Sunday, March 26, 2017

Catching Up

It has been some time since I have publicly communicated. Let me try to catch up from that lapse.

First, the profession – what is happening?
I have, as many of you know, been arguing for decades that IT professionals need to be in deep and interactive conversation with business leaders, talking about strategies, goals and alternative means of realizing goals. The question has finally evolved from, “Here are my specs – can you build it for me – when and at what cost?” to, “Here are our business strategies and business goals. Do you have any other thoughts to add to these? And what can you do to help us achieve them? Let’s talk about alternatives and different roads to success.”

This is long overdue – and a large part of the credit goes to app developers who have led the way in showing what can be achieved and how they can solve big problems. I am not dismissing the profound impact of enlightened leadership – but their leadership impact has been materially enhanced by the legions of bright developers who have shown us alternative paths to success – at a business level, not just at a bits and bytes level.

Second, the cloud
I have been lambasted by some of my associates for, early on, suggesting that cloud technology is a new, modern, improved follow on to time sharing. How can I say that? The cloud allows resources of all kinds – applications, storage, network, data and more – to be shared seamlessly and economically. That sharing occurs across platforms, providers and technologies. Cloud technologies have grown to be reliable and cost effective replacements and supplements to internal platforms. Security has grown significantly and in general can be relied on, to the point where several authorities have suggested that cloud security is often more robust that individual platform security, even at our largest enterprises. This is a significant achievement, and one to consider leveraging in all implementation decisions.

Third – work style.
The general availability of easy-to-deploy tools allow collaborative, interconnected and highly interactive work to be conducted without regard to physical boundaries. The ability to connect clients in New York with business managers in London with project managers in Macedonia with developers – who knows where – is a reality. It is easy to do and highly effective. Relationships can be established and maintained across time zones and country/culture boundaries. Add to that agile methodologies that significantly add to the effectiveness and democratization of advancements and you have a change that is profound, and that accelerates growth driven by the application of technology to real and compelling business opportunities.

There is much more to say, but these three vectors – the profession, the cloud and work style – capture a large swath of the positive and empowering change that we have been participating in.

As to my own activities, there are several things to report.

First, in my traditional consulting business, SIM Associates, we have had the privilege of doing some highly impactful work for several fantastic clients. That is a continuation of the trajectory of the past 21 years that SIM has been in existence. We have consistently focused on our goal of enhancing the value created at the interface of business and technology. I am proud of that record.

But there are some new ingredients as well. About three years ago, with a partner, we formed North Salem Partners (NSP). NSP focuses on helping startups and early stage growth companies gain traction as they seek to grow, interest investors and achieve value for their owners. At NSP, we offer support for a full range of business disciplines, such as marketing, sourcing,  technology, operations, and more. Check us out –

More recently, with two partners, we are just about to launch an exciting streaming service. Initially powered by a library of audio files that contain the sounds, news and events of specific years (most of 1938 thru 1970), we are launching a streaming service to enable subscription to those files. This has applicability for example to nostalgia buffs, as well as for gifts to associates or parents, friends and others who have parts of their life closely related to a specific year in our library. Over time the library will be expanded based on customer and prospect input. Additionally, we are actively planning expansion into several other areas – e.g. baby related content, exercise content, music content and more. For more information, check out

That is an overview. I am interested in hearing what you are doing and how you are improving life on the planet as we know it. Please let me know –

There is more to say – and it will follow periodically. Until then, to quote Steve Jobs in his oft quoted June 2005 commencement speech at Stamford, my advice to you is to “Stay Hungry. Stay Foolish.” And keep pushing the edges of the envelope!
My best,

Monday, September 23, 2013

The Case to Reform IT

If IT is to survive, it is time to move to a new paradigm. Changes over the recent past have rendered the flawless and timely deployment of information technology as a critical success factor for most businesses. It is difficult to think of any business that is not dependent on successfully employing information technology. Examples can be found in all verticals. In fact, finding a vertical that is not IT dependent is challenging.

At this time, it is imperative that IT consider moving from its old operating model to a new one.

Old Model

What characterized the old model? Among the factors characterizing the old model are:

  • IT is an organization. All IT resources in the enterprise need to report to and be controlled by the IT department
  • All information technology purchases must be initiated by, approved by and controlled by IT – NO EXCEPTIONS
  • The primary form of communication between business and IT is based in processes. Capital deployment processes and requirements gathering processes are just two examples among many.
  • The Requirements Document forms the basis of the contract between IT and business for all new or changed deployments
  • The IT budget is separate from the business budget and must be separately managed. The CIO is responsible for that budget. Containing its growth is a frequent budgeting objective.

