Larry Moran, Executive Vice President - Chief Information Officer, CommonHealth

Q: What are some of the unique challenges to managing IT within an ad agency?

A: " The unique thing about advertising agency technology is that sometimes it enables the work, while at other times it is the work. We need to balance delivery of core technology services to our traditional agencies with support for our digital agency that does Web development and digital video production. Along the way, we are also a service department within a service business. We need to ensure that our business users have the tools they need to make their clients happy and that CommonHealth has the tools it needs to stay profitable and efficient while they do it. If we do our job properly, we can influence how our agency delivers work today, and what form the work will take in the future. "

Craig Bickel, CIO, Lawson Software

Q: What is the biggest challenge to overseeing the IT issues for a global organization?

A: " Perhaps the key IT challenge in a global organization is managing the tension between running the business while providing the foundation for new business models. As companies globalize functions and processes, moving to shared services environments and standardizing processes and service delivery globally, the IT function must provide common, integrated services to support the organization. While this transformation is happening, the IT organization also has to support legacy environments and operations, which can consume more than half of available resources. This often feels like changing the wings of a fully-loaded cargo plane in midflight. Success hinges on management commitment and involvement, flexible staffing and funding models, and a committed and motivated organization. Difficult? Yes. But it must be met if global companies are going to realize the benefits of scale and scope that their size should provide. "

Bob Green, CIO and CPA.CITP, insync Information Management, LLC

Q: Is regulatory compliance still a major issue for CIOs?

A: " It's absolutely a disaster right now. Companies are trying to deal with records management in order to get the information in the hands of people who need it most and also remain in compliance with things required by law. There are other regulatory pressures beyond Sarbanes-Oxley and HIPAA. Email security and archival destruction procedures as well as the Federal Rules of Civil Procedure, which calls for availability of information for a litigation matter, are also a factor. It's all-encompassing. The concept of information and records management gets more pervasive every day with the use of email and Blackberrys. That's really hard to do. Information management isn't just about the CIO job. It's a bigger issue than IT. It's what is important to Finance and to the executive branch as well and should involve both the CFO and the CEO. It is their fiduciary responsibility to protect their assets. "

Tim Toews, CIO, Office Depot

Q: What challenges do CIOs at global organizations face this year?

A: " CIOs at large, global companies like Office Depot will be facing a number of challenges over the next few years. But with those challenges come a number of opportunities for positive change and growth. The top challenges that I see CIOs having to conquer are alignment to business and speed to market with IT solutions; delivering IT solutions at an appropriate cost and that we consistently meet our expected ROI; understanding the importance of security and of course compliance; motivating associates and offering them opportunities to develop their skill sets and work with new and innovative software; globalization; complexity of systems; and stability, where IT needs to be dependable and deliver stable and available platforms. "

Greg Buoncontri, CIO, Pitney Bowes

Q: How do you manage IT priorities in a weak economy?

A: " It's about alignment and governance and setting priorities. For the most part, IT organizations have been efficient with their spending, but deciding which investments should get precedence over others and how you govern and stay aligned with your business partners can be a challenge. There's always more demand for IT services than there is man power or financial capacity to fulfill it. That's the reality of the IT industry, whether you are in flush times or lean times. We try to balance the company's priorities. You are constantly juggling. All the constituencies can't be served. There's internal governance which consists of trying to get business cases built for IT investments. Your workforce isn't fungible. If your priority has been sales force automation systems for three years, and the next two years the priority is the supply chain, it's not easy to shift the resources into that other discipline. The skills may be different; the technology is different. It's hard to deal with these very steep, cyclical changes. You wind up training, hiring and looking to third party providers to assist you. There has to be a good governance mechanism, and you need to communicate to key stakeholders outside of IT so they understand the way decisions have been made and the way priorities have been set. If priorities are well understood by the company, they get it. If you don't have alignment in the organization around priorities, there are going to be groups who feel they are not being supported which leads to dysfunctional behavior and IT becomes a block. "

Martin Trzaskalik, CIO, cleverbridge

Q: How are you dealing with the current spam and security threats within your organization, such as botnets, phishing, spoofing, spyware and the like?

