Thursday, November 26, 2020
Home Information Security CIO Best Practice: Balancing Security, Flexibility, and Efficiency with an Effective Materials...

CIO Best Practice: Balancing Security, Flexibility, and Efficiency with an Effective Materials Management Policy

As an organization’s IT leader, we are expected to have full ownership over our technology ecosystem, however…

Do you know how many different makes & models of computers are used in your organization? Do you know if all of your organization’s critical Line of Business (LOB) applications work well on all the hardware and operating systems? How would these applications work after the new OS patch is applied to the computers? Do you know if all of the phones in your organization have the latest Apple security patch applied to them?

Given the number of security breaches in recent times, it was easy to spot an emerging pattern. Security breaches were occurring because many organizations were not applying security patches consistently on all machines.

Being 99% compliant is not enough – you must be 100% compliant to sufficiently protect your organization. It is not only your responsibility to know all the makes and models of all computers, phones, and other devices in your organization, but also your team’s, who has to test the upgrades on all those makes and models.

Organizations today have so many different models of hardware that it is almost impossible to cover all permutations and combinations of security patching and application testing before deployment.

So why are there so many models deployed in any organization?

The reason is a combination of employee preferences and a constant influx of new devices into the market. Some employees want the latest iPhone while others do not want to change their old device. Some employees like Samsung’s phone better than iPhones. The range of models that need support is now incredibly vast.

IT needs to deploy security patches to all of these phones and make sure all LOB applications work on all models. If HP releases a new driver that works better with Microsoft Teams, then the driver needs to work with all the HP models in the organization’s hardware fleet.

In my role as CTO, I get a few suggestions of new models of phones or servers or laptops to add into the catalogue every week. In parallel, I also get a few requests every month to reduce cost of supporting and managing devices.

Every IT leader faces a similar conundrum.

While it is almost impossible to keep the entire fleet standard in the face of employee choice and flexibility, it is necessary to implement an organization-wide materials management policy that can provide standardization across the organization while still remaining flexible for employees.

My suggested materials management policy can be described by five concrete components:

  1. IT creates a few “Materials Profiles”. A Materials Profile covers types of work scenarios in which an employee can work, such as employees working from home or from a remote location or employees working in manufacturing plants or some other combination. Ideally, IT defines work profiles that cover most scenarios in which employees work, but of course, there will be some exceptions.
  2. A “Materials Profile” comes with suggested equipment. Each Materials Profile has a list of equipment that employees in that profile will get to use. For example, a phone model, a mobile phone service plan, a type of Personal Computer, potentially a monitor (or two), and other small accessories. Each device comes with a pre-defined upgrade timeline. For example, PCs will get upgraded in 4 years and phones in 3 years. Every country can even create their own list of materials per profile to provide compliance to the country’s rules and regulations (if any).
  3. HR and business GM assign a “Materials Profile” to job roles. HR and the GMs of the business will look at each of the job roles in the organization and assign each a Materials Profile. HR and GMs know the job roles and expectations the best, so they are best suited to make these decisions.
  4. HR and business GM can create exceptions for certain employees. There will be exceptions that HR and GM will need to create either for medical reasons or for other business-related reasons. These exceptions can be created by assigning specific employees to a different Materials Profile.
  5. IT provides and upgrades IT materials based on the “Materials Profile”. IT teams will look at the Materials Profile for each employee and provide the necessary materials. Upgrades of materials will also happen according to the predetermined policy and timeline. Old materials must be retired or be taken offline after the specified age has been reached.

Here are some suggested materials profiles. They cover many common work scenarios for employees in an organization. Of course, modifications will likely be necessary as per the needs of your organization.

