I was recently involved in a project where Intel IT SMEs from disciplines including Server, Storage, Data Center, Network, and Finance reviewed and updated our Data Center Strategy (Intel IT Data Center Solutions: Strategies to Improve Efficiency) for Intel IT.  The primary focus of the paper was to provide an update on value realized, shifts in strategy, and key execution lessons learned.

Our execution highlighted the need for finance to participate as an active partner in the influence planning and internal communications.  At some point, especially in economically challenging environments, cross organization investment decisions boil down to a tradeoff between limited resources and a number of good projects. Being able to clearly articulate the value added by a "portfolio of projects" (like the Data Center Strategy) and how you will track progress doesn’t mean that the project(s) will be funded – but it does increase the likelihood that you will be in the game at the end.  For us, having this coordinated communication strategy for technology solutions,cost efficiency, and operational efficiency was a key consideration for successful execution. 

We currently estimate that the cumulative projected financial impact over eight years will be ~$500-650M NPV - this range has changed in upper and lower limits based on updates to forecasts.  Over the first three years, Intel IT has realized ~31% of the projected benefits through execution to the Data Center strategy.  The primary value driver has been the impact of our server strategies (multi-core refresh and virtualization) that enable demand growth within the existing data center footprint and affordability targets.  Moving into 2010, we are evaluating new forecasting and value metrics to enhance customer reporting of data center activities.  This approach will incorporate our activity driver methodology into comprehensive unit costing and forecasting framework, creating a holistic cost forecasting process to improve future decision making.

One area currently under review is establishing the right unit of measure for a data center infrastructure housing different compute environments.  Is this something you or your business partners are exploring or looking to explore?

No.  Just the people who use them.

Passwords of reasonable strength (8 characters or more consisting of upper/lower case and special keys) coupled with timely expiration, are secure.  Passphrases with comparable measures are equally secure.  The systems and users are currently the weakest links in the security chain. 

The interfaces and tools which we input the passwords may be vulnerable.  This includes but is not limited to key-loggers, sniffers, input redirections, etc.  But it is the user, where the most significant weakness exists.  They can be duped into divulging their passwords (phone, web, chat, email, etc.) and in many cases make them available in other ways (sticky note under the keyboard).

A recent Newsweek article covered the topic of building a better password:

"...a short but hard-to-remember string like "J4fS<2" can be broken by what is called a brute-force attack (in which a computer attempts "a," then "ab," then "abc," and so on) in 219 years, while a long but easy-to-remember phrase like "du-bi-du-bi-dub" will stand for 531,855,448,467 years. (Two hundred nineteen years is actually very good, but the lesson remains: simpler can be stronger.) The idea of passphrases isn't new. But no one has ever told you about it, because over the years, complexity-mandating a mix of letters, numbers, and punctuation that AT&T researcher William Cheswick derides as "eye-of-newt, witches'-brew password fascism"-somehow became the sole determinant of password strength."

The difference between passwords which can be cracked in two-hundred versus a billion years is immaterial if users are forced to change passwords every few months.   The bad guys just don’t have the time to crack the password before it is changed or the data is sufficiently aged to not be of value. 

To undermine cracking attempts, we force users to use 'strong' passwords so that dictionary attacks are fruitless and threat agents must resort to a laborious brute force attack, trying massive numbers of combinations in order to be successful.  All passwords can be cracked via brute force, but it takes time.   It becomes an exercise in how many attempts can be made over a given period.  The faster the process the more combinations can be tried and therefore the shorter the time to discover the one which works.  The length and possible characters determines the number of combinations.

Undermining the strength of a password is not the biggest concern.  It is far more likely for a password to be sniffed on the network, captured on a system, or duped from a user, rather than be cracked.

The most significant vulnerability is with the user and systems where passwords are entered and stored.  There is no practical benefit to further abuse users with new diabolical password schemes.  We should pay less attention to stronger and better password formats and instead invest in better behavioral controls, user education, and the strengthening of system and interfaces.

As I started my transition into a new job within Intel IT a few months ago, I discovered that one our internal IT strategic imperatives was “Partnership”.  I have to admit that at first I dismissed this a simply one of many standard business leadership terms that any organization could choose to operate on (I hope Diane Bryant, Intel CIO, is not reading this ).  However, I’m learning how critical partnerships are for a high functioning and value driven IT organization, both within the IT organization and between IT and the business groups they support.

