What's IT All About?

"It's the economy, stupid." Can you sum up your organization's IT strategy as concisely as James Carville summarized the strategy for Bill Clinton's 1992 election campaign? Political strategist Carville, who ran the campaign in 1992, based Clinton's entire campaign strategy on that phrase. The mantra was clear, concise, practical, and, as it turned out, a winner. Before you protest that IT is too complex to be boiled down into a slogan, remember that Carville was charged with getting the leader of the world's preeminent superpower elected. By defining the campaign's central strategy and driving it into nearly every election task, Carville provided a clear mission to the entire campaign team, including the would-be president himself. By emulating Carville and articulating your organization's IT strategy in terms of a single, galvanizing concept, you can focus both upper management and your IT staff on working toward the IT goals that are most important to your organization.

Start with the Big Three
A few weeks ago, I spoke with the CIO of a large insurance company and his staff. He saw my title, senior security strategist, on my business card, sighed, and said, "Great, another security expert." Then, in response to the puzzled look on my face, he explained, "Security experts think that IT is all about security now." I thought of James Carville and quickly replied, "No. It's about availability." (I decided that leaving off the "stupid" might be a smart thing under the circumstances.) "You're hired," he responded jokingly, and we spent the next hour talking about what I call the Big Three: Availability, Total Cost of Ownership (TCO), and Regulatory Compliance. These three defining concepts of IT are the best place to start in formulating your IT department's unifying strategy.

It's Availability, Stupid
IT exists solely to facilitate core business activities. Although computers and computer networks have fundamentally changed the way business is conducted, their only purpose is to further business activity. Consequently, when systems aren't available, IT has failed in its central mission. IT is all about availability. Business systems must perform as expected when needed. An IT department's focus must be placed on achieving availability standards set forth in service level agreements (SLAs). Managers' objectives and compensation need to be rooted in maintaining or improving availability levels. Employees need to build and implement technology and process to improve fault tolerance, performance, capacity, and stability. Availability failures should be analyzed and improved according to a disciplined methodology.

It's TCO, Stupid
Contrary to many high tech companies' viewpoint, IT is a tactical asset. As Nicholas G. Carr set forth in his 2003 Harvard Business Review article, "IT Doesn't Matter," IT departments hold a strategic value for organizations only for short periods of time when conditions are right, and competitors soon copy that success. But that said, IT is a necessary evil—no enterprise can exist without computers and computer networks. Consequently, IT is about reducing the total cost of IT to the minimum acceptable levels. Minimizing IT expenditures, personal costs, and ongoing computer and computer network costs lets business owners and shareholders realize greater profit both in the short and long runs. Costly systems and upgrades to computers should be scrutinized for the productivity benefits they provide: Fiscal discipline is a higher priority than innovation.

It's Regulatory Compliance, Stupid
Today, businesses must meet more regulatory requirements than ever before. The Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Gramm-Leach-Bliley Act of 1999 (GLBA), and the Sarbanes-Oxley Act of 2002 place burdens on organizations that are exceeded only by the punishment for non-compliance. Failure to comply with some of these regulations, in addition to carrying heavy fines, can result in criminal prosecution of an organization's officers. Consequently, IT must be about meeting existing relevant regulations and developing a framework by which future regulations can be met. IT should provide mechanisms for ensuring that an organization complies with regulations with regard to data acquisition, maintenance, handling, and destruction. Measures must be designed to ensure that employees are trained and audit procedures are not overly burdensome.

Which Strategy Is Right for Your Organization?
Although I believe all three of these strategies are valid in organizations with highly effective and efficient IT departments, if I had to chose one, I'd stick with what I told the CIO of the major insurance company: IT is about availability! Your organization might have a different galvanizing strategy. For example, IT can be about innovation in a high-tech company or security in a government agency that manages closely guarded secrets.

To develop the galvanizing strategy for your IT department or staff, use the following three-step process.

One: Formulate a driving principle. Begin by assessing your organization's core business drivers and the IT department's role in realizing them. Ask yourself where your organization's strategic business advantage lies, and how the IT department can enhance it. What type of IT failure would cause the most damage to your organization? Which areas within IT must your organization succeed or improve in? How might other initiatives in your IT department affect your driving principle?

Two: Create a plan for accomplishing the goals behind your driving principle. After formulating a singular principle, or a small group of principles if that's more appropriate, create a plan for how your IT staff will accomplish the goals behind it. Your plan should include, at least at a high level: an identification of resources and support that you'll need from upper management, a framework for putting your strategy into action, and a method by which to measure your success in meeting the goals that support your driving principle.

Three: Obtain organizational buy-in. Because creating a singular driving principle is in no uncertain terms a big bet, it's essential that you discuss your plan with your peers in the IT department and with influential individuals on your staff. Ensure that these key players will echo your message. Then, present your plan to upper management and solicit feedback. Ensure that senior management will not only buy in to your strategy but is also willing to reward your staff when they meet the goals you've set.

It's a Winner, Sweetheart
The bottom line is that having a concise, central principle to drive your organization's IT strategy will go a long way toward ensuring that everyone in the organization, including upper management, is working toward the same goals. Although defining such a principle might appear deceptively simple on the surface, remember that this strategy is responsible for the election of the 42nd president of the United States.