life-cycle approach, working with the business to measure actual benefits after the project is complete.

Firms that strive for best practice in IT portfolio management need to apply a credible standard methodology across the enterprise to measure the business value of investments, both when proposed and when delivered. The good news is that a number of IT value methodologies have emerged that can be employed in the portfolio management process. The key is to adopt one and begin using it.

Business activity alignment is the ability to take your theories and put them into practice - in essence, taking the strategic plan and translating it into tactical steps. This results in more clearly defined executive roles, as well as an enhanced ability to leverage technology towards growth.

Additional business benefits include achieving a balance of cost and investment towards organizational goals; a balance between internal limits and external growth; enhanced collaboration for better decisions and departmental alignment; and a 360-degree view of customers for better customer experiences as well as marketing and sales efforts.

To ensure alignment, management should focus on the development of a common set of metrics within the organization, which naturally requires a common set of definitions. Typically, different parts of the organization develop metrics specific to themselves and their purposes - resulting in a lack of consistency in reporting and an inability to aggregate information to senior management. According to a 2007 report 57 percent of companies do not have a common set of metrics to work with.

The challenges become apparent when management tries to aggregate departmental information to make enterprise decisions. A lack of consistent definitions and metrics makes it particularly difficult for management to determine which way alignment needs to tilt, if at all. One caveat: small and midsize companies must strike a balance between letting groups identify and define the best metrics for themselves versus defining metrics in the best interests of the organization as a whole.

The result of strict alignment of activities with corporate strategy is that individual departments are no longer paying lip service to the business plan; instead, it serves as a coherent action plan, with all cogs working toward the same objective instead of grinding the machine to a halt.

• Computer and network passwords. Is there a log of all people with passwords (and what type). How secure is this ACL list, and how strong are the passwords currently in use?
• Emails. Are spam filters in place? Do employees need to be educated on how to spot potential spam and phishing emails? Is there a company policy that outgoing emails to clients not have certain types of hyperlinks in them?
• Physical assets. Can computers or laptops be picked up and removed from the premises by visitors or even employees?
• Records of physical assets. Do they exist? Are they backed up?
• Data backups. What backups of virtual assets exist, how are they backed up, where are the backups kept, and who conducts the backups?
• Logging of data access. Each time someone accesses some data, is this logged, along with who, what, when, where, etc.?
• Access to sensitive customer data, e.g., credit card info. Who has access? How can access be controlled? Can this information be accessed from outside the company premises?
• Access to client lists. Does the website allow backdoor access into the client database? Can it be hacked?
• Long-distance calling. Are long-distance calls restricted, or is it a free-for-all? Should it be restricted?

The U.S. Marshals confirmed it disconnected from the Justice Department's computers as a protective measure after being hit by the virus; an FBI official said only that that agency was experiencing similar issues and was working on the problem.

"We too are evaluating a network issue on our external, unclassified network that's affecting several government agencies," said FBI spokesman Mike Kortan. He did not elaborate or identify the other agencies.

Marshals spokeswoman Nikki Credic said the agency's computer problem began Thursday morning. The FBI began experiencing similar problems earlier.

"At no time was data compromised," said Credic. The type of virus and its origin were not determined.

In addition to their external networks, most federal law enforcement agencies have an internal-only network to prevent cyber-snoopers from sensitive data.

In this incident, the Marshals Service shut down its Internet access and some e-mail while staff worked on the problem.

According to Ballmer, the global economy is being "reset" in a "once in a lifetime" type of economic change. IT accounts for 50% of capital expenditure in the U.S.