With much of the focus these days on the lack of capital budgets limiting IT investment and innovation, I’m learning that a larger underlying barrier for IT organizations to enhance and maximize value inside their businesses, centers around the themes of trust, alignment and ultimately, partnership.  Organizational Silos inside any business create natural barriers to innovation.  Some silos exist naturally and others are self imposed.

Let’s look inside a typical IT organization where you are likely to find three functional areas: Architecture, Engineering, Operations.  These functions exist naturally inside most IT organizations.  Recently, I had an opportunity to talk about the inner workings of these functions inside an IT organization with Gregg Wyant, Intel IT CTO and Chief Architect.  These groups are designed to fulfill very unique roles in the IT organization and designed to create an expertise in these functional areas to maximize effectiveness within their chartered goals (chart below). However, if partnership (or at least an understanding of these different roles and goals) doesn’t exist across these groups the credibility of the IT organization can be at risk and the value IT delivers to the business undermined.

Imagine if the architecture group creates a vision that can not be implemented by engineering or was is cost prohibitive in the manpower or solutions needed to implement it operationally.  IT’s costs would rise dramatically and/or the architecture design efforts would simply be wasted.  Or imagine if IT never challenged the status quo operational processes and just continued to operate “the way it has always been done”.  If this happens, we would never improve business processes.  Obviously there is a balance required here and partnership across these disciplines can help an organization operate at a higher level of delivered business value and IT efficiency.  After completing a recent job coverage rotation himself, Gregg articulated to me the importance of IT to IT partnership across these disciplines and cross functional job rotations within IT.  The benefits help an IT organization maximize operational cost savings and service levels, react quickly to changing business and technical conditions while balancing and prioritizing investments for the good of the overall business - versus optimizing any one individual discipline or organization.

If we look outside the walls of the IT organization, we can also see how silos can negatively affect the business – this brings me to the subject of Server Huggers. 

A Server Hugger is someone who currently has or is demanding to IT that they have a physical server (or many servers) dedicated to their business function or department --> they want to touch it, know it is theirs and know that they don’t have to share it with anyone else (either in IT or another business unit).  Server Huggers can be individuals or business groups.  And in a world where most servers still run an average of 5-10% utilization, it is easy to see how these silo-oriented “server huggers” can create inefficiency in the business. To deploy virtualization (or accelerate the rate of virtualization adoption) inside any business, the business teams and IT often need to breakdown this silo’d approach and find ways to delivered required or higher service levels while running on shared, virtualized hardware resources. 

This was at the heart of a discussion I recently had around Intel IT’s strategy to accelerate virtualization inside our Office and Enterprise computing environments.  The first step in executing this strategy is to identify the target servers, document who owns them (if IT doesn’t – in many cases we don’t), size the new environment and convince the business owners that virtualizing is OK.  With demonstrated proof of concept virtualization ratios at up to 20:1 using the latest Intel Xeon 5500 based servers, our opportunity for savings is dramatic if we can rid our organization of server hugger behavior.  With tops down support from IT management and an environment of partnership already established with our business customers, I believe we have a clear path to success.

Partnerships inside Intel IT can be seen in how we create and measure business value with our business partners, how our own IT organization encourages IT rotation and how we strategically align our IT planning efforts with our business plans. 

It is clear to me that our Intel IT Strategic Imperative of Partnership is much more than management lip-service … it is at the heart of our IT operational philosophy … and for good reason.

Good bye Silos!  Good bye Server Huggers!  … we have no use for you any more.

Chris Peters, Intel IT

Engage Intel experts in IT to IT discussions inside the IT@Intel community

Follow me on Twitter

At a recent event our CIO, Diane Bryant, talked about our continued plan to replace old servers in our Data Centers (http://www.tgdaily.com/content/view/44213/135/). Here is a summary of her key points:

• Not replaceing servers could have costed Intel $19 million due to high maintenance and cooling cost
• Our plan of refreshing old servers with Nehalem servers will save Intel $250 million over 8 years

If you are an IT manager looking at where you can find extra dollar in your IT budget to invest in new technology, new innovation and new competitive capability for your organization, this must be good news for you! Moreover, if you do nothing, you are opening a hole in your IT budget.