And the list can go on – each reader can add bullet points to the list and most can recognize their organizations and history in these bullets.

It is time to change. The notion of all information technology resources reporting to the IT organization is as obsolete as suggesting that all human resources need to report to the human resources department.

Consider A Different Model

As an alternative, consider the following:
  • The CIO is a partner of each business unit, participating in strategic direction and supporting strategy deployment. No longer is IT pitted against the business to control its destiny and to ensure that only IT initiated and approved direction gets implemented. While IT controls corporate infrastructure, it does so with the sole objective of meeting business expectations and both current and future needs, in a cost effective and responsive manner.
  • The only information technology resources reporting directly to the CIO are those resources supporting multiple businesses and the enterprise as a whole. That would include technical infrastructure planning, deployment and management, legal and reporting compliance, human resource development and retention and program management standards and compliance (PMO). Careful examination of which resources should report centrally rather than report to individual businesses needs to be driven by common sense, economics and a mindset that if something can be done better centrally (e.g. email or help desk), it is in the best interests of IT and the business units to figure out how to make it work.
  • Information technology resources associated with a business report to the head of that business
  • IT manages the careers of those resources. Included in its management scope is human resource development, co-hiring between business and IT, career development, leadership continuity, equal participation in salary and promotional decisions, professional development and program deployment process development, support and program assessment.

This model does not assume that anarchy prevails.

Technology resource deployment is managed by IT for the enterprise. Its goals include business responsiveness. Business units operating under this model are not authorized to contract for IT resources outside of a collaboration with IT. For example, deploying cloud tools must be a joint decision, and the governing philosophy is one of meeting business needs in a timely and economical manner while preserving a rational and supportable infrastructure for the enterprise.

System Deployment Example

Let’s examine how system development and deployment would operate under this model.
The setting of requirements, it is argued, is essential to developing or deploying IT capabilities. Far too often, business sets the requirements and IT becomes accountable to deliver on them. Collaboration between the two often takes the form of a hand-off.

I suggest that this is an obsolete model, one that pits IT and its business clients against each other, in a game of chicken to see who fails first. And as experienced in numerous environments, more often than not, there is a failure.

A better model is a collaborative model. For this purpose, I will use a system deployment project, one in which the organization acquires a license to deploy a vendor software product and proceeds to implement that decision. It applies equally well to development projects, with some tuning.

  • Start with understanding and documenting current business processes. How are you doing the work that is subject to your proposed project? What are the strengths and weaknesses of the current process? This is a joint business and IT role, with the shared goal of improving the business by first understanding its current operation, then improving on it.
  • Next define the changes to the current process that you (meaning a collaborative Business and IT team) wish to make. Document the changes creating a target process design, and estimate the benefits of the recommended changes. Benefits can come in many forms – for example, revenue generation, cost containment, compliance, entering new markets, improving service capabilities, and more. Be clear and specific about the benefits. This will not only be helpful in justification of the project, but also will prove valuable as trade-offs between system scope/capabilities, cost and time are addressed downstream.
  • Develop a document which defines the capabilities you are seeking to realize these business benefits. To borrow a chapter from Agile, developing use cases at this point in the process rather than a traditional requirements document will provide a jump start to testing, and will assist in focusing on the full capability set that you desire. Set phases (sprints) to deliver capabilities on a schedule, rather than waiting for full deployment to complete to begin recognizing benefits. Be certain that each phase has measurable benefits – and measure their achievement!
  • Survey the market. Even if your bias is to develop your own system from scratch, understanding the options available in the market will broaden thinking and likely will enrich the target process design.
  • Look at the match between available commercial products and your target process. Considering benefits of the target process changes, examine carefully if your target process can be changed to fit the capabilities of market alternatives. This is an often skipped step, resulting in custom developments where minor process modifications can result in a more cost effective and market effective solution using commercial software with minor enhancement to meet the business need faster than a custom development.
  • Select a solution, and select a minimum of two vendors who can potentially meet those business needs. Negotiate with each, finding the best solution that each can offer. Criteria for selection, among others, include responsiveness to business needs, ease of implementation, degree of customization (less is more) and of course cost, vendor track record, risk assessment and others. Base contracting with the selected vendor on meeting requirements and use cases. These must be a part of the contract, so that there is no misunderstanding of deliverable capabilities.
  • From here, implementation begins, guided by a tight and complete project plan that is developed, assigning accountable parties for each task. Communication is essential to success, as in any project. There is no YOU and WE, but only US as implementation moves forward.

