I’m BACK!!!

I want to thank one of my colleagues for waking me up today and pointing out how long it has been since I wrote to my blog.  It is so easy to not make time and just let things go, but hopefully this time, I can keep them coming. 

So, where have I been all of this time? 

In the past year, there have been many changes in my life personally and professionally.  Let’s focus on the professional. In July, I moved back to my old stomping grounds in IBM Rational Software.  I am now responsible for Application Lifecycle Management, Collaborative Lifecycle Management, Agile Software Development and IT marketing solutions.  For those of you who don’t know, I spent 7 great years in Rational starting on March 1, 1999 long before IBM set their sights on Rational.  I left IBM for a few years after spending 3 years as part of IBM and joined a few of their partners.  First Cast Software and later I joined up with Ivar Jacobson and his consulting venture.  Then about 4 years ago, I came back into IBM in the Information Management business to learn about other parts of the business.  Since I started my career (well after building houses for several years) in data modeling with ERwin back in its old Logic Works days, Information Management was somewhat like coming home, but nothing like being back at Rational.

Although some of the faces may have changed, many are still with us and the mission continues to be the same.  Enable software development for success.  With the continued rise in adoption of Rational Team Concert (many of you know it as RTC) and the overall Jazz Platform along with the acquisition of Green Hat, we are seeing that mission continue forward. 

Over the coming weeks and months, I will do my best to keep updating my blog and giving you more insight into what Rational is doing, how I am seeing organizations accomplish software development tasks as I travel around the world visiting them and hopefully provide you with some insightful information that can help you too be successful.

Another Year in Las Vegas for IOD

Another Year in Las Vegas for IOD

 

As I sit here getting ready to spend another year at IBM IOD in Las Vegas, I am reflecting a bit on the past year and how far we have come.  A year ago, we had just introduced our plans to move forward with the marketing push around Information Governance and today I look at the fact that we have run nearly 100 events around the world promoting it. That doesn’t include all of the customer engagements and 3^rd party events either.  

Sunil Soares has released his second book titled:  “Selling Information Governance to the Business: Best Practices by Industry and Job Function” and it is available at http://www.mc-store.com/5125.html  This book is a great compilation of case studies and experiences by industry in Sunil’s past few years along with several of his colleagues and provides the right amount of guidance needed to help driving Information Governance to the next level.

The Information Governance Community http://www.infogovcommunity.com/ which Steve Adler started more than 6 years ago and has gone social and viral now tops 1850 members and is growing daily.  Steve will host a council meeting at IOD this year on Sunday and is expecting 100 of the members to be there in person.  

There will be a track focused on Information Governance as well.  It is filled with real companies talking about how they have rolled out Information Governance programs within their organizations and what it took to be successful.  Both Steve and Sunil will be speaking as well, talking about what they are seeing around the world and how organizations are progressing down this journey.  I too will be presenting several times throughout the week as I partner with St. Jude Medical on a presentation and Jim Lee, the Director for IBM InfoSphere Optim and IBM InfoSphere Guardium strategy and product line management to discuss how far we have come and where we are going.  I also look forward to my many customer and analyst meetings throughout the week along with one of my favorite parts:  Having my team all in one place to meet and spend time together.  Check out the IOD Roadmaps and specifically the Information Governance, Data Lifecycle, Security and Privacy sessions at http://www-01.ibm.com/software/data/2011-conference/roadmaps.html.  

So, looking back at the last year, it has been pretty remarkable.  Information Governance has become mainstream, analysts and customers have recognized it as such and IBM continues to lead the way.  Now we need to keep the momentum going, helping clients be successful in implementing Information Governance programs, helping them to better comply, secure, increase revenue and reduce costs by knowing more about their information and trusting it as they go forward.  Moving governance to new areas like Big Data and going from big companies to those that aren’t so big, but rely on information just as much to ensure success.

NEXT STOP LAS VEGAS and IOD 2011!!!

Information Governance and Big Data

Big Data is the latest talk of the town, but how can organizations be sure that they are doing the right things?  We certainly have an over abundance of data available to us and in many cases at our fingertips, but is it valuable? 

I agree that we need to now take advantage of all of this information and gain better value from it to help us make better decisions, but how.  When I think back to what my desk looked like in the mid 90’s during my days in sales at Brightwork Development (now part of McAfee) and Logic Works Inc. (founders of ERwin and now part of CA), it was covered in papers.  We had “bingo cards” from magazine leads, purchase order faxes, proposals to be faxed and lots of collateral to be mailed.  Now I walk around the office her in Westford and desks are clean.  Everything is online and electronic.  So how do we manage this change in medium?  It has been less than 20 years, but so dramatically different.

It isn’t just about change in how we deal with things however; it is how we get value from it.  Big Data technology like Hadoop and IBM InfoSphere Big Insights help us to make sense of the information available, but there is a lot more to it than that.  We need to put information governance practices in place to ensure that we are making the right decisions, keeping the right information and reporting on it correctly.  

