10 findings on highly paid CIOs a

10 facts on highly paid CIOs

The 36 highly paid CIOs have average base salary is $510,000 with total average compensation of $3.6 million.

Janco has just updated its list of highly paid CIOs for the last year. The data is from public sources including SEC fillings.  The data shows that this group of individuals is not only very diverse but also completely integrated in the executive management planning and operational teams.

Interesting findings include:

  1. One quarter of this group of CIOs are women.  That is up from less than 10% in 1999.
  2. Just under 1 in five are minorities.  This group of CIO is racially diverse and are all well educated
  3. The median base salary $700K while the average base salary is $510K/
  4. The median total compensation $3.3 million and average total compensation is $3.6 million.
  5. All of the CIOs make most of their total compensation from performance bonuses and company stock.
  6. The average tenure is well over 60 months and these individuals have the probability of retiring from these jobs versus being terminated or leaving for greener pastures.
  7. All of the positions are Vice Presidents and most are Executive Vice Presidents. All have either CIO or CTO in their official titles.
  8. Over 60% have been in IT most of their careers. and have advanced to this position.
  9. Over 40% have operational responsibility for areas beyond IT and technology.  Technology is integral to the day-to-day operations
  10. All are integrated into the executive and operational management of the enterprises they are in. Typically IT is not in a “silo” isolated from the rest of the company.
toppaidcios-36
Highly paid CIOs – Public Companies

Janco and eJobDescription.com has conducted salary surveys of the IT Job market since 1989. The data from this survey has been published in the Computer Industry Almanac, the Wall Street Journal, the New York Times, eWeek, and many other business and industry publications. In addition over the years it has been featured on CNN, the Wall Street Journal, and several national and international media outlets.

Order Salary SurveyDownload Selected Pages

10 step security

10 step security for third party access to enterprise systems

10 Setps for security in cloud Security plan10 step security for 3rd party access to enterprise systems are a must with the increased use of internet processing and use by day to day business operations.

Security and compliance are key to maintaining control of sensitive and confidential information. All of the product offerings of Janco are geared towards proving tools to help C-Level executives and top IT professionals maintain the privacy of its users and enterprise data.

Order Security ManualDownload Selected Pages

  1. Create an asset inventory and tracking to reduce the risk of network-connected assets being out of compliance with policy.
  2. Understand the cloud-based environment where all users are considered remote, and apply controls similar to how they have historically provided access to third parties.
  3. Make changes in how the organization manages and controls these various user-types by incorporating concepts such as zero-trust, network abstraction, extended identity validation and full-session recording to effectively reduce the overall risk and isolate any potential impact caused by third parties or remote user actions.
  4. Define a plan which meets the requirements for external contractors, employees, and B2B entities.
  5. Coordinate third party access plan in conjunction with their business units and develop a solid communications plan.
  6. Create rules for access using the appropriate level of controls commensurate with their given risk profiles, to include: isolation/segmentation, encryption, and federation integrations.
  7. Establish access points and rules for data availability to third parties
  8. Invest in ways to authenticate third-party users beyond simple username and password.
  9. Define metrics which address compliance variances and risks, and build an end-to-end security and risk view for the entire enterprise.
  10. Create a reporting system which track access, access violations, downloads and total usage. This should be real-time and have assigned individuals monitor and report and deviations.

Order Cloud Outsourcing TemplateDownload Selected Pages

Android beats Apple in application development war

Android beats Apple in application development war

Android beats Apple in application development war — Android is increasing its lead for developers, eroding the long-standing maxim of creating apps for “iPhone first.”

Career Planning Template
Career Planning

The Developer Economics: State of the Developer Nation Q3 2016 reports Android now has a whopping 79 percent “mindshare” among mobile developers, the highest for any platform the company has measured since it began its quarterly surveys back in 2010. The record comes as the mindshare for iOS has consistently tracked at 51 percent to 55 percent since 2013 (although that figure rises to 61 percent for professional developers).

