Business

Joseph Geretz, CIO, SRSsoft

Q: What are some of the unique challenges to managing IT within the healthcare industry?

A: " One particular challenge for managing IT within the healthcare industry involves coordination between disparate information processing systems. Doctors are among the most demanding audience of users, insisting on instant access to information which is scattered throughout separate software applications. A solution to this is a hybrid electronic medical record system that is engineered with open path technology providing for maximum extensibility and interoperability. It allows users to directly access external applications and data through one system. "

Peter Walton, Vice President and CIO, Amerada Hess

Q: What do you think of Broadband over Power Lines (BPL)?

A: " We consider ourselves a conservative 'fast follower' of technology, unless there is a possible competitive advantage for us to adopt something early. If we perceive such an advantage with BPL, Amerada Hess would need to be convinced that it is reliable, secure, cost effective and environmentally friendly, and then there would need to be a business case for either switching to BPL or for using it in a new startup location. Additionally, we wonder why a power company would invest in building out their infrastructure when the market is already crowded with DSL, cable and the promise of Wimax to come? Most of our locations are in areas with an overabundance of broadband capability today providing last mile connectivity. I suspect this will likely die in the Gartner 'trough of disillusionment' or sooner on the hype cycle curve. "

Ross Philo, CIO, U.S. Postal Service

Q: The Postal Service has made many product and service advancements that include sophisticated online mailing tools for businesses and automated postal centers. What is the biggest IT challenge to maintaining that online infrastructure?

A: " The biggest challenges to maintaining the U.S. Postal Service's online infrastructure is its size and the ever-increasing number of visitors who go to the USPS Web site to access its many products and services. These are challenges we are more than happy to have. The Postal Service has had an online presence since 1994. Since 1998, we have launched a number of applications to better serve our customers in an electronic environment, and as a result, the USPS Web site has grown between 18% and 22% annually. The IT group manages the increased demand on our infrastructure by analyzing growth-rate trends, infrastructure changes and planned events such as ad campaigns and so on. The analysis provides us with the information we need to adjust capacity on a continuous basis and make necessary changes to avoid disruption of service. We have utilized the trend analysis process since 2003 to estimate our growth each year, and we have met the peak demand of our customers. Maintaining performance and staying ahead of demand are key to our online presence. "

Jack Nelson, Senior Vice President and CIO of Mount Sinai Medical Center

Q: What is the most interesting project you're currently working on?

A: " The implementation of McKesson's Horizon Surgical Manager system is he most interesting project we are working on this year. It will provide tangible benefits to a wide range of our constituents and improve the efficiency of many operational areas. Surgeons will benefit from the streamlined surgical scheduling process including the ability to view future schedules and request operating room time via the Internet. The availability of real-time patient tracking information will enhance communication between the operating room staff and the surgeons and will allow patient's families to be continuously updated as to where their loved ones are in the surgical process.

Nursing staff in the operating room will be able to efficiently generate all of the required clinical documentation via online data capture. And, the operating room management team will have data analysis tools in hand to quickly and effectively respond to the ever changing demands of a complex environment and to make data driven decisions for future planning.

The hospital's bottom line will be improved by automating the capture and transmission of operating room supply and time charges to our patient accounting system and by reducing supply chain costs through the implementation of perpetual inventory in the operating rooms. "

Eric Goldfarb, CIO, BearingPoint

Q: Hiring and retaining skilled professionals remains a challenge for CIOs. How are you meeting that challenge?

A: " I would agree that hiring and retaining is one of several burning issues facing CIOs today. In order to meet that challenge, we invest in our people. We also create a very collaborative organization, meaning we encourage people to mentor and learn from each other. We try to make our company an employer of choice, so we value diversity. Ultimately, at the end of the day, we try to create an environment within the IT organization where an employee can't think of a better place to work. In order to do that, you need to focus on training and development, compensation, benefits and the whole work-life balance. We do a class for employees at Yale: a one-week session that we provide for people to help them improve management skills and leadership skills. I do send people on my team to it, and it's a big deal. You want to make sure you are competitive with the marketplace. You want to create career paths and reward your best employees. "

Will Weider, CIO, Ministry Health Care and Affinity Health System

Q: What are the main reasons IT projects fail?

A: " Unfortunately, I have had many opportunities to collect this data. It is a frequent topic on my blog. Reasons include incomplete technical analysis, poor vendor performance, bad process re-design and lack of a capable business champion. But the primary reason for project failure is poor planning. Every project should have a detailed plan that identifies the tasks, task relationships and the resources required. Whenever someone comes to me with a high-level plan in a spreadsheet, I know the length of the project will double when a real plan is completed. A poor understanding of the project's expected benefits is another form of poor planning. I believe projects that don't clearly define business benefits are failures before they start. "

Larry Moran, Executive Vice President - Chief Information Officer, CommonHealth

Q: What are some of the unique challenges to managing IT within an ad agency?

A: " The unique thing about advertising agency technology is that sometimes it enables the work, while at other times it is the work. We need to balance delivery of core technology services to our traditional agencies with support for our digital agency that does Web development and digital video production. Along the way, we are also a service department within a service business. We need to ensure that our business users have the tools they need to make their clients happy and that CommonHealth has the tools it needs to stay profitable and efficient while they do it. If we do our job properly, we can influence how our agency delivers work today, and what form the work will take in the future. "

Craig Bickel, CIO, Lawson Software

Q: What is the biggest challenge to overseeing the IT issues for a global organization?