A: " Cleverbridge employs two strategies to protect both its internal office environment and its service platform from attacks. First, we have securely configured our infrastructure, making sure that all of our systems are hardened, all the latest available patches and up-to-date anti-malware tools have been run or installed, and we only grant access rights that are absolutely necessary. Equally important, or perhaps more so, is our second strategy: user education. Phishing attacks initially were successful because they hit an unprepared and uneducated audience. This is essentially true for every emerging threat. Ensuring that the technical staff, as well as all company employees, is familiar with new threats is a key to successfully thwarting attacks. It's about being proactive versus reactive. "

Ken Fell, CIO and Vice President of Information Technology, New York Independent System Operator

Q: Is NERC making energy IT better?

A: " No. The only thing NERC is doing is putting security standards on us. We have lots of agencies that give us security standards and none of them are quite the same. That costs me something. It becomes a resource issue. We don't have any issue with the standards. We're trying to figure out how to provide the documentation required. How do I stay compliant with all of them and still maintain a budget and level of resources to be able to do it?

Security is a big deal, but that doesn't necessarily make me better at what I do. That's a critical component, but does it help me be more efficient and have a quality product? That's not even in the game. "

Matt Ebaugh, VP- CIO, Silvercross Hospital

Q: There is often a big challenge in adoption of electronic medical records (EMR) technology among physicians. What is at the heart of this issue?

A: " There are three reasons why physicians are reluctant. There's the price versus benefit issue. Physicians want to know what the value equation is. The second is about changing the process of how they have been practicing medicine. Physicians who've gone through their residency with EMR are more likely to accommodate the adoption of EMR. The third reason is a little more controversial, and it's the unspoken one. It is the fear of privacy concerns and data sharing. There is unfortunately a great ignorance on all our parts on what the Health Insurance Portability and Accountability Act (HIPAA) is and is not. Banking solved the problem by putting in the Federal Deposit Insurance Company (FDIC). The federal government needs to drive that fear out of the medical community. The fear is real. Having gone through governance structure with physicians, I can tell you it's real. The great irony is that the old processes are much more non-private and insecure today. "

Mark Zielazinski, CIO, El Camino Hospital in Mountain View, Calif.

Q: Is the electronic health records (EHR) approach the Holy Grail in healthcare IT?

A: " I think it is. It's what everybody has been talking about, and I've been in health care since 1980. Here at El Camino Hospital, we've had physician order entry and results reporting since 1971, and all our pharmacy orders are done electronically, with no transcription. Although we've done some interesting things, I'd say we're still fairly far away from electronic records. I think the technical problems are easily resolved, but it's impossible to achieve because of security requirements. A national identifier for patients is a sociopolitical issue.  "

Steve Lapekas, CIO, Pegasus Solutions Inc.

Q: Which skill set is hard to find in an IT employee?

A: " In my role at Pegasus Solutions, I've found the most important yet hardest skill to find in an IT employee is advanced problem-solving skills. In our industry, we offer and work with technology to simplify tasks and business processes for hotels, travel distributors and travel agencies, which are brought together through an underlying complexity. An employee should one, understand the end-to-end process; two, isolate problems; and three, resolve issues in a dynamic environment. Our company is the global leader in providing reservations, distribution and commission processing technology. With a global presence, eager competitors, and so many products and services, it's key we find the right talent to not only "get it," but also continue to make it the best. "

William Gruszka, CIO, Southern Polytechnic State University

Q: Are there unique challenges for you in overseeing IT at a university that specializes in science and technology?

A: " There certainly are unique challenges. The primary challenge is managing user expectations, and it manifests itself in two different ways. The first is that at SPSU we use technology to teach technology. That creates an environment where the technology has to work. At more traditional universities, if the technology does not work, the professor can fall back to another method of teaching. At SPSU we have "hands on" technology in many of our classes and labs. If the technology does not work, the class cannot go on. The other challenge of user expectations is that as a science and technology university, we are expected to have the latest and greatest of technology at all times. Further, we have a high concentration of faculty who are very technologically savvy, which tends to magnify the situation. With the economic challenges facing all of us in higher education, meeting these lofty expectations is a continual struggle. We are forced to take a creative approach to investing in technology, while providing all of the services that our faculty and students need and hopefully most of the services they want. "

Jeff Huegel, Chief Security Officer, USi

Q: How do new regulations and laws concerning electronic document retention impact your organization?

