Damn lies, statistics and benchmarking

The recently published NCC Benchmark of IT Spending andStrategy 2011 shows a decline in spending on IT by UK organisations.

According to the survey:

 ‘The median level of total IT spending in this year’s Survey is £3,135 per end user, compared to £3,227 in 2009 and £3,275 in 2008. Expressed as a percentage of turnover/revenue the median IT spending figure represents just 2.48% of expenditure, down slightly from 2009 when it was 2.54%. There are significant variances between sectors however; a quarter of respondents reported an end user spending figure of less than £2,096, whilst at the other extreme a quarter of respondents reported a figure higher than £5,152.’

The lowest spending sectors are charities with a median spend of £2,123 spent per end user and education, with a median spend of £2,264 per end user, while Finance is the highest at £9,348 per end user.

The problem with these figures, is what should we make of them? On one level, they hold no surprises. Times are tough, organisations cut/avoid expenditure where they can. In many charities especially, IT is seen as a back office cost and trimming its budget is much less publically painful than things on the front line.

Another interpretation is that the cost effectiveness of the technology is improving and therefore cost per end user is falling. One of the reasons for charities being at the lower end of the scale, under this scenario, is that charities benefit from generous discounts and donations from suppliers (see the CTX programme for examples).

A third, and possibly more significant reason, is that charities simply don’t see the benefits of technology investment beyond the very basics (accounting software, basic office functionality etc.). I don’t think they’re alone in this, and I certainly wouldn’t want to see the technology arms race that goes on in the finance sector transferred to the not-for-profit arena. However, it’s clear to me in the many conversations that I have with charities, that few in the sector really understand what technology could do for them. Moreover, when they do see examples of good technology use, it is from the very large charities whose spend on IT is probably greater than most charities’ total income.

Yet good technology is more affordable now than ever. We need to open charities eyes to what is possible and affordable. That may mean total IT spend going up but it should be linked to more effective services, better fundraising, clearer tracking and communication of benefits, and in some cases it could revolutionise the way charities work.

So we need more case studies and examples of small charities doing great things with technology and less of the flagship names, then the vast majority of the sector may come to realise just what IT can do for them.

How do I learn?

Last week, I spent a day at the Charity Learning Consortium conference. The day was focussed on eLearning and among a number of very good speakers was one from Google. His talk focussed on how Google rank people internally as a knowledge resource, and have started to engage people as technology mentors and ‘ad hoc’ trainers based on (a) their willingness to fulfil such a role, and (b) their ranking as an ‘expert’ in a particular field by their peers.

This discussion set me thinking about my approach to learning. Some years ago I heard a lecture from Marcus Buckingham based on his book ‘Now Discover Your Strengths’. Marcus works for Gallup and which does thousands and thousands of assessments of people’s individual strengths. I’ll leave you to look up the detail, but anyway, it turns out my number one strength is ‘Learner’. To quote the definition in Marcus’s book: 

‘You love to learn….. The process, more than the content or result, is especially exciting for you.’

Despite this, over the years, I have been on very few training courses. I now learn through a whole new set of media. Number one among them is Google. If I want to find out about a subject, I Google it. I may watch a video, read an article, find a conference, but I pretty much never find a course in a classroom. Why? Because I get bored in classrooms. I read the articles, or the manual and play with the technology (if I can get my hands on it. That’s how I learn. 

Why am I telling you this? Because I used to think this was a poor way to keep up to date, but the Charity Learning Consortium meeting, along with a number of other ‘experts’ in the field who I have heard talk about learning, have confirm to me that it isn’t. And continually learning in the IT world is more important now that it ever has been. If you wait for someone to come along and offer to teach you about the new technologies that are out there, you will be left behind. 

The more I talk to people about this, I realise I am not such an unusual learner. So if you hear about a technology you think sounds interesting, Google it and learn about it. It may be just what your non-profit needs.

A world of Apps

Since I’ve been working in IT, there have been two seismic shifts in the technology landscape. The first was the advent of the PC, the second was the development of the internet. 