A: " Perhaps the key IT challenge in a global organization is managing the tension between running the business while providing the foundation for new business models. As companies globalize functions and processes, moving to shared services environments and standardizing processes and service delivery globally, the IT function must provide common, integrated services to support the organization. While this transformation is happening, the IT organization also has to support legacy environments and operations, which can consume more than half of available resources. This often feels like changing the wings of a fully-loaded cargo plane in midflight. Success hinges on management commitment and involvement, flexible staffing and funding models, and a committed and motivated organization. Difficult? Yes. But it must be met if global companies are going to realize the benefits of scale and scope that their size should provide. "

Bob Green, CIO and CPA.CITP, insync Information Management, LLC

Q: Is regulatory compliance still a major issue for CIOs?

A: " It's absolutely a disaster right now. Companies are trying to deal with records management in order to get the information in the hands of people who need it most and also remain in compliance with things required by law. There are other regulatory pressures beyond Sarbanes-Oxley and HIPAA. Email security and archival destruction procedures as well as the Federal Rules of Civil Procedure, which calls for availability of information for a litigation matter, are also a factor. It's all-encompassing. The concept of information and records management gets more pervasive every day with the use of email and Blackberrys. That's really hard to do. Information management isn't just about the CIO job. It's a bigger issue than IT. It's what is important to Finance and to the executive branch as well and should involve both the CFO and the CEO. It is their fiduciary responsibility to protect their assets. "

Tim Toews, CIO, Office Depot

Q: What challenges do CIOs at global organizations face this year?

A: " CIOs at large, global companies like Office Depot will be facing a number of challenges over the next few years. But with those challenges come a number of opportunities for positive change and growth. The top challenges that I see CIOs having to conquer are alignment to business and speed to market with IT solutions; delivering IT solutions at an appropriate cost and that we consistently meet our expected ROI; understanding the importance of security and of course compliance; motivating associates and offering them opportunities to develop their skill sets and work with new and innovative software; globalization; complexity of systems; and stability, where IT needs to be dependable and deliver stable and available platforms. "

Greg Buoncontri, CIO, Pitney Bowes

Q: How do you manage IT priorities in a weak economy?

A: " It's about alignment and governance and setting priorities. For the most part, IT organizations have been efficient with their spending, but deciding which investments should get precedence over others and how you govern and stay aligned with your business partners can be a challenge. There's always more demand for IT services than there is man power or financial capacity to fulfill it. That's the reality of the IT industry, whether you are in flush times or lean times. We try to balance the company's priorities. You are constantly juggling. All the constituencies can't be served. There's internal governance which consists of trying to get business cases built for IT investments. Your workforce isn't fungible. If your priority has been sales force automation systems for three years, and the next two years the priority is the supply chain, it's not easy to shift the resources into that other discipline. The skills may be different; the technology is different. It's hard to deal with these very steep, cyclical changes. You wind up training, hiring and looking to third party providers to assist you. There has to be a good governance mechanism, and you need to communicate to key stakeholders outside of IT so they understand the way decisions have been made and the way priorities have been set. If priorities are well understood by the company, they get it. If you don't have alignment in the organization around priorities, there are going to be groups who feel they are not being supported which leads to dysfunctional behavior and IT becomes a block. "

Martin Trzaskalik, CIO, cleverbridge

Q: How are you dealing with the current spam and security threats within your organization, such as botnets, phishing, spoofing, spyware and the like?

A: " Cleverbridge employs two strategies to protect both its internal office environment and its service platform from attacks. First, we have securely configured our infrastructure, making sure that all of our systems are hardened, all the latest available patches and up-to-date anti-malware tools have been run or installed, and we only grant access rights that are absolutely necessary. Equally important, or perhaps more so, is our second strategy: user education. Phishing attacks initially were successful because they hit an unprepared and uneducated audience. This is essentially true for every emerging threat. Ensuring that the technical staff, as well as all company employees, is familiar with new threats is a key to successfully thwarting attacks. It's about being proactive versus reactive. "

Ken Fell, CIO and Vice President of Information Technology, New York Independent System Operator

Q: Is NERC making energy IT better?

A: " No. The only thing NERC is doing is putting security standards on us. We have lots of agencies that give us security standards and none of them are quite the same. That costs me something. It becomes a resource issue. We don't have any issue with the standards. We're trying to figure out how to provide the documentation required. How do I stay compliant with all of them and still maintain a budget and level of resources to be able to do it?

Security is a big deal, but that doesn't necessarily make me better at what I do. That's a critical component, but does it help me be more efficient and have a quality product? That's not even in the game. "

Matt Ebaugh, VP- CIO, Silvercross Hospital

Q: There is often a big challenge in adoption of electronic medical records (EMR) technology among physicians. What is at the heart of this issue?

A: " There are three reasons why physicians are reluctant. There's the price versus benefit issue. Physicians want to know what the value equation is. The second is about changing the process of how they have been practicing medicine. Physicians who've gone through their residency with EMR are more likely to accommodate the adoption of EMR. The third reason is a little more controversial, and it's the unspoken one. It is the fear of privacy concerns and data sharing. There is unfortunately a great ignorance on all our parts on what the Health Insurance Portability and Accountability Act (HIPAA) is and is not. Banking solved the problem by putting in the Federal Deposit Insurance Company (FDIC). The federal government needs to drive that fear out of the medical community. The fear is real. Having gone through governance structure with physicians, I can tell you it's real. The great irony is that the old processes are much more non-private and insecure today. "

Mark Zielazinski, CIO, El Camino Hospital in Mountain View, Calif.