• .NET, Java, PHP   - It is not enough to know the core languages. As projects encompass disparate functionality, IT professionals need to know the big 3 of Web 2.0.
• Rich Graphical Internet Applications - Flash is suddenly being used for more than just animations of politicians singing goofy songs. Flash has also sprouted additional functionality in the form or Flex and AIR. Flash's competitors, such as JavaFx and Silverlight, are also upping the ante on features and performance. To make things even more complicated, HTML 5 is incorporating all sorts of functionality, including database connectivity.
• Web Based Application development - Management is demanding more and needs staff who really knows how to work with the underlying technology at a "hand code" level.
• Web services - IT groups who cannot work with Web services will find themselves relegated to legacy and maintenance roles.
• People skills - Developers are being brought into more and more non-development meetings and processes to provide feedback. For example: the CFO cannot change the accounting rules without working with IT to update the systems; an operations manager cannot change a call center process without IT updating the CRM workflow. IT groups that can meet these challenges will be much more valuable to their employers - and highly sought after in the job market.
• New programming languages - Languages like Ruby, Python, F#, and Groovy are not mainstream –  but the ideas in them are. For example, the LINQ system in Microsoft's .NET is a direct descendent of functional programming techniques. Both Ruby and Python are becoming hot in some sectors, thanks to the Rails framework and Silverlight, respectively.
• Flexible Methodologies - Many CIO are either adopting flexible SDM or running proof-of-concept experiments. IT groups with a proven track record of understanding and succeeding in a flexible SDM environment is a critical success factor.
• Enterprise Operational knowledge - Hand-in-hand with flexible SDM methodologies, development teams are increasingly being viewed as collaborators in the definition of projects. This means that IT groups who understand the enterprise problem are able to contribute to the project in a highly visible, valuable way.
• Change Control and IT Service Management -  Thanks to the development of new, integrated stacks, like the Microsoft Visual Studio Team System, and the explosion in availability of high quality, open source environments, organizations without these tools are becoming much less common.
• Mobile development - In 2008, mobile development left the launch pad, and over the next five years, it will become increasingly important. There are, of course, different approaches to mobile development: Web applications designed to work on mobile devices, RIAs aimed at that market, and applications that run directly on the devices. Regardless of which of these paths you choose, adding mobile development to your skill set will ensure that you are in demand for the future.

1. Try out the applications - A first step is to see the features and functions the existing social networks.  This includes:
   • Blogger
   • Facebook
   • Linkedln
   • Twitter
   • UTube
   • Wikipedia

This is like the PC explosion of the 70s and 80s.  If the technology group does not set rules and standards, the user community will take it upon themselves to integrate consumer apps into their work lives. 

You may find it useful to try out social networking with a low-cost pilot. Many open source tools are widely available to experiment with. Another option is hosted applica­tions, which are easy to get up and run, and usually offer a small number of corporate li­censes at a very low price.

2. Set Modest Expectations - Do not promise management that and enterprise social network will unleash, ignite, or change the way things are done.  Sell a project as a pilot, with the option to walk away after a quarter or two if it does not work out.  Set reasonable goals for user adoption, and focus your initial deployment on a few groups that are eager for social networking tools.  Establish pragmatic metrics and measure business value. This will be the basis for an ROI analysis for senior management's approval prior to rollout.
3. Do not Let Fear Strangle Growth - Many enterprises are wary of open social networks because they do not know what the networks will evolve to. Some executive management worries that em­ployees will overdo the "social" aspects of these applications. 
   
   CIOs are tempted to police employee-generated content, either through monitoring or pre-approving posts. Resist that temptation; it will have a chilling effect on participation. Employees need time to grow comfortable with speaking up, sharing ideas, and participating in company-wide conversations. A social networking project will likely wither before it has a chance to grow if people fear the thought police.
4. Develop Open Social Networks - CIO and CFO have a tendency to control and push to build gated networks, but that approach defeats the purpose of a social network.
5. Build a Search Capability From Day One - a poor index and search engine makes the social applications less useful.  A primary requirement is to have strong "Google type" search capabilities and road maps.  Allow for user-generated feedback such as tags and content-rating sys­tems, because the point of social networking in business is to let people provide input into the relevancy of content and people.
6. http://www.it-toolkits.com/Security.htm - Have the ability to integrate existing data but balance that with security and sensitive information policies and procedures.

Disaster Recovery and Business Continuity often are placed in that category and, as a result, can be an early casualty of many cost-cutting programs. Whether it is an internal Disaster Recovery and Business Continuity  team losing staff members, or a part-time Disaster Recovery and Business Continuity manager with less time to spare from the day job, Disaster Recovery and Business Continuity programs can be neglected and will quickly become out of date and ineffective, particularly in a rapidly changing organization. As anyone who has ever had to manage a Disaster Recovery and Business Continuity event knows, there are few things more useless than an out of date Disaster Recovery and Business Continuity plan.