We must first put policies and metrics in place to ensure that we have the right information for the right purposes.  For example, if I am looking at the different data feeds from places like Facebook, Twitter, Blogs and others about what customers are saying about my products, I need to be sure to filter out the competitors and analysts otherwise I may make decisions based on the wrong information.  This is an example of a policy that I put in place.  

Once I decide on the information I want to keep that is captured by these Big Data technologies I need to store it somewhere for further analytics. This is often done in a warehouse and my information governance processes must apply there as well.  I need to protect that information, ensure it is of the highest quality and manage it throughout its lifecycle including getting rid of the old.  If I am relying on the information to make decisions like many hospitals are beginning to do and that information is out of date, I may make the wrong decisions.  For example, we learn as time goes on and change our thinking and so does the medical community and its journals.  If I don’t have the latest article on a treatment in my system or have the old and the new confused, then I may make a potentially deadly decision.  With Big Data will come the need to have even tighter retention and deletion policies to ensure the latest and greatest information is available.

Lastly, if I am gathering all of this information and it may come from anywhere, it becomes a competitive advantage meaning I had better protect it.  I need to know who is accessing it, how it has changed, who is changing it and ensure that the information doesn’t slip into the wrong hands or it could become a competitive disadvantage.  

These were just a few of my initial thoughts when it comes to Big Data and Information Governance.  I plan on spending a lot of time in the coming months with people much smarter than I to discuss this further, understand what they are doing today and how they see this evolving in the future, so stay tuned for more.

IBM InfoSphere Guardium Named a Leader with highest scores in overall Market Presence, Offering, and Strategy

Forrester Wave: Database Auditing and Real-Time Protection, Q2 2011, May 6, 2011

Database auditing has become critical to all enterprises for dealing with various regulatory compliance and security requirements. In addition, preventing attacks and unauthorized access to sensitive data by database administrators and other privileged users has become vital to all organizations.

In this comprehensive assessment incorporating 147 criteria, Forrester Research, Inc. gave IBM the highest score in all 3 high-level buckets: Current Offering, Strategy and Market Presence. IBM also achieved among the top ranking in all 16 high-level categories that were scored, including the highest possible scores in the following 7 categories:

• Audit policies
• Auditing repository
• Corporate strategy
• Installed base
• Services
• Employees
• Technology partners

According to Forrester, “IBM InfoSphere Guardium continues to demonstrate its leadership in supporting very large heterogeneous environments, delivering high performance and scalability, simplifying administration, and performing real-time database protection.”

“The Forester Wave is copyrighted by Forrester Research Inc. Forrester and Forrester Wave are trademarks of Forrester Research, Inc. The Forrester Wave is a graphical representation of Forrester’s call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect judgement at the time and are subject to change.”

Trust is an interesting word!

When I think about trust, what does it mean?  Is trust a 100% absolute?  Can it ever by 100%?  If I look at the dictionary.com definition, it says:

Reliance on the integrity, strength, ability, surety, etc., of a person or thing; confidence.

Reading more definitions and talking to others about this word “trust”, it isn’t about an absolute as most things cannot be, but about confidence.  Trust is having that confidence in another person, a company or some form of information correct and not intentionally deceptive.  

But what is trust when we start talking about information?  It isn’t just about the quality of the information.  Let’s think about data cleansing for just a moment.  We can clean data, but that alone may not make it trust worthy.  Was it cleaned properly, was the de-duplication for example done using the correct information or some form that was invalid?  To trust often requires the knowledge of where it comes from, because I may trust information from one source, but maybe not from another.  I also may not trust the information if I don’t know its history and that it wasn’t changed during some process.  

Because we are making so many decisions based on the information at hand, trust is a critical factor and not one that often exists today. We see banks holding onto millions of extra dollars because they don’t trust their information enough to manage risk properly and in accordance with Basel II.  We see companies putting accountant in rooms with spreadsheets for weeks at a time trying to close out quarters and years because they don’t trust the systems feeding them results.  At the end of the day, organizations are losing significant amounts of money because of a lack of trust.  

If the bank knew the information from their systems was generated properly, would that be enough, I don’t think so. They need to know who touched that data throughout the process, they need to know that the system that generated or maybe move the data through some ETL type process for example did it properly and they need to know that the resulting report was pulling the data from the right places, in a consistent matter and only then would they maybe have trust.  

So, what do we need to do to TRUST our information?  We already said that it isn’t just quality, but that certainly is 1 aspect of trust.  Here are some thoughts that I have and would love your input on others.

1. Knowledge of where the information has come from (lineage)
2. Common understand of meaning and semantic consistency
3. Identification of who has touched it and potentially changed it
4. What systems are moving and transforming it along with the potential risks of failure and bugs during manipulation
5.  A “single version” of the information so that we can ensure that people aren’t getting differing views
6. Control over how and where the information is disseminated because lack of that control can lead to issues with numbers 1, 2 & 5 and maybe others
7. Ownership to have the trust be somebody’s responsibility
8. Process and technology for cleansing to ensure that the information is clean

I know that there are more, but wanted to get these out there as a starting point to thinking.  Also, you notice that I put cleansing last and that was very much intentional.  Cleansing without the rest of these areas could lead to very clean, yet UNTRUSTED information.