Q: Is the electronic health records (EHR) approach the Holy Grail in healthcare IT?

A: " I think it is. It's what everybody has been talking about, and I've been in health care since 1980. Here at El Camino Hospital, we've had physician order entry and results reporting since 1971, and all our pharmacy orders are done electronically, with no transcription. Although we've done some interesting things, I'd say we're still fairly far away from electronic records. I think the technical problems are easily resolved, but it's impossible to achieve because of security requirements. A national identifier for patients is a sociopolitical issue.  "

Steve Lapekas, CIO, Pegasus Solutions Inc.

Q: Which skill set is hard to find in an IT employee?

A: " In my role at Pegasus Solutions, I've found the most important yet hardest skill to find in an IT employee is advanced problem-solving skills. In our industry, we offer and work with technology to simplify tasks and business processes for hotels, travel distributors and travel agencies, which are brought together through an underlying complexity. An employee should one, understand the end-to-end process; two, isolate problems; and three, resolve issues in a dynamic environment. Our company is the global leader in providing reservations, distribution and commission processing technology. With a global presence, eager competitors, and so many products and services, it's key we find the right talent to not only "get it," but also continue to make it the best. "

William Gruszka, CIO, Southern Polytechnic State University

Q: Are there unique challenges for you in overseeing IT at a university that specializes in science and technology?

A: " There certainly are unique challenges. The primary challenge is managing user expectations, and it manifests itself in two different ways. The first is that at SPSU we use technology to teach technology. That creates an environment where the technology has to work. At more traditional universities, if the technology does not work, the professor can fall back to another method of teaching. At SPSU we have "hands on" technology in many of our classes and labs. If the technology does not work, the class cannot go on. The other challenge of user expectations is that as a science and technology university, we are expected to have the latest and greatest of technology at all times. Further, we have a high concentration of faculty who are very technologically savvy, which tends to magnify the situation. With the economic challenges facing all of us in higher education, meeting these lofty expectations is a continual struggle. We are forced to take a creative approach to investing in technology, while providing all of the services that our faculty and students need and hopefully most of the services they want. "

Jeff Huegel, Chief Security Officer, USi

Q: How do new regulations and laws concerning electronic document retention impact your organization?

A: " Organizations, ours included, are faced with conflicting requirements in the area of document retention. In the balance are laws and regulations that increase requirements for document retention vis-à-vis costs of storage, costs of security, and increased administration. In addition, companies need to be concerned about aspects of liability and discovery of long-term record retention. To strike the proper balance, we review and accommodate legislated requirements and develop or modify our company policies to meet the regulations in the most cost-effective manner. Then, the important element is consistency of policy enforcement. To manage liability and discovery risks, policies must be effectively and consistently implemented. Compliance with published policies is key to all aspects of effectively managing document retention requirements. "

Bernard F. "Bud" Mathaisel, Senior VP and CIO, Achievo Corporation

Q: What is the biggest challenge for you as a CIO in integrating analytics within your organization?

A: " Data sourcing is my primary concern. Even the most capable analytics engines will produce meaningless analytics if the source data are wrong. Achievo has three major sources of operations information: our enterprise resource package, which contains the transactions and financial audit trail for the outsourcing work we do; our customer relationship management system; and our project management system, which contains workflow and details about how we execute to client engagements, most importantly those that involve onshore and offshore coordination.

The challenge is to pick the data elements out of each of these systems that are relevant to a particular set of analytics. We must further ensure that these elements are properly posted into our data model and that they accurately reflect the situation under analysis. If we want to know revenue and profitability for a specific set of customers that have come to us through our prior work and relationship with those clients, we are going to need access to all three of the source systems. Management must ensure that the data are accurate and reflect a view of the information that is relevant to the analysis, such as in the last six months, for example.

Because these are the capabilities that we sell outside the company, I have tools at my disposal to source the right data at the right time into a data model that can be used to create an effective business intelligence dashboard. "

W. Hord Tipton, CIO, U.S. Department of the Interior

Q: What are some of the biggest IT challenges you face?

A: " Keeping up with changing technology can be difficult, as well as communicating the need to adapt to our department's culture. A lot of it is really about getting the other employees to understand how important information technology is to their day-to-day operations. Public sector workers are much more resistant to change than their counterparts in the private sector.

Also, as a government agency, we have limited resources and often there are tough choices about which IT systems and technologies are most worth the investment, and which will work together best with our existing architectures.

In recent years, network security has become a big issue as well, as we are beginning to recognize the exponential rate of increasing threats. "

Bill Miller, CTO, XAware

Q: Will a recession be good for open source?

A: " First, let's make an important distinction between usage and revenue. Growth in open source usage may be somewhat "recession proof" as IT organizations look for ways to get things done without spending scarce budget. But growth in open source company revenues is certainly not. No spending means no spending, including no spending on open source-related services. It probably will be a good time for commercial open source companies to get aggressive and pick up market share on a usage basis, planting seeds that will produce revenue growth later. The inherently lower cost structures of open source business models will help these companies weather the storm versus license model competitors, allowing them to focus on growing adoption instead of cutting heads and reducing expenses. "

Clark Kelso, CIO, State of California

Q: What can the public sector teach the private sector about IT?

