• Save
Where worlds collide: Agile, Project Management, Risk and Cloud?
Upcoming SlideShare
Loading in...5
×
 

Where worlds collide: Agile, Project Management, Risk and Cloud?

on

  • 950 views

The new CIO is expected to be truly agile, deliver transformational value using new technology based services and have a deep understanding of, and engagement with the business – all whilst managing ...

The new CIO is expected to be truly agile, deliver transformational value using new technology based services and have a deep understanding of, and engagement with the business – all whilst managing and mitigating risks. In addition to this, the CIO is also expected to be a ‘business partner’ in the real sense of the word. On top of these factors, Cloud is often seen in the eyes of business as a metaphor for timely change, and a convenient ‘get out of jail’ card in their push to lower IT cost, and collapse IT project lead times.

In this context, ensuring the effective orchestration if the various ‘best practice’ methodologies and frameworks in the areas of agile application development, project management and risk management, all whilst managing the whole ‘Cloud’ discussion is not a trivial task.

In this presentation, Rob Livingstone explores the key systemic and technical risks associated with the concurrent adoption and management of agile application development methodologies, project management, hybrid cloud and mobile devices within the enterprise in today’s volatile environment.

Statistics

Views

Total Views
950
Slideshare-icon Views on SlideShare
888
Embed Views
62

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 62

http://polgahawelatown.com 62

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Where worlds collide: Agile, Project Management, Risk and Cloud? Where worlds collide: Agile, Project Management, Risk and Cloud? Presentation Transcript