Of course, it is hard to make a case for Disaster Recovery and Business Continuity at a time when core functions are under pressure, but maybe that is just when it should be on the radar even more than usual. With share prices shaky and credit hard to find, the last thing any organization needs right now is the damage to its reputation and credibility that could arise from failing to effectively manage a high profile disruptive incident.

Arguably, during a recession companies are at their most vulnerable, which makes it the worst time to neglect anything, which contributes to resilience or reduces risk. However, if an organization is under financial pressure, how can it square the circle and achieve those reductions in overhead costs while still maintaining the effectiveness of its Disaster Recovery and Business Continuity program.

• Virtualization  Virtualization can provide enterprises with immediate cost avoidance as it can improve the utilization of the IT infrastructure.
• Help  desk Automated tools can help in the support and the remediation of problems. By deploying these tools, enterprise can optimize the size and the responsibilities of help desk personnel.
• Support Portfolio Optimizing what is supported can provide enterprises with immediate cost savings.

In addition, CIOs use access controls to try to protect information for which the IT group is the custodian. Access controls only really work inside the enterprise. Once you get outside the enterprise's network, it is almost impossible to maintain that control. Access controls were invented back in the mainframe era, they are simple, all or nothing limitations - read, write, append, delete, execute. They do not have the granularity control of a Digital Right Management (DRM) system. If you have access, then it is total and unmanaged.

•  Ability to recover files from the archive log to ensure non-repudiation by partner
• Ability to access audit trails to prove compliance
• Ability to access weekly compliance reports for each partner
• Facility to encrypt sensitive files in transit
• Ability to support all security protocols used by all trading partners
• Ability to control access by certifying partners for file transfer

• A trend towards mobility of information,
• Theft of IT assets arising from a proliferation of mobile devices,
• Increasing data privacy and data security concerns, and
• Regulatory compliance mandated by recent legislation.

These factors have made it necessary for network administrators to design and implement comprehensive security policies to keep pace with the changing IT landscape. Effective solutions for these multifaceted problems require a layered approach comprised of products, policies and procedures that can work in concert to provide organizations with the broadest security blanket available.

A missing computer can result in compliance and privacy issues that can be very costly for organizations that store confidential data, including enterprise, government, healthcare and educational institutions. There is a relationship between computer theft, regulatory compliance and data security. CIO and CSO must can combine policy, encryption, IT asset management and remote data deletion capabilities.

IT organizations can ill afford to waste precious IT staff resources on relatively mundane tasks. What is required is a structured approach and infrastructure to automating as many IT processes as possible, with an eye towards creating a set of processes for managing core technology assets that frees members of the IT staff to concentrate on activities that add more value to the business.

Many IT organizations are caught up in a cycle of IT service and support that is anything but efficient. In fact, an ad hoc approach to IT support that meets SOA guidelines and ITSM requirements more often than not leads to a demoralized IT staff that begins to resent having to repeatedly perform the same routing tasks.

With everything that is happening today, it is clear that any help in the form of additional IT personnel is not likely to come. That means that existing IT personnel have to find a different approach to supporting the needs of the business without compromising the quality of the services they provide.

With those goals in mind, it is critical for IT organizations to plan their approach for delivering IT services by utilizing tools that proactively solve problems and resolve issues before they first generate a trouble ticket, and inhibit end-user productivity.

• Clearly and completely document each worker's access to the network, applications, servers and the physical building.
• Shut down remote connections, including pcAnywhere systems and VPNs.
• Invalidate usernames and passwords.
• If the employee worked in IT, change root access and network access.
• Shut down external access to the telephone system.
• Make sure handhelds, smartphones and cell phones are turned in along with PCs and laptops.
• Collect ID cards.
• Use monitoring software to keep an eye on network traffic.

The most stringent is Massachusetts was written to apply to all organizations that handle the data of Massachusetts residents, whether the businesses are based in the state or not. The Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) has specified a long list of steps for protecting personal data and require companies to create wide-ranging internal security programs and policies. In addition, the OCABR defines personal data: as an individual's name along with his Social Security or driver's license number, or with a financial account number. In Nevada, bank and credit card numbers must also be accompanied by a PIN or password to meet the state's definition of personal data.

These regulations in these three states are expected to spawn a host of me-too measures in other states.