A: " IT in the public sector has learned a lot from the private sector. But the private sector can also learn from the public sector, where we do IT in a fishbowl. For example, I think that public sector IT has a better grip on its fiduciary responsibility as a custodian of private information. We tend to be more sensitive about observing fair information practices. This certainly can increase the costs associated with data collection and sharing, but public trust is promoted by following these practices. The private sector can be oblivious to these concerns, and that risks a regulatory response. Sometimes, you can do well by doing good. "

Rob Israel, CIO, John C. Lincoln Health Network

Q: What is your overall strategy for data protection and IT policy enforcement?

A: " We use a combination of technology and end users' needs to balance out a program that allows them to continue to do their job while protecting electronic assets. Policies and procedures aren't enough. We have to balance it out so that people can still do their jobs.

We need to find out the end user needs and what their processes are. We build security technology around that so we're meeting in the middle.

We don't want anything too restructured or complicated. If that's the case, end users aren't going to use it. We try to keep our policies as minimal as possible and put technology behind that to make sure they're followed.

We also look at the importance of the data and the confidentiality of that data. I'm not going to cry if the word document that has today's cafeteria menu on it gets into someone's hands. If it's patient data, I'm going to take more stringent steps to protect that data. We'll add more layers of security around that tower, rather than build a moat that surrounds the entire kingdom. "

Stuart Sugarman, Senior Vice President and the CIO for NYU Medical Center

Q: Which will play a bigger role in your IT strategy this year, HIPAA or

A: " For healthcare, HIPAA has arrived, while Sarbanes-Oxley is threatening to arrive. As such, the three HIPAA regulations of privacy, electronic data interchange and security currently impact all facets of our IT strategy.

Although HIPAA security, the most recent component of HIPAA to become effective, drives specific behaviors for how we protect and use Electronic Patient Health Information (EPHI), it is, for the most part a series of best practices for IT security. These best practices culminate in a set of IT security policies and procedures surrounding data authorization and encryption, network security and resiliency, user authentication, virus protection, etc. As you can imagine, there is significant overlap between this and many of the components of Sarbanes-Oxley. In our recent outside audit, this Medical Center was measured against a rudimentary set of Sarbanes-Oxley standards; a more rigorous set of standards than previous audits. To me, this is a strong indication of things to come. So while HIPAA figures more prominently than Sarbanes-Oxley this year, Sarbanes-Oxley will not be far behind. However, if you follow strict HIPAA practices, you will be in good shape for Sarbanes-Oxley. "

Roger Batsel, CIO-VP and managing director of Information Systems, Republic Bank & Trust Co.

Q: What was the biggest challenge in implementing an integrated voice response (IVR) and call center management solution for your organization?

A: " The biggest challenge for an organization like ours is that we tend to grow organically. So, you grow around the technology and the tools you have. You begin to realize that with call center technology, you don't need to have everyone in one area. They can be distributed. They can also contract and expand depending on our needs at any given time.

The challenge is looking at what you do now and rethinking how you design your support organizations. The challenge is shaking off the way of thinking built around old technology and old thinking. It also requires people being open and receptive to change across the organization. Prepping your organization to be open and receptive to change is really the hardest thing. "

Dawn Powers, Vice President, Information Security, Prudential Financial

Q: What are some of the biggest issues you deal with in information security administration, and what are some techniques that have proven especially helpful in securing the company's network?

A: " Prudential Financial has processes in place to continually enhance its security administration. One of the biggest challenges we face is streamlining the administration process. In many cases, a single administration request can generate 50 to 80 transactions within our application suite. We are working to implement Functional Role Basing which provides individuals with the systems access to perform their specific work assignments. These roles enhance the implementation of automated provisioning tools that provide consistency, create efficiencies, improve quality, and enables proactive monitoring, which in turn reduces risk. "

Gary Masada, CIO, ChevronTexaco

Q: What is the single biggest challenge energy companies face from an IT standpoint?

A: " For a large, global organization like ChevronTexaco, IT is not simply a service function; it is a fundamental business enabler. You have to look at integrating technology into every aspect of your business, and that poses significant challenges, particularly in the energy sector. We have to manage the flow of information throughout the company, including managing huge volumes of data coming from remote locations in extreme parts of the globe, typically from highly specialized applications. We also have to stretch beyond the traditional role of IT services to become a partner in our R&D efforts, to create innovative new applications of technology to improve exploration. IT must also manage information flow in a very complex supply chain environment. Last, but certainly not least, we have to ensure we handle data in a way that satisfies complex regulatory requirements. "

Susan Brennan, CIO, Sierra Pacific Power

Q: What is the key to protecting your system?

A: " Good planning is essential. We also make sure our protocols are in place and tested, both internally and externally. "

Jim Dillon, CIO, New York State

Q: Can the public and private sectors work together to achieve better IT? How?

A: " With a clear understanding of each other's goals, the public and private sectors can work well together. New York State is the size of a Fortune 10 company but we don't always act like one. The public and private sectors have different goals - corporations to earn profits for shareholders and government to deliver constitutional or statutory services to citizens - but we can often achieve them with similar strategies. We can learn from large corporations who have consolidated and standardized business processes across multiple business units to achieve greater efficiencies and savings. We have taken steps in this regard but more still can be done. In addition, vendors need to be aware of our statewide strategies and goals for enterprise architecture. Vendors who are selling products and services contrary to our strategic plans are not helpful to us. But working "together" I believe we can achieve better IT. "

Paul Schieb, CIO, Children's Hospital Boston

Q: What are some of the biggest information security issues you're dealing with today?