A: " Organizations, ours included, are faced with conflicting requirements in the area of document retention. In the balance are laws and regulations that increase requirements for document retention vis-à-vis costs of storage, costs of security, and increased administration. In addition, companies need to be concerned about aspects of liability and discovery of long-term record retention. To strike the proper balance, we review and accommodate legislated requirements and develop or modify our company policies to meet the regulations in the most cost-effective manner. Then, the important element is consistency of policy enforcement. To manage liability and discovery risks, policies must be effectively and consistently implemented. Compliance with published policies is key to all aspects of effectively managing document retention requirements. "

Bernard F. "Bud" Mathaisel, Senior VP and CIO, Achievo Corporation

Q: What is the biggest challenge for you as a CIO in integrating analytics within your organization?

A: " Data sourcing is my primary concern. Even the most capable analytics engines will produce meaningless analytics if the source data are wrong. Achievo has three major sources of operations information: our enterprise resource package, which contains the transactions and financial audit trail for the outsourcing work we do; our customer relationship management system; and our project management system, which contains workflow and details about how we execute to client engagements, most importantly those that involve onshore and offshore coordination.

The challenge is to pick the data elements out of each of these systems that are relevant to a particular set of analytics. We must further ensure that these elements are properly posted into our data model and that they accurately reflect the situation under analysis. If we want to know revenue and profitability for a specific set of customers that have come to us through our prior work and relationship with those clients, we are going to need access to all three of the source systems. Management must ensure that the data are accurate and reflect a view of the information that is relevant to the analysis, such as in the last six months, for example.

Because these are the capabilities that we sell outside the company, I have tools at my disposal to source the right data at the right time into a data model that can be used to create an effective business intelligence dashboard. "

W. Hord Tipton, CIO, U.S. Department of the Interior

Q: What are some of the biggest IT challenges you face?

A: " Keeping up with changing technology can be difficult, as well as communicating the need to adapt to our department's culture. A lot of it is really about getting the other employees to understand how important information technology is to their day-to-day operations. Public sector workers are much more resistant to change than their counterparts in the private sector.

Also, as a government agency, we have limited resources and often there are tough choices about which IT systems and technologies are most worth the investment, and which will work together best with our existing architectures.

In recent years, network security has become a big issue as well, as we are beginning to recognize the exponential rate of increasing threats. "

Bill Miller, CTO, XAware

Q: Will a recession be good for open source?

A: " First, let's make an important distinction between usage and revenue. Growth in open source usage may be somewhat "recession proof" as IT organizations look for ways to get things done without spending scarce budget. But growth in open source company revenues is certainly not. No spending means no spending, including no spending on open source-related services. It probably will be a good time for commercial open source companies to get aggressive and pick up market share on a usage basis, planting seeds that will produce revenue growth later. The inherently lower cost structures of open source business models will help these companies weather the storm versus license model competitors, allowing them to focus on growing adoption instead of cutting heads and reducing expenses. "

Clark Kelso, CIO, State of California

Q: What can the public sector teach the private sector about IT?

A: " IT in the public sector has learned a lot from the private sector. But the private sector can also learn from the public sector, where we do IT in a fishbowl. For example, I think that public sector IT has a better grip on its fiduciary responsibility as a custodian of private information. We tend to be more sensitive about observing fair information practices. This certainly can increase the costs associated with data collection and sharing, but public trust is promoted by following these practices. The private sector can be oblivious to these concerns, and that risks a regulatory response. Sometimes, you can do well by doing good. "

Rob Israel, CIO, John C. Lincoln Health Network

Q: What is your overall strategy for data protection and IT policy enforcement?

