Evolving your IT infrastructure from a systems of record to a systems of engagement orientation is, in large part, a function of creating greater agility in your IT organization to quickly respond, build, test, and secure new online (and increasingly mobile) relationships with customers and business partners. In doing so, however, how does a CIO strike the right balance between opening up the enterprise while managing security, privacy, and reliability?
These days, the question of going mobile is no longer whether, but when and how. For many users, an application or service doesn’t even exist unless they are able to access it from their mobile device of choice. It goes without saying that the ability to be online and engaged with your service, vendor, or system of choice has the underlying implication that you will be exposing more of your information and data. The minute you do so, of course, you increase your risk level because you are creating new entry points into your IT infrastructure that hadn't existed previously.
The More You Collect, the More You Protect
The second security aspect of systems of engagement is that anyone who is building one is invariably collecting more information about their users and customers. After all, how do you improve on the products and services you offer users unless you really know the personas and likes of them as individuals? The rub is, you now likely become a collector of both personal information and interaction patterns. So your risk level has increased substantially.
Luckily, there are security best practices to follow as you open up your perimeter. Often, enterprise perimeters are opening up around APIs in order to engage users. That’s a good thing, because with an API you know exactly where the door is, you know what size it is, who is coming through it, and what data it gets you to. In 2014 there are numerous API management organizations that understand and architect around that and add both the necessary security layers as well as auditability. That being said, perfection does not exist, so be sure to continuously learn from the documented security failures of other companies. It’s all part of the mindset change and day-to-day rigor a forward-thinking CIO needs right now.
The Fall of Waterfall, the Rise of Agile
The other part of this equation is that to truly move to systems of engagement you can’t use solely waterfall development techniques anymore. The IT organizations who are going to be leaders in this space aren’t building monolithic teams who are following multi-year release models for their next public-facing experience. Instead they are building scrum teams that own functional slices of the user experience. As you interact with some of the most interesting SaaS and cloud platforms, you’re often seeing an experience that has been decomposed down into numerous teams that each own bits and pieces of the visual interface. And they are rolling their updates typically independently and asynchronously from those of other teams. What this ‘de-compartmentalization’ allows is lots of experimentation and agility in online engagement which otherwise could be an intractable problem.
Default to Open
As IT organizations build fundamentally different solutions on different architectures and engage their audiences in different ways, they are moving naturally to open IP environments led by open source. Why? The vastness of open source technologies, combined with its rapid innovation model, has meant that most of the leading cloud providers are powered by open source. In so doing, open source creates shared architectural experiences that resonate, like putting PayPal and Goldman Sachs and Twitter in the same room to talk about pain points, architectures, technologies and tools they all use in common. They additionally benefit in that they can bring in targeted skills to fill gaps and know the learning curve will be much less about the technology and much more about the organization's specific mission. And that’s why the smart small and medium enterprises out there are gravitating to open for their systems of engagement as well. After all, who is going to question the scale and reliability of Amazon, Google or eBay?
Brian joined Red Hat's senior management team in 2001 and has been critical to leading the company's entrance into the enterprise. As EVP, CTO, Stevens is responsible for providing vision and leadership for Red Hat's technology strategy globally, encompassing Linux®, virtualization, middleware, storage, big data, and cloud computing. In September 2014, Brian joined Google as the Vice President Cloud Platforms.