A: " We are working to protect the desktops from viruses and spyware, but there's also a lot of focus on account management and identity management. Since we're a teaching hospital, we have many physicians coming and going, and we need to be able to manage their accounts as they come and go. We're doing a lot of identity and account provisioning, and automating the account provisioning process so that a manager can simply enter the request and the accounts are automatically created. We're also working on a single sign-on initiative, so that a physician can enter their credentials once and get access to everything they need. Because we have so many people sharing machines and the systems are so integral to patient care, there are a lot of issues in automating it and making sure it's secure. "

Brian Furumasu, CIO, Bonneville Power Administration

Q: What are the coming IT threats that you're preparing for right now?

A: " Security is always a threat we have to be vigilant about. I see across the industry the downward pressure to lower costs and deliver all of what a company needs. It's not as much of a threat, but a challenge for us. I am going through a consolidation across IT at Bonneville. We're looking at what we can do differently, do it at a lower cost, and meet the needs of the business and mission of the agency. The most frequently asked question of a CIO is, 'Why does this cost so much?' We're looking at a 25% [budget] decrease over the next two years while still providing and maintaining the same high level of service. I need to be able to provide the same or better services at lower cost. "

Lisa Schlosser, CIO, Department of Housing and Urban Development

Q: Is IT playing a big enough role in supporting major government programs?

A: " Government overall has done a really good job in the past four years at improving and focusing on the use of IT and supporting major programs. Citizens can go to the government Web site Benefits and get access to most services the federal government offers -- and in many cases, the services the state and local governments offer online. We're also looking at ways to eliminate redundant systems, to save costs in the way technology is used, and to increase efficiency. "

Jeff Scime, VP-Operations, SEMDirector

Q: How does your organization use instant messaging (IM) products?

A: " We are a distributed software organization, with six different offices in the U.S. and Latin America. Instant messaging is widely used within our organization, both for internal and limited external communication. We are heavy users of IM and like the productivity and nature of the communication it provides.

We use it to coordinate our communication with customers. We often find that when we have multiple people on conference calls with customers, IM products allow us to ensure that we are able to coordinate our communications in real time. We can use IM technologies to discuss ways to present information to external parties while the calls are taking place.

In addition, we use it internally. We have an open office environment and many of our technical staff and our services staff use IM to discuss online without contributing additional background noise to an already noisy office. We also use IM for remote communications. We use several different IM technologies to exchange documents, links and communication with our remote offices. Our employees have articulated that they like the flexibility of IM technologies to help them formulate thoughts, exchange information in real time outside of email, and keep the trail of communications that show the evolution of the discussion in a way that email products do not support. "

Kamal Bherwani, CIO, New York City Department of Health and Mental Hygiene

Q: You are the CIO for three New York City government agencies. What is the biggest challenge for you and the IT team in terms of that breadth of IT responsibility?

A: " The biggest challenge for me has been to create a model of sustainable IT staffing. While private markets are quite adept at adjusting budgets up and down dynamically, the pace at which this can be done in government is limited. The solution is to create a compelling IT work environment, using the latest technologies. This creates a career path where technology workers learn and grow quickly alongside technology service contractors during the build phase of a project. This allows hands-on learning and has allowed the maintenance of systems to be brought in-house. The turnover rate at all three agencies has turned out to be lower than industry standards. IT professionals who want to do good and have fun have been able to grow professionally, while turning a lower than private-sector salary into a self-investment. "

Stephen Michaele, VP-CIO, Direct Marketing Association

Q: Are there IT challenges that are unique to a trade association?

A: " We have many different constituencies we need to support across lines of businesses. We need systems in place that will do things like track complex information and allow our members to find that information. We are creating systems to help us track user interest and interactions that inform how we can help them, what information they need and how we can get that information to them. We have a database that we've built to track those interests. We use various technologies, including Web technology, database technology and CRM technology.

Budgets are tighter in the non-profit arena, so managing IT and prioritizing is very important. It's a continuum. We're not where we want to be; I don't think anyone is. We support a diverse set of businesses including an educational business as well as a foundation. We've got a research arm, as well. Our individual councils are special interest groups that need a way to share information. They have their own Web pages for sharing information. We built the infrastructure that supports that. We're now looking into supporting blogs and social networking software. "

Gayle Vernon Simkin, CIO, Catholic Healthcare West

Q: What is the most interesting project you're working on these days?

A: " A project that is not just interesting but also fundamental to our core operations is the CareConnect project. The physician-led CareConnect project, also known as the Enterprise Clinical Information System (ECIS), has a goal to directly and dramatically enhance our ability to provide high quality patient care by providing clinicians with ready access to clinical data and effective decision support tools.

The pilot of this project included: a clinical repository to collect data from multiple sources such as laboratory, transcription, pharmacy and clinical documentation; electronic medical record "organizer" for clinicians; a clinical logic engine to process clinical events and trigger "alerts" to physicians regarding care decisions; and remote access for physicians to access the clinical information from their offices or homes through a secure Internet connection.

The program design is now being augmented with Computer Physician Order entry as well as automation in the area of Pharmacy, Emergency Department and Intensive Care. "

David J. Farrer, VP-product development, Apangea Learning Inc.

Q: What is the biggest challenge in making your IT organization more business responsive?

A: " There are several equally important challenges. First, finding and developing qualified personnel are persistent concerns. We have streamlined our interviewing processes and created a mentoring program to address this issue.