When the PC appeared on the scene, it was very much an end user driven phenomenon. At the time, I was working within the corporate IT function of a large retailer. The organisational mentality was very IBM mainframe oriented and highly centrally controlled. PCs were consigned to a group called ‘end user computing’, subject to director level sign off, and seen as an annoying inconvenience that had to be tolerated because the people asking for them had enough political clout. 

By the time the internet came along, I was working on global IT projects for organisations across a wide range of sectors. Again this new thing was viewed was a lot of confusion, suspicion and distain by the IT functions of these organisations. It was very much the end users, the people outside the IT organisation that drove adoption.

I believe we are on the cusp of the next revolution in IT and once again it will be driven by users not by the IT practitioners within our organisations. No, I’m not talking about social media, I’m talking about the ‘App’.

The App model, so expertly marketed by Apple, changes our whole approach to applications, not just on a smart phone or tablet, but across the whole IT landscape. It takes big applications and breaks them down into small pieces, where I only take the bits I want. 

While the Iphone/Ipad has got the most coverage over apps, many others are taking up the idea (or were already using it under a different guise). Let me give you some examples. The Drupal open source CMS is based on a core set of code built in modules. Because it is an open API, anyone can write and submit a module to augment the CMS. You can go to the Drupal website and find pretty much anything you need. You download it, install it in the right directory on your server, enable it and away you go. On the Drupal site, you can see how many times a module has been downloaded and get feedback from other users. In the commercial software world, Salesforce has a similar model for add-ons, particularly for tools to provide integration into other applications. 

Extend this idea into some of the traditional desktop applications we all use. Microsoft periodically release a new version of Office with lots of ‘enhancements’ and new features. Many of us have for a long time asked what practical difference the new versions make, and Microsoft is having a harder and harder time selling the benefits of these releases. For most people, they stretch word to fraction of its capability. I use Word a lot and what I mostly need is a few fonts, a few standard formats (heading, main text, bullet points etc.), find and replace, and spellchecker. There are probably a few other things I use, but most of the enhancements of the last ten years have given me very minimal gains. This is even more true when we come to spreadsheets (mainly used as a convenient list by most people), and presentation graphics (Powerpoint).

For most people, an App that does the core functions well is all they need, with a few people needing much more advanced capability. 

In the technology world, users drive revolutions, not central IT management. People want their favourite device. They will want their favourite Apps to do their work, not the rigid ‘standard desktops’ that IT best practice (low cost, high control) dictates. Central IT organisations will fight a rear guard action on security and data management which they will lose – they will have to deal with the new reality not try and stop it Canute like. The future challenge for IT is to deliver platforms that accept the plethora of devices and apps that will be used by the end user. They will need to dictate base standard file formats for the interchange of documents (which apps will deliver as standard); they will have to create robust security strategies that accept, not exclude, the diversity of end user devices and Apps; and they will have to become ‘App developers’ to integrate business applications that are based on packages hosted by a multiplicity of different providers.

Just as the Internet and the PC drove a profound shift in what IT functions do, the App is going to fundamentally change our approach to every aspect of IT delivery and management.

Cloud is not a technology decision

I’ve sat through a lot of debates recently about whether not-for-profits should migrate to the cloud. Most have either focussed on technology questions such as, “Is the cloud better technology than traditional models?” Or cost arguments. But what struck me during these debates - apart from the ubiquitous use of cloud to cover anything that didn’t involve capital expenditure on IT and therefore being a quite useless term for any specific discussion – was that there is a crucial point that is being missed:

·         

The general overhead for small organisations (as most not-for-profits are) of owning technology.

This was really brought home by two conversations. One was a discussion on benchmarking of IT costs, and whether outsourcing was more expensive than doing it yourself. One of my colleagues made the point that for the outsourcer, all costs are visible and have to be taken into account when setting a price - commercial reality is very harsh if they’re not covering all their costs. Now that’s not to say that the in-house IT organisation doesn’t have to cover its costs, but some of those costs can get deeply hidden within the organisation, and are not immediately visible and attributable in a chart of accounts. For instance, the cost of a finance or HR function may not get included, yet by their very existence IT employees add some burden to these functions.