Learning from Forum Feedback

I have spent a lot of time reading feedback this week from our latest IBM Information Integration and Governance Forum events and they are quite interesting.  As you would get with any audience, some think of it as too technical, while others not technical enough.  So, that means we hit the right spot for the most part being in the middle.  That however isn’t the interesting part, it is “as I expected”.  What is interesting and I guess in many ways not surprising after speaking at many of these is the consistent comments about the growing desire to learn more about how to bring information governance to the forefront of their organization, how to sell it internally.

What are some of the comments?  “Universally, organizations don’t know what data they have, we need to get a better handle on it to garner the value within it”.  “It is hard to prioritize where our organization should begin:  Lifecycle Management, Quality Management or Security and Privacy.”  “Everything we do today is about integration and we require better governance to ensure we manage correctly”.  “I would like to hear more about how others have built momentum for information governance within their organization?”

This leads me to the focus of today’s blog, how do you get the buy in internally to your information governance program.  No, I won’t solve this issue with today’s blog, but hopefully can get the discussion rolling. 

We need to start with some small successes to show that good information governance adds value to the organization and isn’t just another overlay big brother program.  So, pick a project and start to apply the principles of governance to that program.  Often people will ask me my opinion of the difference between information management and information governance.  I generally sum it up like this:  Information management is reactive putting something in place after a breach, after you cannot meet filing deadlines, after a lawsuit, etc.  Information governance is proactively putting the processes in place (sometimes after one of these things) to ensure that you are prepared for what may happen.  Yes a little simplistic, but I think also very true.  This is why we need to be sure that your project is not though of as a one off, however, put the right policies or rules in place and continue to track and improve them over time.  This is something that you will be measuring and looking at as the key driver to your governance program moving forward.

With policies comes measurement.  You need to put strong measures and key performance indicators (KPIs) in place to show the effectiveness or lack there of and to understand where and how to improve.  Don’t just put those metrics in place; communicate the heck out of them.  Make sure the people know what is being measured, how it is being measured, the results of the measurements and how you are going to act based on the measurements moving forward.  Process usually doesn’t fail because the process is bad; it fails because people don’t understand it and it isn’t well communicated.  We need to have full disclosure to help build the momentum needed to drive the success of the program.

Gain executive sponsorship, but also build ground up momentum.  Yes, have an executive sponsor is critical, as you need funding, guidance, support and even the ability to reward, but that alone will not lead to success.  You need to have the buy in from the folks doing the work.  Some of the myths I hear consistently about information governance include:

• Big brother
• More audits
• Extra overhead
• Reports, reports and more reports
• Yet another initiative driven by compliance that adds little value to me or the business

Well, some of these may be true in part, but we need to overcome them because this is not the reason for governance nor is it why we are doing it. We are putting the program in place to improve our ability to deal with the influx of information coming into our organizations.  Without good governance, it is difficult to meet the business initiatives that are in place, comply with regulations and reduce overall business risk.  But then again, does the “worker bee” really care? 

What do they care about?  On a personal level, over time, a good governance program can increase the “fun” work and reduce the tedious stuff.  It can improve their insight into the overall objectives and therefore provide better feeling of value to the organization and prepare them for future initiatives before they are thrust upon them. AS far as caring about the company or organization, it can lead to better profitability, lower costs, reduced risk, higher levels of compliance and increased security.  Is that enough to make them buy in, likely not, but it is a start.  That is why we need incentives in place, executive support and I cannot say it enough, communication, communication, communication.  We need to communicate the metrics, the successes, the failures and the value that the program is adding to the organization.  Also, communicate the changes that are being made to policies and metrics based on learning.  An information governance program needs to live and grow and that means show how it is evolving based on what is learned and grow through the roof.

I think this is enough for today, come check out the Information Integration and Governance Forums ibm.com/iigforum and talk to you next time.

My Introduction to Blogging and The Process of Information Governance

As I have been traveling around the world over the past 2 years or so talking about information governance, some things have really come to light for me.  I am not sure if they are net new ideas to me, but more a reinforcement of my beliefs.  At times, those are more valuable too.

Information governance really starts with a process and although technology is needed to automate those processes, the technology comes 2^nd.  Not unlike any other process I have spent working on over the past 10+ years like those on software development, we need owners, drivers, expertise and by in from all directions (top-down and bottom-up).  

Thanks to the work of many of my colleagues including Steven Adler and the IBM Information Governance Council and Sunil Soares the author of the IBM Data Governance Unified Process, the starting point for enabling the process of information governance has been well documented and proven out across industries.  

The book describes a simple flow for building out the process, metrics and KPIs for measurement and technology areas for automation, with the process piece being my focus today.   

Excerpt of the IBM Data Governance Unified Process

In future blogs, I will dig into each of these areas and discuss what I and others are seeing when we work with organizations to help put the processes in place.

Just remember, process for process sake is not very valuable, we need to enable process to improve our work and reduce overall business risk.