Second, communication across functional groups is a challenge in any organization. Implementing a prioritization protocol for business requests has reduced communication overhead and therefore made our organization more responsive.

Finally, the Software as a Service concept is still relatively immature. The result of this is inconsistencies between customer expectations and the service level agreements that an application can realistically achieve. Managing the customers' expectations during the sales cycle and implementing a robust customer service program after the sale have helped alleviate the inconsistency. "

Joe Oesterling, CIO, Cbeyond

Q: How are you currently handling regulatory requirements?

A: " We are moving into what I'll call Year Two or Year Three of living in the regulatory environment. It is now about orienting yourself and your team to the fact that this is a part of life.

Regulatory compliance is not an IT project where you complete it and move on. It has become part of embedding that into our IT management process. That's been a focus area of mine and for a lot of my peers. It's one of the things that to realize true benefits, you have to embed it in the organization. It's easy to do it the first time; the real trick is to embed it for the long term. "

Ed Bell, CIO, ING Direct

Q: As a financial services company, what is your biggest obstacle to better information security?

A: " I'd address it from three perspectives knowing the demands for more and more data by clients -- both internal and external -- is furthering the challenge.

The first is the security of the infrastructure. A lot of dimensions can be addressed around the infrastructure security, firewalls, user permissions, global and local network coverage. The second area would be around the applications and the consistency provided for data access. Specifically, a data architecture that is comprised of information quality with proactive data profiling, common extract formats, common business terminology that relates to specific data elements and always leverages the information hub for real-time or batch access are key. The opposite of that is having redundant copies of data interpreted in various fashions for a multitude of reasons -- not very indicative of a simplified or efficient environment.

The final is risk management and its oversight to ensure tighter control of the data. Classification of the data, education and awareness of the classifications, accountability by the business for their data and ensuring appropriate user access, management oversight on uses of removable storage devices (USB drives and CDs) and constant evaluation that nothing is getting ignored are becoming more important every day. "

Rich McNeil, CIO, Boston Software Systems

Q: As a company that provides hospitals with workflow automation software, what should hospitals consider when evaluating these technologies?

A: " Whenever you introduce one piece of technology, the whole technology fabric of the organization is affected. You'll want to ensure the least amount of disruption to your existing systems and processes. Script development tools allow you to choose the tasks you want to automate without bringing in consultants or vendors.

Match business requirements to functionality. Look for a technology you can use in many different departments, with a variety of applications and systems that will scale to allow automation of simple tasks or complex processes. Interoperability is critical in developing the processes that support major technology initiatives. Interoperability allows you to knit together the applications and systems you're already using and maintain the integrity of your technology fabric. "

Tony Young, CIO, Informatica

Q: Is Sarbanes-Oxley making IT better or worse?

A: " It depends on the IT shop you are in. If you are in a shop that has really strong processes and procedures, it shouldn't have been a significant change to how you do business. I think a lot of what Sarbanes-Oxley is doing is reinforcing good practices in your IT organization. Where some shops have found it to be extremely onerous is that they may not have been very strong in process and procedure to begin with.

We do have good processes and procedures in place, but what also really helped us was that the people on our team that implemented it did an outstanding job. The overhead and additional rigor around the initial implementation was material to our organization, but since then we've worked with our auditors and continued to refine our approach and it's worked for everybody. It's become much more manageable within the organization. "

Dave Leonard, Chief Technology Officer, Infocrossing

Q: How is your company instituting standardization practices across its national network for five data centers?

A: " We've adopted a "best of breed" model which enables us to select the best tools for each data center process. After reviewing existing software licenses and processes across the five data centers, we picked the best products and integrated them into our proprietary "light" management framework throughout all the data centers.

Leveraging our own management framework enabled us to automate on the tool level and write scripts at the point level, instead of the management infrastructure level. Standardization reduces complexity, uncertainty and mistakes by enabling automation of routine tasks and driving consistency into the remaining manual tasks. "

Raj Croager, CIO, FASTSIGNS International, Inc.

Q: How does your organization support its different units that have desktop support issues?

A: " With 500-plus franchisee units in the U.S. and around the world, we've discovered the key to efficiently handling desktop support is being able to see the issue in real-time and solve it, regardless of the franchisee's location. Expecting end-users to fix IT issues themselves is time consuming and frustrating for all involved. To overcome this, we use a remote support tool from NTRglobal called NTRsupport that allows our technicians to either share or take control of their desktop in order to fix their IT issues, thereby reducing the time and cost required to support our franchisees. "

Michael Spears, CIO and Chief Data Officer, National Council on Compensation Insurance, Inc.

Q: What is your strategy of protecting the security of data?

A: " Managing the nation's largest database of workers compensation insurance information is a commitment that NCCI takes very seriously. Information security is a top priority for us. Our strategy is multi-pronged. From an IT perspective, we stay up to date with the latest security technology such as firewalls, network security, vulnerability tests, penetration tests, application scans of Web-based code, laptop data encryption, password reset strategies and so on.

However, this is not enough. We also focus on the human side of security and closely monitor social engineering trends to guard against anyone gaining access to data they shouldn't have. Finally, we voluntarily submit ourselves to rigorous auditing by both in-house and outside parties to ensure we don't have any loopholes in our strategy. "

David Barley, Chief Technology Officer, Casdex, Inc.

Q: What is your biggest IT challenge?