In Summary

So in summary, information technology has a large and growing role in business enterprises. No longer is it simply a back office nicety. It is in the front line of business, and in fact, the use of information technology is the business in many cases.

There is clearly a centralized enterprise-wide role for technology infrastructure provisioning and management – clouds, email, security, compliance and backup/redundancy are part of that role’s function. But there is also a large impactful role of working to optimize business needs. Business facing technologists need to implement and where useful, drive technology solutions to business problems and opportunities.

Perhaps it is time to call the question – many have argued that CIO = Chief Innovation Officer. Nonsense. The business needs to lead its business, with strong participation from all relevant disciplines, including IT. Perhaps the best posture for an IT organization is to (1) own infrastructure as defined above, and (2) ensure that business units are staffed with competent technology experts. The IT organization needs to set standards, policies and best practices for those in technology roles, and oversee the career development of those resources. Direct line reporting is unnecessary – direct influence however is a requirement for success.

This view is perhaps out of step with those arguing for centralized IT with increased power. And many reading this blog will say that they are already doing much of what is advocated here, and hence the direct reporting of IT resources to business unit leadership is not necessary.

Clearly this is not a prescription for every IT organization in every company. But it is a direction that should be evaluated to assess its benefits for overall enterprise technology success.

I would value the opportunity to discuss your views. Please contact me at

Monday, October 8, 2012

Project assessment service - promoting project success

Business and IT leaders have been in a difficult situation for several years…and it is pure speculation to suggest that the challenging times are ending. No matter what happens in the broad economy, you will still be focused on making do with tight budgets and high performance expectations.

Many leaders I speak with remain concerned that project performance falls short of excellence. Late delivery and failure to meet user needs and expectations as well as budget overruns are common. Many believe that they are adequately staffed to lead their own projects, and yet problems still arise.

We at SIM Associates can offer assistance in this situation. Our project assessment service can help you answer questions like the following:

·         Is my project plan logically consistent, realistic and sound?

·         Are my resources (both business and IT participants) properly equipped to deliver what I need done?

·         Is proper commitment of resources (quantity, time allocation, work priority) in place to meet my goals?

·         Are my requirements sufficiently clear and specific to fully represent user needs and expectations?

·         Is my test plan robust and complete? Are necessary resources in place to execute and manage testing?

·         Is a workable and committed project governance structure in place?

·         Is my reporting to all interested audiences – users, business management, IT management, others - sufficiently detailed and specific to demand attention and drive necessary actions and decisions?

·         Is there a functioning change management process in place?

·         And the list goes on…

Project assessment is a service that can be invoked on a one time basis or periodically throughout a project’s execution to answer key questions such as those above, and to elicit recommendations to address gaps in your current execution.  As with all SIM Associates’ services, it is based on a sound process that is customized to align with your specific goals and needs. This is not a ‘canned’ package, but instead is one highly tailored to each engagement.

I would be pleased to explore your needs and our capabilities with you to help you achieve the project excellence you desire. Let’s talk at your convenience.
Bob Kotch

Friday, May 18, 2012

Cloud Services – A Decision Maker’s Guide

Cloud Services – A Decision Maker’s Guide

Much has been written about the Cloud and its impact on business. The Cloud represents a powerful tool for businesses to employ in their quest for success. It offers some distinct advantages, and like all solutions, comes with a price tag. Only the particulars of a business situation can determine if this is the right tool to select.

This blog outlines some of the considerations in cloud deployment to help practitioners make business-beneficial choices.

The first matter to be addressed is to define the problem you are trying to solve and articulate your goals. Some goals that relate to Cloud deployment decisions include:

·         Rapid short term or long term capacity provisioning

·         Creating intermediate to long term infrastructure  capacity flexibility

·         Infrastructure modernization/enhancement

·         Deployment of integrated applications and infrastructure, such as a deployment

·         Managing/minimizing capital requirements

And the list goes on – it is limited only by your creativity.

 No matter what your goals are, there are several factors that should be taken into account in the decision process. Among them are the following:

·         Security

·         Cost

·         Transition both to and from the Cloud platform

·         Are the savings real?

·         Lifespan

·         User considerations

Security is a significant factor. Your data will be stored outside of your environment if you opt for a public cloud solution. Where is the data stored? How is backup managed? How accessible is it to your user community? What safeguards are in place to ensure that it is protected from mal-use?