    • Where Worlds Collide- Agile,Project Management, Risk andCloudGold Coast, AustraliaROB LIVINGSTONE- Fellow, University of Technology, Sydney, Australia, and- Principal, Rob Livingstone Advisory Pty Ltd 29th August 2012 © All rights reserved. Rob Livingstone Advisory Pty Ltd ABN 41 146 643 165. Unauthorized redistribution prohibited without prior approval. ‗Navigating through the Cloud‘ is a Trademark of Rob Livingstone Advisory Pty Ltd.
    • What I will be covering• Agility, then adding in...• Project Management, then adding in....• Mobility, then adding in ...• BYOD, then adding in ...• Cloud, then exploring• Systemic Risk to your organisation• Managing the mixed messages• Orchestrating the transition – some take-aways
    • Agility
    • Where Worlds Collide? Agile, Project Management,BYOD, Risk and Cloud Let’s briefly explore the topic of ‘Agile’ The “Asymmetry of expectations” Question: Is your organisation expecting IT to be more ‗agile‘ than they themselves are able to be? The focus is on agile 1. What is agile? 2. Core values 3. Why agile?
    • Where Worlds Collide? Agile, Project Management,BYOD, Risk and Cloud What is agile? • Agile is about people, collaboration, working culture • It is not just SCRUM • Agile is not just for IT – applies to entire organisation! Core values of Agile Value Individuals and interactions over processes and tools Value Working software over comprehensive documentation Value Customer collaboration over contract negotiation Value Responding to change over following a plan Agile manifesto - Published in 2001, a one-sentence narrative, four core values, and 12 principles www.agilemanifesto.org
    • Where Worlds Collide? Agile, Project Management,BYOD, Risk and Cloud Why agile? It is not necessary to change. Survival is not mandatory -W. Edwards Deming William Edwards Deming (1900 – 1993)
    • Project Management
    • Where Worlds Collide? Agile, Project Management,BYOD, Risk and Cloud Is business losing or has lost patience with Enterprise IT? The answer has to be „Possibly!‟ • Forces actively shaping the transformation of enterprise IT • Other than the failure rate of enterprise IT projects…. • The need to ‗simplify IT‘ in the eyes of the users, plus • The ‗need for speed‘ , plus • The need to cut costs…. ….Makes cloud particularly appealing compared to internal IT • This can trump appropriate risk, total cost, project management governance in organisations aggressively shifting to the Cloud • Where does that put the individual disciplines and conventional methodologies associated with application development, project and risk management? • The pressure on enterprise IT is mounting!
    • Where Worlds Collide? Agile, Project Management,BYOD, Risk and Cloud One-size-fits-all approach Vs. Agile (PMBOK, PRINCE2) Vs.
    • Where Worlds Collide? Agile, Project Management,BYOD, Risk and Cloud One-size-fits-all approach Vs. Agile (PMBOK, PRINCE2) Vs. Changes in Changes in master project project plan plan are seen seen as as ‗negative‘ - ‗opportunities‘ Discouraged – Inherent
    • Where Worlds Collide? Agile, Project Management,BYOD, Risk and Cloud Agile in Project Management Important concepts include…. 1. Minimising project risk by working on short iterations of clearly defined deliverables. 2. Contingency planning in agile PM needs early and proactive risk detection 3. Direct communication between players in the development process is the default. (ie: Not exhaustive project documentation). Rationale: Project team can rapidly adapt to the volatility in changing requirements or environment
    • BYOD CIO.com
    • Where Worlds Collide? Agile, Project Management,BYOD, Risk and Cloud BYOD or Bring Your Own Disaster? Mobile Devices • Are powerful cloud access devices • Extend the perimeter of your cloud • Disperse the perimeter to your cloud Have the potential to increase the vulnerability • The compromising of one of these mobile devices could be significant and compromise your entire cloud. • Use policy based key management regimes for your data. Question: Is the war ―lost‖ on BYOD in your organisation?
    • Where Worlds Collide? Agile, Project Management,BYOD, Risk and Cloud BYOD • Reflects the increasing demands of users and organisations of their own IT departments to be increasingly agile and responsive to their needs when it comes to iPads, tablets and other mobile devices. • Read the NIST Draft Guidelines http://csrc.nist.gov/publications/drafts/800-124r1/draft_sp800-124-rev1.pdf
    • Where Worlds Collide? Agile, Project Management,BYOD, Risk and Cloud BYOD requires management: .. Some suggestions… 1. MDM (Mobile Device Management) systems (Remote wipe, policy enforcement) 2. Introduce a non-porous Virtual Desktop environment • No data can flow between the Cloud system and the mobile device itself 3. Containerisation: • Segregates corporate from personal data and applications • Enforces encryption and prevention of data leakage between containers • Application / device specific therefore can be a challenge to expand across the entire mobile environment for all applications.
    • Cloud
    • Where Worlds Collide? Agile, Project Management,BYOD, Risk and Cloud The most quoted Definition of Cloud: Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or cloud provider interaction • US National Institute of Standards and Technology‘s (NIST) definition
    • Where Worlds Collide? Agile, Project Management,BYOD, Risk and Cloud The most sensible Definition of Cloud: ―Forget your technical definition of the Cloud, ask your mom what the Cloud is…. …And what your mother will tell you about the Cloud is that it means it‟s not on my computer.”* Dave Asprey – Global VP, Cloud Security, Trend Micro * Navigating through the Cloud Podcast Episode 23 in iTunes