A: " As a digital archive firm that caters largely to small and mid-sized businesses, our main IT focus at Casdex is storage management. With multiple data centers located in various geographical locations, it's always a challenge to ensure that we keep up-to-speed with our timelines and space availability on our servers for our clients. Without doing so, we would lose our competitive edge. "

Larry Lotenero, CIO, University of California, San Francisco, Medical Center

Q: Which will play a bigger role in your IT strategy this year, HIPAA or Sarbanes-Oxley?

A: " For us, it's HIPAA, but our security efforts extend well beyond that into the use of outpatient information and research. Throughout our organization, we make sure the capture and use of data is handled in a way that keeps the data secure, appropriate, and handled accordingly. Our work here is very much push and pull: In a research environment, we need to have information available to other scientists and medical centers, for research and collaboration purposes. But we also need to keep our system very secure. This presents quite a few challenges. "

David Wennergren, CIO, Department of the Navy

Q: Can the public and private sectors work together to achieve better IT?

A: " The strategic partnership between government and industry is absolutely crucial and the places where things work the best are where government and industry work together. The success of the Navy/Marine Corps intranet comes from a performance-based contract where we tell our private-sector partners the results we want to achieve and give incentive payments if they are able to exceed our expectations. The idea of performance-based contracting is powerful, and it brings together government and industry as strategic partners. We take advantage of all the great talents and intellects out there to help us get the mission of the Navy/Marine Corps done. "

Ken Orgeron, CIO, Gardere Wynne Sewell LLP

Q: How does the possibility of natural disasters impact your organizational disaster recovery and business continuity plans?

A: " The possibility of natural disasters is a key focus when designing a Business Continuity/Disaster Recovery Plan. Each part of the plan must be approached differently. The BC Plan focuses on long-term recovery, where the DR Plan will focus on the short-term impact immediately after the natural disaster.

We have offices in Dallas, Houston, Austin, and Mexico City. The threat of a hurricane in Houston triggers the activation of both plans, allowing the office time to prepare. However, if a tornado hit Dallas there might be little time to enact the DR Plan before disaster struck. We would have to rely heavily our detailed BC Plan as destruction could be extensive.

Given this scenario Gardere has developed, and is continuously refining, the BC/DR plan to insure minimal interruption in the services we provide our clients. "

Nicole Spelhaug, Chief of Product Development, Mayo Clinic

Q: What is the most interesting project you are working on?

A: " We're evolving an integration strategy between claims, pharmacy, and lab data with the kind of information tools that we provide to help people manage their health. So as areas of need are identified through a health risk assessment, we can integrate that with health management resources that we provide and the claims data that another partner of ours might supply. We're offering interactive programs and tools to help Fortune 500 companies give their employees resources that help them reduce their healthcare costs through the interventions our site provides. "

James McDonnell, Vice President and Chief Information & Security Officer for USEC, Inc.

Q: What are the IT challenges that power companies face this year?

A: " First and foremost is the continued integration of business systems and operational systems as companies migrate from proprietary control systems to commercial off-the-shelf systems. You have to set up an entirely different controls regime, to make sure you're allowing people to do their jobs but segmenting information that is extremely critical. You also have to start segmenting the network and data processing systems internally with much more care. "

Scott Thompson, Executive Vice President of Technology Solutions for Inovant, a Visa Solutions Company

Q: How is data storage essential to an always-on business environment?

A: " Merchants and cardholders increasingly demand more information with each transaction. Understanding the sensitivity of this data, we have implemented a robust security infrastructure at both the physical and logical levels to prevent unauthorized access to this information. Our job is to make transaction data available to our members in a way that maintains the integrity of the payment system. The Member bank can access the cardholders' transactions by card number and determine in real-time what the transaction was and where it occurred. "

Tim Lemieux, CIO/ Vice President of Information Services, Ratner Companies

Q: What is the biggest challenge for you as a CIO managing IT in the retail environment?

A: " Providing effective systems in the highly distributed landscape of a retail environment creates the greatest challenge. Ratner Companies owns and operates nearly 1,000 hair salons on the East Coast, in the Midwest and in the United Kingdom. We are currently implementing a new system to manage the customer flow in all of our salons. Training all of our locations to use it consistently is a challenge [as well].

Because of the magnitude of this change, we are providing classroom-style training to support this effort. As we enhance the system in the future, it will no longer be cost-effective for us to provide this type of support, so we will look to Web-based learning tools to help solve this problem and hopefully generate a widespread understanding of the system throughout all of our salon locations. "

Martin Davis, Executive Vice President and Corporate CIO, Wachovia

Q: How will ongoing Sarbanes-Oxley requirements impact your organization going forward?

A: " In addition to the quarterly attestations, Sarbanes-Oxley and Wachovia's CIO groups are more closely aligned with other risk management activities. This has prompted a thorough review of key IT controls throughout the company. "

Basil Maloney, CIO, PresenceID

Q: What is the most effective way to get users in your organization to comply with new regulatory standards?

A: " The most effective way to make sure employees comply with new regulatory standards is through a combination of training and deployment of IT systems that help them comply. Training is critical to making sure employees know what regulations mean in relation to how they perform their jobs. Things like not emailing sensitive information to unauthorized people, not sharing passwords, and many other security and privacy procedures. Equally important is improving IT systems to ensure compliance by synchronizing security throughout the enterprise, not just the perimeter. Using rights-based provisioning of users and content combined with virtual desktops that only allow access to what they are authorized, and not entire directories they can explore, keeps employees, temps and consultants in line. "

Walter Milligan, Chief Information Officer, Michigan Technological University

Q: How is your organization using collaboration tools?