Cloud vendors will tell you that their environments are secure and protected. Understanding the details is critical – you cannot let security be compromised and hence a detailed understanding of where data is stored, how it is backed up, how access is protected and how authorities are to be managed are critical questions in selecting a solution. In the case of a private cloud deployment, the same questions apply, although external access is more secure due to your corporate firewall deployment.


Art Wittmann, writing for Information Week recently, noted that cloud costs tend to be decreasing and contracts for cloud services should include that as a consideration. Moore’s law has continually lowered the cost of storage and therefore by implication, the cost of cloud services. Any agreement with a cloud provider would need to include price protection – not only from increases, but also guaranteeing that you benefit from decreases in provider cost and therefore market price of newly contracted cloud services. A favored nation clause can help here, but it is often difficult to quantify and to administer.


Moving to a cloud solution will incur some cost and effort. Is that well understood? Are the resources in place – either on staff or contracted – to effect the transition seamlessly?  The analysis of any technology deployment should include all costs and benefits. Moving of any application or data to a cloud provider will incur some costs. That is clear. Equally clear, the costs of moving the application and/or data back to the internal environment – as certainly would be the case in a short term capacity enhancement – should be well understood. What is the process and what are its requirements and costs? Will there be a period where your application or data may not be available for users? What are the consequences of this, and what is a mitigation strategy? There is no need for granular disengagement planning at the point of engagement of a cloud provider, but an understanding of the process and costs of disengagement will inform decision making.

Realization of Savings

In any analysis of change, it is critical to ensure that savings forecasted will be realized. What will become of un-depreciated current storage investment if you migrate to a cloud environment and the current equipment is no longer of use to the business? Will you save labor by migrating? What will happen to those employees whose work will be displaced? Will their capacity be absorbed in departmental overhead? Will they be reassigned to work that would be funded independent of the cloud decision? You get the idea… So often ‘savings’ are defined at the cost study level but no operational plans are in place to realize the savings. The caution – make sure forecasted savings are realized and that someone is accountable for their realization.


As all IT professionals have learned, there is no ‘final solution’ to a challenge. Technology evolves and so do solution options. Hence the Cloud is a current advantageous tool, and it will be replaced at some point in time by something bigger and better. This has always been the case in IT, and I project that will continue to be true in the future.

For that reason, careful consideration of solution lifespan is important. You will be investing some resources to move to a Cloud solution. That investment will have a lifespan – the consideration of full lifecycle costs is a necessary ingredient to any economic analysis.

I am not suggesting that when a new technology emerges, you will necessarily move to it. Instead, I am merely suggesting that you consider the likely lifespan of the Cloud solution you are considering – it will yield insights as to the economic advantage of the steps you are considering now.

User considerations

Any actions by IT need to be driven by the best interests of the business. Careful consideration of user impacts, both benefits and challenges alike, is essential.

In Summary

The bottom line is this – Cloud options offer the potential to create business value – potential cost reductions, deployment speed improvements, capacity enhancement, modernization of infrastructure, user flexibility, etc. This is a valuable tool whose benefits and costs should be assessed in a balanced way.

 Bob Kotch

Monday, March 5, 2012

How Projects Fail

How Projects Fail

I speak to many IT professionals, and each has a story about a project that went terribly awry. One of the most frequent project related questions we all get is some form of “tell me what you learned from your last project, and what you would do differently.”

There are many reasons that projects get into trouble. So instead of focusing on a particular project, I thought in this Blog that I would outline a high level but composite picture of some of the activities that can help assure project failure – “What can I do to be certain that my project will fail?” Certainly in my zeal to describe failure modes as a primer to help practitioners avoid disasters, I will miss some prime failure opportunities. Help us all by adding the failure modes I may have missed.

With that as a backdrop, let’s start at the beginning.

1.       No need for a vision! If there is a need for a project, we all know it. So let’s not waste time with a vision, definition of what we are trying to accomplish, project charter, success metrics or any of that overhead. It takes time away from doing the project.

2.       Forget requirements documents – look at software available in the marketplace and decide if it is ‘good enough’ to meet your needs. Don’t waste time with a detailed and comprehensive requirements document. It detracts from getting started on the project!

3.       Select a vendor based on demos. We will know if the product meets our needs – we just will!

4.       Negotiate the vendor contract as early and as quickly as possible. Don’t bother appending requirements, performance metrics, delivery commitments and consequences of non-delivery. Let the vendor manage their end of the project and don’t worry about it. After all, you know this is the right vendor for you! They do this all the time!