Download Selected Pages

More important, perhaps, almost half (47 percent) of professional developers now consider Android their primary platform, up seven points in just six months. Apple, meanwhile, is going in the opposite direction. The number of mobile developers who consider iOS their primary platform dropped eight points, from 39 percent to 31 percent.

Both in an individual’s personal career planning and an enterprise’s staffing, promotion and compensation it is important to have benchmarks on the levels that individuals are at. To that end, one of the best objective ways to meet this goal is to have formal job descriptions and clear paths for promotion and compensation.

10 Steps to Implement Cloud SaaS

10 Steps to Implement Cloud SaaS

10 Steps to Implements Cloud SaaS
10 Steps to Implements Cloud SaaS

10 steps to implement cloud SaaS – As more CIO and other C-Level executives look have Software as a Service (SaaS) for interaction with their users, customers, suppliers, and markets there are some best practices that they should follow.

  1. Cloud How To Guide

    Evaluate the current capabilities of their IT infrastructure and application portfolio. Included in that an assessment of the competition and the state of opposing competitive solutions.

  2. Develop a roadmap with priorities for SaaS/cloud deployment. Establish who the drivers and owners of the SaaS process are.
  3. Establish clear governance that considers key stakeholders for cloud deployments. Include budgetary responsibility as well as for achieving stated goals.
  4. Develop metrics for performance and for measuring success in meeting cost and other deployment goals. Include a process for dissemination of the results in a timely manner
  5. Adopt vendor management practices to monitor SLA performance and define responsibilities.
  6. Provide active project management to keep implementation on time and on budget. Steering committees and SDM (System Development Methodology) need to be included in the mix.
  7. Plan for ongoing support, acquiring or training resources for the necessary skills, and address skills gaps. Budgets and associates service levels need to be defined before the SaaS development begins.
  8. Regularly evaluate performance and goals/metrics to ensure they are being met. Utilize every form of communication possible so the enterprise as a whole knows what the state of the SaaS activity is.
  9. Audit compliance with security and other standards and practices and privacy policies. Build compliance into the SaaS process.
  10. Ask suppliers to provide specific data and experience with cloud-to-cloud integration and performance.
Order Cloud Outsourcing Template  Download Selected Pages

Top 10 Cloud SLA Best Practices identified by GAO

Top 10 Cloud SLA Best Practices identified by GAO

Cloud SLA Best Practices
Cloud SLA Best Practices

Top 10 Cloud SLA Best Practices are:

  1. Define SLA roles and responsibilities for the enterprise and cloud providers. These definitions should include,the persons responsible for oversight of the contract, audit, performance management, maintenance, and security.
  2. Define key terms. Include definitions for dates and performance. Define the performance measures of the cloud service, including who is responsible for measuring performance. These measures would include: the availability of the cloud service; the number of users that can access the cloud at any given time; and the response time for processing a customer transaction.
  3. Define specific identifiable metrics for performance by the cloud provider. Include who is responsible for measuring performance. Examples of such measures would include:
    SLA Best Practices
    SLA Best Practices
    • Level of service (e.g., service availability—duration the service is to be available to the enterprise).
    • Capacity and capability of cloud service (e.g., maximum number of users that can access the cloud at one time and ability of provider to expand services to more users).
    • Response time (e.g., how quickly cloud service provider systems process a transaction entered by the customer, response time for responding to service outages).
  4. Specify how and when the enterprise has access to its own data and networks. This includes how data and networks are to be managed and maintained throughout the duration of the SLA and transitioned back to the enterprise in case of exit/termination of service.
  5. Specify specific SLA infrastructure and requirements methodology:
    • How the cloud service provider will monitor performance and report results to the enterprise.
    • When and how the enterprise, via an audit, is to confirm performance of the cloud service provider.
  6. SLA DRP and Security for Cloud
    SLA DRP and Security for Cloud

    Provide for disaster recovery and continuity of operations planning and testing. Include how and when the cloud service provider is to report such failures and outages to the enterprise. In addition, how the provider will re-mediate such situations and mitigate the risks of such problems from recurring.