A: " We use a combination of technology and end users' needs to balance out a program that allows them to continue to do their job while protecting electronic assets. Policies and procedures aren't enough. We have to balance it out so that people can still do their jobs.

We need to find out the end user needs and what their processes are. We build security technology around that so we're meeting in the middle.

We don't want anything too restructured or complicated. If that's the case, end users aren't going to use it. We try to keep our policies as minimal as possible and put technology behind that to make sure they're followed.

We also look at the importance of the data and the confidentiality of that data. I'm not going to cry if the word document that has today's cafeteria menu on it gets into someone's hands. If it's patient data, I'm going to take more stringent steps to protect that data. We'll add more layers of security around that tower, rather than build a moat that surrounds the entire kingdom. "

Stuart Sugarman, Senior Vice President and the CIO for NYU Medical Center

Q: Which will play a bigger role in your IT strategy this year, HIPAA or

A: " For healthcare, HIPAA has arrived, while Sarbanes-Oxley is threatening to arrive. As such, the three HIPAA regulations of privacy, electronic data interchange and security currently impact all facets of our IT strategy.

Although HIPAA security, the most recent component of HIPAA to become effective, drives specific behaviors for how we protect and use Electronic Patient Health Information (EPHI), it is, for the most part a series of best practices for IT security. These best practices culminate in a set of IT security policies and procedures surrounding data authorization and encryption, network security and resiliency, user authentication, virus protection, etc. As you can imagine, there is significant overlap between this and many of the components of Sarbanes-Oxley. In our recent outside audit, this Medical Center was measured against a rudimentary set of Sarbanes-Oxley standards; a more rigorous set of standards than previous audits. To me, this is a strong indication of things to come. So while HIPAA figures more prominently than Sarbanes-Oxley this year, Sarbanes-Oxley will not be far behind. However, if you follow strict HIPAA practices, you will be in good shape for Sarbanes-Oxley. "

Roger Batsel, CIO-VP and managing director of Information Systems, Republic Bank & Trust Co.

Q: What was the biggest challenge in implementing an integrated voice response (IVR) and call center management solution for your organization?

A: " The biggest challenge for an organization like ours is that we tend to grow organically. So, you grow around the technology and the tools you have. You begin to realize that with call center technology, you don't need to have everyone in one area. They can be distributed. They can also contract and expand depending on our needs at any given time.

The challenge is looking at what you do now and rethinking how you design your support organizations. The challenge is shaking off the way of thinking built around old technology and old thinking. It also requires people being open and receptive to change across the organization. Prepping your organization to be open and receptive to change is really the hardest thing. "

Dawn Powers, Vice President, Information Security, Prudential Financial

Q: What are some of the biggest issues you deal with in information security administration, and what are some techniques that have proven especially helpful in securing the company's network?

A: " Prudential Financial has processes in place to continually enhance its security administration. One of the biggest challenges we face is streamlining the administration process. In many cases, a single administration request can generate 50 to 80 transactions within our application suite. We are working to implement Functional Role Basing which provides individuals with the systems access to perform their specific work assignments. These roles enhance the implementation of automated provisioning tools that provide consistency, create efficiencies, improve quality, and enables proactive monitoring, which in turn reduces risk. "

Gary Masada, CIO, ChevronTexaco

Q: What is the single biggest challenge energy companies face from an IT standpoint?

A: " For a large, global organization like ChevronTexaco, IT is not simply a service function; it is a fundamental business enabler. You have to look at integrating technology into every aspect of your business, and that poses significant challenges, particularly in the energy sector. We have to manage the flow of information throughout the company, including managing huge volumes of data coming from remote locations in extreme parts of the globe, typically from highly specialized applications. We also have to stretch beyond the traditional role of IT services to become a partner in our R&D efforts, to create innovative new applications of technology to improve exploration. IT must also manage information flow in a very complex supply chain environment. Last, but certainly not least, we have to ensure we handle data in a way that satisfies complex regulatory requirements. "

Susan Brennan, CIO, Sierra Pacific Power

Q: What is the key to protecting yo