    • Where Worlds Collide? Agile, Project Management,BYOD, Risk and Cloud Hybrid will be the dominant form in the enterprise ―Within five years, it will be primarily deployed by enterprises working in a hybrid mode‖. - Gartner Gartner "Predicts 2012: Cloud Computing Is Becoming a Reality‖ (Published: 8 December 2011 ID:G00226103)
    • Where Worlds Collide? Agile, Project Management,BYOD, Risk and Cloud …. And with the Hybrid Cloud …. …..comes complexity… and complexity introduces.. Risk In areas such as: • Change control, Rollback • Security • Identity Management • Due diligence • ‗Big-Data‘ • Business Intelligence – Dashboards and drilldowns • Forensics / eDiscovery • BYOD • Mobility • Legislative / Jurisdictional • Contractual complexity ….. To name but a few
    • Where Worlds Collide? Agile, Project Management,BYOD, Risk and Cloud What are the dormant risks in your Cloud contract? It‟s YOUR brand at stake, not the vendors!
    • Where Worlds Collide? Agile, Project Management,BYOD, Risk and Cloud • You‘re counting on SaaS vendor in order to provide all the multi-tenancy for your data. • You hope they‘ve written their applications well, secure their databases, and so on …. • You‘re sharing the database with everyone else.
    • Where Worlds Collide? Agile, Project Management,BYOD, Risk and Cloud The Inverted Risk Pyramid HI RISK Major enterprise instances, with complexity, scale, risk, compliance, deep integration, long term Integration, enterprise governance needed Commodity / non- integrated Cloud applications LOW RISK
    • Where Worlds Collide? Agile, Project Management,BYOD, Risk and Cloud Is the Systemic risk increased by the combination of: – Hybrid Cloud – Mobility – BYOD?
    • Where Worlds Collide? Agile, Project Management,BYOD, Risk and Cloud Hybrid cloud can contribute to…. • Increased vulnerability due to its fragmented architecture and larger surface … • however if it is properly architected, risks largely eliminated by implementing measures such as… o Deploying effective policy based key management processes o Properly segmenting your public and private clouds o Encrypting each part of the hybrid Cloud with separate keys o … amongst other measures
    • Where Worlds Collide? Agile, Project Management,BYOD, Risk and Cloud Mitigate risks by defining and assigning key roles in your Cloud environment. – Define your Cloud Reference Architecture by reviewing applicability against published models (Eg NIST*, IBM, etc) – Ensure you do not miss important roles (Eg: IBM CCRA does not include Cloud Broker, Cloud Auditor yet included in NIST CCRA) * National Institute of Standards and Technology
    • Where Worlds Collide? Agile, Project Management,BYOD, Risk and Cloud The emergence of the „Cloud Broker‟
    • Where Worlds Collide? Agile, Project Management,BYOD, Risk and Cloud IT Department in the Cloud?
    • Where Worlds Collide? Agile, Project Management,BYOD, Risk and Cloud Remember this slide? Why is brokerage a real consideration? Also: • Change control, Rollback • Security • Identity Management • Due diligence • ‗Big-Data‘ • Business Intelligence – Dashboards and drilldowns • Forensics / eDiscovery • BYOD • Mobility • Legislative / Jurisdictional • Contractual complexity ….. To name but a few
    • Where Worlds Collide? Agile, Project Management,BYOD, Risk and Cloud "Cloud consumers should budget for additional integration costs which can range from 10% to 30% — and sometimes as high as 50% — of the total cost of cloud IT projects.― Gartner Predicts 2012: Cloud Services Brokerage Will Bring New Benefits and Planning Challenges - Published: 22 November 2011 G00227370 Let‘s explore the reasons why in a bit more detail …..
    • Where Worlds Collide? Agile, Project Management,BYOD, Risk and Cloud Agile in Risk Management • Time horizon misalignments: o Agile is based on short time cycles o Conventional Risk Management: Time to identify, plan mitigation and implement Risk management over a comparatively long timeframe • Categorisation of risks as part of the conventional Risk Management process not helpful in identifying the enterprise-wide systemic risks….
    • Systemic Risk
    • Where Worlds Collide? Agile, Project Management,BYOD, Risk and Cloud Systemic vs. Technical Risks • Systemic risks are those with the greatest potential impact as they affect the entire system (ie: Organisation, government, country, world…) • Case in point: How is that the finance industry, which is one of the more regulated, and invests heavily in risk identification, mitigation and transference could be the cause of the current global financial problems? • Systemic risk for the enterprise is the silent killer and is often the hardest to identify as only a few have a complete, transparent and objective overview of the overall enterprise. • Mitigation through approaches such as Enterprise Risk Management (ERM), origins in fraud, organisational governance, and underpins the insurance industry • Applicability to IT – Cloud especially – not often discussed
    • Where Worlds Collide? Agile, Project Management,BYOD, Risk and Cloud Systemic vs. Technical (or Functional) Risks • Identifying, categorising and ranking technical and functional risks is core to conventional IT risk assessment approaches: o Risk of a specific event = (Impact x Probability of that event occurring) + Risk Adjustment • Underpins conventional risk certification frameworks e.g. ISO2700X • Compliance does not necessarily equal security or effectiveness of your risk management model • The categorisation of risks into functional and technical categories does not help in the identification of systemic risk • Focusing on the diverse range of technical or functional risks, does not account for the interaction between risks. • Systemic risks are mostly more significant than the sum of the individual risks