5.       Think of this as a system deployment. Don’t get distracted by the business needs or by process reengineering or modification. It will distract you from the real goal – get the new system in and working.

6.       Don’t be overly concerned about resources. The business wants the project done – they will find a way to participate and get their part done. Where there is a will, there is a way.

7.       Don’t spend time defining the decision making, review and communication processes for the project. These administrative distractions will only slow you down.

8.       Set the golive date, build a plan and relentlessly track it. The plan is the plan – take no prisoners. Get it done, no matter what. Meet the plan and timeline – that is the goal!

9.       Take shortcuts where you can. Detailed documentation of use cases, process change and the like takes time and will detract from meeting the sacred system deployment goal.

10.   Go light on user training. They will get it…after all, this is the right system and it will work just fine. Be willing to make compromises here to get it done.

11.   Don’t worry about scope creep – if new understandings emerge, they can be accommodated in the project. Don’t let that slow you down.

12.   Conversely, if your team identifies some needs that cannot be accommodated, don’t let them get away with it! There is no phase 2 – this is it.

13.   During the project, let your team focus solely on getting it done. Don’t engage in periodic review by an unengaged expert body such as a PMO review. Wastes time, distracts from the goal – get it done.

14.   Don’t engage numerous committees to oversee the project. Executive steering committees, project teams, tech teams and the like are a waste of time. Focus instead on getting it done; speaking with whomever you can find to be engaged to help. Don’t get process bound.

15.   Don’t worry about politics. The project lead can make all necessary decisions.

16.   Defer thinking about support of the system after the project is in production. It will emerge naturally and take care of itself. The same goes for setting a transition support period between deployment and normal ongoing operation. Overhead – shun it!

Any one of these factors can cause project failure. Taken together, they virtually guarantee it. Proceed wisely!

For more information, see

Bob Kotch – -@Bob_Kotch

Sunday, February 26, 2012

Personal Online Security

I had the opportunity to attend a meeting on February 24 at the New York Federal Reserve Bank. It was arranged through Fordham University, and the focus was cyber security.

Much has been said on this topic – and the more I hear the more frightening it gets. I will not try to summarize the presentation or the discussion that ensued among participants, who included CIOs of several major private and public institutions. It is far too complicated to capture in a single blog entry.

But the meeting caused me to think about personal security. Many of us have online access to bank accounts, credit cards, private information (e.g. email and contacts and calendars) and other highly confidential information. We are all used to two factor security arrangements (i.e. a user id and password). Some of us have had experience with one time passwords and other personal methodologies as well.

Keeping track of passwords is a challenge. So some of us store them in Outlook. Others use various ‘secure’ password storage facilities that are generally available. The common weak link to all of this is our email identity.

Why do I say that? What happens when you forget a login id or a password? Often you need to answer a preselected security question but in most cases you get a link emailed to your email account of record. That link ‘authenticates’ that the authorized party is requesting the password change, and allows it to be made.

But what if a hacker has access to your email account? Unless you are carefully monitoring your email account, and even if you are, a hacker can intercept that email link, change your password and access your private information, credit cards, bank accounts and who knows what else. And by time you figure it out – if you do – the damage is done and is irreversible.

What are we to do? There is no simple formula nor is there a foolproof methodology. I suggest the following as a starting point.:

1.       Eliminate all stored passwords from Outlook contacts and other repositories

2.       Use a unique password for every important access point of interest – personal information, banks, credit cards, email, etc.

3.       Change passwords often – monthly or more frequently for critical access points such as bank account access

4.       Change your email password very frequently – weekly!

5.       This will cause you to worry – as it does me – about how to remember all of these rapidly changing passwords. The process I suggest is to change your email password, then immediately request a password change at the site you wish to access. Use complex passwords – a combination of capital and lower case letters, numbers and if allowed by the site, special characters. Make sure the passwords have no meaning.  Do not worry if you do not remember it – you can do this for every access if need be.

6.       NEVER access any accounts or email via unsecured wireless connections.

7.       Secure access to mobile devices – PCs. Tablets, phones – though a password.

Is this enough to provide absolute security? No – the bad guys are continually seeking to find new ways of intruding on your privacy. But it is a start. Is this a pain in the neck to do? You bet. But losing your assets or personal identity is a bigger pain.

For more information about SIM Associates, please visit You can access this blog directly from there, as well as directly at