A: " The use of collaboration is in its infancy here. Purchasing decisions are very distributed. The coordination issue with any new software initiative is something we're struggling with right now. For example, we have recruiters out in the field who are not in our home town making visits to high schools. They need to share documents with each other. Doing so with collaboration tools is much more efficient that sending around Microsoft Word documents.

We're very interested in these products, but right now we haven't identified a primary product. I would conservatively estimate there are at least three different competing collaboration products already in use at Michigan Tech. Since it's grown organically, and people have chosen products they're comfortable with, there may be problems down the road. We're assembling a committee of constituents to see what's already in use on campus and what benefits we could leverage by getting more people involved with these tools, and then decide whether to standardize with one particular package or vendor. "

Don Kosak, CTO, Lycos

Q: You've led the integration of Lycos' acquired technologies for sites including Tripod, Angelfire, Matchmaker and Quote. What is the biggest IT challenge when it comes to integration?

A: " The biggest challenge was selecting a common platform for Lycos's key systems. These systems weren't small "department" servers -- they were customer-facing applications with millions of daily users from all over the world. As much as Web 2.0 and software-as-a-service promise platform independence, there are critical IT functions such as customer registrations, billing and reporting, that can become unmanageable if not consolidated. The up-front costs can be hard to justify; however, the long-term savings in maintenance, increased business agility, and streamlined compliance more than pays for the effort in the long run. "

Greg Valdez, CIO, BMC Software

Q: What is the greatest barrier to IT compliance?

A: " The biggest hindrance to IT compliance is a lack of focus on processes. All IT shops are working to achieve the effectiveness of the best shops which on average are five times more productive and run 25% cheaper. Obtaining this efficiency requires a strong focus on process management, especially in change and configuration management. If the right people, skills and processes are in place, compliance is essentially free. Compliance is but another set of metrics on processes. "

Mahesh Bhavana, CIO, Junosource Processing Inc.

Q: How do you ensure the security of stored data?

A: " When you work in an industry where compliance takes center stage, data security is of the utmost importance. As a technology-enabled loan packaging business, Junosource is constantly implementing innovative security measures to ensure our customers' sensitive information is protected. Our biggest challenge is to comply with the extremely strict requirements imposed by our business partners without sacrificing the cost effective solutions our clients have come to expect from us. In addition to utilizing role-based access and authentication, access to data servers is protected by VPN/Firewall, and our Web portal is secured by 256-bit Secure Socket Layer Certificates. With existing measures in constant review, we worry about security so our clients don't have to. "

Kelly Stephen, Chief Technology Officer, WebVisible, Inc.

Q: As a company that specializes in leading-edge technology, what are some of the biggest internal technological challenges you face as its CIO?

A: " We face a number of internal technological challenges in providing leading-edge technology to our customers. Number one is ensuring that all of our various platforms and products are integrated together seamlessly, especially from a customer's perspective, even if behind the scenes they may be completely separate products and platforms. Second would be remaining flexible in order to continue to improve our technology to incorporate the wide range of emerging technologies and ideas that we may not have known about before. And finally, we need to always balance our desire to be innovative and build products that drive our technology roadmap while continuing to meet the needs of our existing customers and new prospects. "

Rick Brouwer, Vice President of Information Services, Total Logistic Control

Q: Which skill set is most important and hardest to find among IT employees?

A: " At Total Logistic Control, we are finding it increasingly difficult to recruit employees with that rare but necessary combination of business and operational skills, combined with technical skills. When looking to deploy best-of-breed supply chain applications, like warehouse management or transportation management systems, we seek candidates who understand the operational problems that are being solved by the application. Also, finding multi-disciplined technical managers such as project managers and development managers is becoming more of a challenge. To round out the recruiting spectrum, security and system administrators are routinely in demand. "

Joel Smith, Co-founder and CTO, AppRiver

Q: What is the biggest challenge in balancing your network operations responsibilities with your R&D responsibilities within your organization?

A: " Staying involved in the R&D process is a challenge in the midst of day-to-day operations, but we try to maintain a balance through effective communication both internally and with our customers. We are constantly gathering data through customer surveys as well as weekly meetings with our sales and customer service groups to ensure our R&D road map stays on target with what the customers need.

R&D is a continuous series of forks in the road with numerous failures and just a handful of successes. The more you keep in touch with the process, the higher your success rate will be in the long run. "

Gregory Veltri, Chief Information Officer, Denver Health & Hospital Authority

Q: In healthcare IT, what is the greatest obstacle to electronic health records implementation?

A: " Our organization cares for more than 150,000 patients, providing two billion in uninsured care since 1992, yet we continually leverage technology to improve patient safety and quality of care while managing cost. For many organizations, the biggest challenge to implementing electronic health records (EHRs) is gaining the acceptance from the clinical staff. If clinician users do not clearly understand how technology can help improve safety or quality of care, this can lead to strong resistance and slow down the entire implementation process.

Successful communication enables key stakeholders to be interconnected, which improves the population health and leads to more personalized care. Furthermore, a strong vendor relationship is critical to success. Maintaining a strong relationship and open lines of communication with Siemens Medical has helped us better educate and communicate with our end users, as well as drive acceptance of our EHR implementation across the enterprise. "

Bob Mitchell, Senior Vice President, Operation & CIO, GTSI Corporation