    • Managing the mixed messages
    • Managing the mixed messages A recent survey* referred to by Forbes claims that ―a meagre 3% of companies considering Cloud consider it to be too risky.‖ This was based on a survey of 785 companies, implying the inevitability of Cloud. Not atypical of research in Cloud, this survey was conducted by a firm that has investments in the Cloud industry, with 65% of respondents being vendors so one could say that the results were not totally unexpected.http://www.forbes.com/sites/joemckendrick/2012/06/20/cloud-computing-simply-isnt-that-scary-anymore-survey/
    • Managing the mixed messages Business fears being left behind? "By 2015, nearly $1 of every $6 spent on packaged software, and $1 of every $5 spent on applications, will be consumed via the SaaS model." "By 2012, about 83% of all net-new software firms coming to market will be operationalized around creating, testing, selling, and provisioning a service versus a packaged product (CD)." "By 2015, about 24% of all new business software purchases will be of service-enabled software, and SaaS delivery will constitute about 13.1% of worldwide software spending across all primary markets and 14.4% of applications spending." ICD Dec 2011 Doc # 232239
    • Managing the mixed messages 24% of CEOs surveyed in the 2012 PWC CEO Survey 75% of CEOs plan to change innovation capacity in 2012, of which 24% expect ‗major change‘, underpinned in part by technology. The eighth annual KPMG 2012 Audit Institute Report identified ―IT Risk and Emerging Technologies‖ as the second-highest concern for audit committees, which is unprecedented in the history of the report.
    • Managing the mixed messages • So, in a nutshell, there are mixed messages out • On the one hand organisations demand speed, innovation, agility and value, largely facilitated by technology. “Organisations that adopt new „transformational‟ technologies, Cloud in particular, without effective consideration of the enterprise wide, systemic and longitudinal risks, are potentially either setting themselves up for future problems, or not maximising the opportunities, or both.” – Rob Livingstone
    • Orchestrating the Transition – some Takeaways Consider these 5 pointers:
    • Orchestrating the Transition – some Takeaways #1: Adopt an integrated approach to function specific methodologies • Standardised, traditional methodologies within specific disciplines such as Project Management, agile and information security, in and of themselves, are self limiting. • Each discipline is only really effective when applied in a coordinated orchestration with the other key moving parts of the organisation • IT is well placed to help facilitate this, due to its unique perspective of the organisation as a whole.  Harmonization of functionally specific methodologies unleashes value and eliminates waste
    • Orchestrating the Transition – some Takeaways #2: Manage the conflicting messages • Cloud evangelists see cloud as imperative, others not • Executives and line of business managers all have volatile expectations of enterprise IT • ‗Fairies at the bottom of the Garden‘ promises for the latest IT ‗transformational technology‘ • Opacity of risk  Develop an effective mechanism for interpreting these messages in the context of your business
    • Orchestrating the Transition – some Takeaways #3: Actively identify, embrace and managing shadow IT ―Shadow IT can create risks of data loss, corruption or misuse, and risks of inefficient and disconnected processes and information‖ – Gartner*  Embrace shadow IT, and define what and what is not eligible to be considered enterprise IT  Meet the challenge *CIO New Years Resolutions, 2012 ID:G00227785)
    • Orchestrating the Transition – some Takeaways #4: Identify systemic risks across the organisation • Systemic risks can kill your business • As CIO, ensure you are seen as the trusted advisor by your peers  Ensure your executives and key decision makers are aware of long term, systemic risks should they make enterprise IT decisions without appropriate due diligence  Accountabilities for these decisions are to be clearly assigned  Consider implementing Enterprise Risk Management (ERM)
    • Orchestrating the Transition – some Takeaways #5: Local optimum vs. Global Optimum? • Senior managers with functional responsibility over specific vertical silos of the organisation may underestimate the overall complexity of their own business as a whole. • Resulting decisions may be sub-optimal for the organisation as a whole • From a functional perspective, specific methodologies exist to support specific activities, but may not mitigate enterprise-wide systemic risks  Help others see through the appeal of ‗simple IT solutions‘, that merely mask underlying business complexity.  Test assumptions if critical, and be proactive in identifying the risks for arbitration by the organisation as needed.
    • ThankYou!ROB LIVINGSTONE- Fellow, University of Technology, Sydney- Principal, Rob Livingstone Advisory Pty Ltd W1: www.rob-livingstone.com W2: www.navigatingthroughthecloud.com E: rob@rob-livingstone.com P: +61 2 8005 1972 M: +61 419 632 673 F: +61 2 9879 5004 @rladvisory © All rights reserved. Rob Livingstone Advisory Pty Ltd ABN 41 146 643 165. Unauthorized redistribution prohibited without prior approval. ‗Navigating through the Cloud‘ is a Trademark of Rob Livingstone Advisory Pty Ltd.