Here is a recent white paper and a video we published to discuss our server refresh strategy and how we are getting the cost benefit Diane Bryant shared:

Realizing Data Center Savings with an Accelerated Server Refresh Strategy

We have also developed a Server Refresh ROI estimator so you can calculater the amount of savings you can get from these cash machines:

http://www.intel.com/go/xeonestimator

If you ain't satisfied, here is a video showing you how to use the estimator!

Go and install those cash machines into your data centers now! 8-)

I just read this paper authored by some of Intel's IT experts in the area of client management.  As an employee of Intel, I am now a huge fan of these rock stars.  Why? because they were able, through proactive IT management practices, reduce blue screens inside Intel's employee base by over 50% in the last year (Q2'08 to Q3'09).  There are now 3,000 fewer laptop blue screens than there were a year ago --> that is a huge productivity advantage for Intel workers.

Issue Tracking, Pareto Analysis and use of new management capabilities and technologies like Intel vPro Technology were at the center of these capabilities.

Read about how Refael Mizrahi, Shachaf Levi and Jeff Kilford made my life as an intel employee a whole lot easier by Improving Client Stability with Proactive Problem Management.  You Rock!

Chris

Last week I had the opportunity to attend the CIO Forum held in conjunction with the Insight 2009 Annual Conference in Orlando, FL.  While being held adjacent to Disney’s theme park, the theme of this event was appropriately titled “Vision Voice Value”.




I spent two days discussing best practices, sharing lessons learned from Intel IT and comparing notes and strategies with leading CIOs, IT Directors, Managers and Administrators in the Health Care profession.  Our focus? ways to deliver and articulate the business value of IT. I had the opportunity to:



• participate in a roundtable discussion of ~15 Health Care CIOs titled “The value of IT in improving financial performance”
  
• present to 50-60 CIOs on the business value of server refresh
  
• present to 20-30 IT Directors and Administrators on using the Xeon ROI tool as a way to justify server investment




One of the most thought provoking questions at the CIO roundtable that has stuck with me is … “How does your CEO (or your business customers) view IT?”  … as a cost center (necessary evil) or as a value center (strategic enabler).  While no one directly answered this rhetorical question, it was clear that our collective mission is to migrate IT from cost center to value center.  This migration will not be immediate.  It happens over time.




To enable this transformation from cost center to value center, we concluded that the accountability remains with IT, as IT professionals and CIOs must individually and collectively demonstrate business value through our investments and establish are relationship of IT predictability, trust and credibility with our business partners.   These are core themes I have seen very visibly inside Intel IT as I began my journey to the center of IT a few short months ago.




My second observation from this event reinforces some personal experiences I have had working with many other IT professionals in the past several months.  With the global recession and it’s impacts to capital funding, the need to justify IT investment is greater than ever – and the competition internally for capital $ is very high.  We may never go back to the way it was.  We have seen this inside Intel IT’ organization as well and as a result, created at server refresh savings estimator tool to share what we learned in justifying our investment a proactive server refresh strategy in 2007 and staying committed to that investment in 2009.




I demonstrated the server refresh savings estimator tool at the event to both the CIOs and IT Directors / Administrators and the feedback was very positive (“session was well worth my time”).   Prior to the event, I also had the opportunity to work with Deborah Gash (CIO for Saint Luke’s Health Services) and her staff.  Debe provided a glowing endorsement of the tool (Thanks Debe !!) after demonstrating the business value from a project already completed and the in intent to use it for several future projects. I invite you to learn more about why we created this tool and how to use it.  If you have a question or want to give us feedback on how to enhance it – just let me know with a comment on this blog.




My final thought comes from a blog written by Don Sears at eweek.  Don discusses about the need for IT to be right, accurate, credible and trustworthy is so important whether you are working inside IT or with IT.  Credibility and Trust is something that is hard to gain and easy to lose … so it is easy to understand why being right is key to working with IT.  Getting it wrong can have huge consequences.




Join us at IT@Intel and share your insights on our shared journey to transform IT from a cost center to a value center for business.  I look forward to hearing from you.





Thanks, Chris

If you like this, follow me on twitter

Employees need the ability to communicate securely.  Deploying the right capabilities can empower employees to keep the organization’s information more secure.  Matthew Rosenquist discusses a strategy to establish secure communication channels.

Video 2:35 minutes

Phishing is pervasive, evolving, and a serious threat to everyone.  Matthew Rosenquist discusses strategies to defeat phishing attacks.

Video 5:14 minutes