  1. Fixed Location Workers – Some types of work can be done only in an employees’ workspace. For example, Building Receptionists, Manufacturing Line Operators, Beauty Advisors, etc. This type of worker should be provided with a desktop computer, one or two monitors (depending on needs and employee choice), no mobile phone, a robust keyboard, an ergonomic mouse, etc.
  2. Knowledge Workers – These workers handle and work with data and information to generate value for the organization. For example, Sales Analysts, Product Designers, Program Managers, etc. These workers can work from anywhere at any time. Communication applications, LOB applications, and access to lots of websites (internal and external) are critical tools for their jobs. An ever-increasing portion of any company is going to this type of work. This type of worker should be provided with a nice laptop, a mobile phone with countrywide coverage, and light accessories that can be easily stored and transported from one office to another.
  3. High Spec Knowledge Workers – Some knowledge workers require high specifications for things like speed, memory, or graphics to enable their work. These workers often handle many files (or large files) at the same time or need premium graphics or processing power. For example, developers, testers, and finance teams require a higher degree of performance from their machines. This type of worker should be provided with similar materials to other knowledge workers, except their personal computers should have a higher-end processor, more memory, and, potentially, a dedicated graphics unit.
  4. Mandatory Work-From-Home Workers – Some knowledge workers are being told to work from home for extended periods of time, especially during the Covid-19 pandemic. Some organizations have even made rules to have a portion of the company permanently work from home. Not only should these employees get the materials of knowledge workers, but they should also be given some allowance to set up a home office, along with a monthly allowance for consumables. For example, Uber is giving employees a one time $500 stipend to set up a home office by getting a printer, desk, or other office equipment for their home. Some organizations are paying their employees a $75 per month stipend for consumables like paper, ink, etc. Some organizations are giving employees $75 per month and allowing them to select their phones and service but are managing these phones using BYOD management software like AirWatch or other similar software.
  5. Highly Mobile Workers – There is a type of worker who is very mobile, for example, regional salespeople or senior executives. In extreme cases, this type of worker is ALWAYS mobile. This type of worker needs a very light but sturdy laptop that is easily transportable, along with global phone service. In some companies, the Microsoft Surface Book is being provided for this profile (even with the higher cost) along with an international phone plan and a 4G Wi-Fi card for safe internet access when on the road.

Once the materials profile has been created by IT and agreed by HR and the business leaders, the work of fleet-standardization becomes much easier. HR teams help in the management of this by creating ways to associate each employee to a specific Materials Profile.

The easiest way I have seen this done is to keep an attribute on the HRIS system for a Materials Profile. In parallel, the IT team creates workflows for each Materials Profile to request and upgrade materials. The decision of which job role falls into which Materials Profile is between HR and the business GM.

Creating a materials management policy for your organization not only increases operational efficiency for IT, but also tightens security for the entire organization and creates uniformity among the devices employees use, encouraging standardization while still allowing for choices among employees.

0
Manish Sinha, TNCR Contributing CIO
Manish Sinha, TNCR Contributing CIO
Manish an award-winning CIO/CTO, having won the “CIO of the Year” from Pittsburgh Technology Council (PTC) in 2016. Since 2018, Manish has served as the corporate CTO of L'Oreal Paris, overseeing Global Employee Experience, and the infrastructure of global functions including Human Resources, Research & Innovation, and Manufacturing.
- Advertisment -

Most Popular

Technology Leaders Can’t Afford to Let Innovation Slip Away

In 2013, Daniel Burrus argued for the Harvard Business Review that, “the CIO position needs to transform into the Chief Innovation Officer.” His reasoning was simple:...

The Organizational Importance of the Chief Information Security Officer

Digital security is a well-known priority for companies, and every high-profile breach is more reason for organizations to invest in defenses. As threats from...

Challenges on the Horizon: Three Pressing Obstacles Technology Leaders Will Face in the Next Decades

Last week, we published an article on how the role of the CIO and technology executive has changed over the last decade. While the passage...

IBM Chief Information Officer Fletcher Previn – Enabling a Global Workforce in a Pandemic

Continued innovation has always been a key driver of any successful business technology function and has been necessary to keep up with the ever-evolving...

Recent Comments