The second discussion was with a small charity who have engaged an IT support company to help them and wanted someone to ‘sanity check’ what was being proposed to them. You see the manager at the charity didn’t feel that he had sufficient understanding of the technical detail to know whether what he was being told was right and, in particular, whether some of the work could be deferred to manage their cashflow better. Which brings me to my point: 

Cloud solutions such as Google, Microsoft Office 365, Dropbox, Huddle, Salesforce.com etc. take away a set of technology from the organisation so that senior managers no longer have to concern themselves with it.

Now I know this is a claim made by the outsourcing fraternity, but cloud is subtly different. I’ve been involved with a lot of outsourced contracts and they all finish up in discussions, to a greater or lesser degree, as to how much kit you use, what technology it is being managed, how often do you want to change/upgrade it and so on. So management are still involved in gory technology decisions. This is where cloud solutions differ. As a manager, I don’t care about the detail of the underlying technology. I want email; I want file sharing; I want CRM functionality. What hardware, operating system, RAM, DRAM, SAN, UPS,NAS,  SSD, IPV6, Ubuntu, Linux, Windows, SQL, MySQL, SAP, Oracle, and any other acronym you wish to come up with that I don’t give a twopenny stuff about, do we need.

Management time is in short supply in not-for-profits. Managers want to focus what time there is on their passion: what their organisation delivers to its beneficiaries. Detailed IT decisions are the management overhead IT people forget about when they have their technology debates. Most non-IT managers don’t care about this stuff. It just takes time and gets in the way. The cloud allows them not to care, and to focus on what matters, which is how can technology help my organisation deliver more, faster, cheaper, or in completely new ways, without worrying about how much memory do we need in the server or where are we going to put the UPS.

Senior managers in not-for-profits are going to make decisions on cloud solutions on the basis that they save them time, are convenient, and they’re not going to wear out in three years time. Does it do the job? Is the price point right? Will it save the organisation and/or me personally a lot of time? If the answers to these three questions are yes, yes and yes, then expect senior managers in not-for-profits to say yes to the cloud. It’s not a technology argument for them, it’s a business decision!

Why are we so scared of cloud security?

I hear a lot peoples’ reservations about cloud computing. One of the biggest is security. No doubt Dropbox’s recent security lapse will be rolled out at every seminar and conference for the next three years to warn small children, sorry prospective users of cloud services, of the cloud’s inherent insecurity. 

But the more pertinent question is this: is the security of a cloud service weaker or stronger than you currently have? I would wager that for most not-for-profits it is emphatically stronger. I’m as big an advocate of a good firewall and a reputable anti-virus/spam package on all your systems as the next person. But let’s face it, most of the time what we’re protecting against here is the casual opportunist hacker who is targeting literally millions of potential victims. It’s like putting a burglar alarm on your house, it just makes you a bit more secure than the house next door that doesn’t have one when the opportunist thief walks by. A determined, competent hacker, targeting your organisation specifically, will almost certainly get in. Just like a determined competent burglar will break into your house if they decide your’s is the one. When the ‘celebrity’ hacker rings like Anonymous and Luzlsec see the challenge as the CIA (and allegedly succeed) what chance do we really stand?

Cloud providers spend a lot more money on their security, their reputation, as Dropbox are currenly finding out, depends on it. What they have in place is far superior to most not-for-profits. Yes there will be high profile mistakes, but tell me there haven’t been virus infestations and data breaches within hundreds, if not thousands of small not-for-profits. You’re most vulnerable point is the PC in the office with the ‘save password’ options ticked to yes, or the password written on the underside of the keyboard, or the USB stick left on a table at a conference, or that just oh-too-tempting website/email. These vulnerabilities will continue with the cloud and any other technology you use. Cloud providers anti-hack, anti-virus defences will remain a lot stronger than anything you do in house because it is one of the biggest economies of scale they bring to the table and their commercial lives depend on it.