  7. Describe any applicable exception criteria when the cloud provider’s performance measures do not apply (e.g., during scheduled maintenance or updates).
  8. Specify metrics the cloud provider must meet in order to show it is meeting the enterprise’s security performance requirements for protecting data (e.g., clearly define who has access to the data and the protections in place to protect the enterprises’s data). Specify the security performance requirements that the service provider is to meet. This would include describing security performance metrics for protecting data, such as data reliability, data preservation, and data privacy. Clearly define the access rights of the cloud service provider and the enterprise as well as their respective responsibilities for securing the data, applications, and processes to meet all mandated requirements. Describe what would constitute a breach of security and how and when the service provider is to notify the enterprise when the requirements are not being met.
  9. Specify performance requirements and attributes defining how and when the cloud service provider is to notify the enterprise when security requirements are not being met (e.g., when there is a data breach).
  10. Specify a range of enforceable consequences, such as penalties, for non-compliance with SLA performance measures. Identify how such enforcement mechanisms would be imposed or exercised by the enterprise.

IT job market growth slows

IT job market growth slows

YTD IT job market growth March 2016

IT job market growth slows even more in the past month.  Looking at
BLS’s data and the analysis done by Janco Associates it is very clear that job market picture for IT professionals is not as bright as it was last year.

In the first quarter of 2016 the total number of new IT jobs created was only 19,000 versus 33,900 in the first quarter of last year.  This is on a base of 3.3 million jobs.

When you analyze the data it becomes very clear that the IT job market is not growing as fast as it was last year.  In our interviews we discovered several causes:

Long term IT job market growth trendPolitical instability both domestically and internationally – This causes enterprises to hold off on investments.

Focus on short term profitability – Investments like those with IT tend to have a much longer break-even point even if the ROI is better.  With time there is risk and many C-level executives are paid on how well they are doing in the current period.

Outsourcing and H-1B workers lower demand for domestic IT pros – Both of those are like have a “guest worker” program.  Costs tend to be lower and there is less of a requirement for internal IT staff.

Domestic IT pros do not have current hot skills – Skills that are in the greatest demand are too new to be in universities and technical schools.  Potential employees know all about social media and smart phones.  They do not have a clue or desire to  “program” them.  Foreign students arrive with those skills.

Now those are not the only factors, but they are key to addressing the issue of how do we create more IT jobs for domestic employees.

Both in an individual’s personal career planning and an enterprise’s staffing, promotion and compensation it is important to have benchmarks on the levels that individuals are at.  To that end, one of the best objective ways to meet this goal is to have formal job descriptions and clear paths for promotion and compensation.

Download Selected Pages

Top 10 benefits Cloud ERP

Top 10 benefits cloud ERP

Traditional ERP projects increase costs, take a long time to implement, and require larger and more specialized IT professionals

Cloud Based ERP
Cloud Based ERP

Top 10 benefits Cloud ERP — With the emergence of a secure clouds, moving to a new ERP solution is not as high-risk an event as it once was. There are some critical benefits that make a cloud based ERP a solution that should be looked at:

  1. Vendor packages are available that create an architecture that is easily customized, modified and maintained.
  2. Metrics can be defined up front which can be the road map for communication of the benefits and costs of the ERP solution.
  3. The staffing requirements for scores of ERP specialists is significantly reduced and there is less risk that staff attrition could cause a delay in the implementation and deployment processes.
  4. A cloud based solution eliminates the need for most of the on-site data center resources and is more cost effective (typically at least 30% less expensive than on-premise)
  5. There is much less of a requirement to “re-invent” the wheel and much less of likelihood that the ERP efforts will go down a non-productive path.
  6. Development and and implement cycles are reduced. As a result deployment is quicker, value of the precised benefits are received more quickly, and the organization faces significantly less risk.
  7. With the cloud the ERP is more easily sized for both features and number of users supported and costs can be aligned with company’s ROI objectives.
  8. Business continuity objectives are more easily managed as part of the core design of the ERP.
  9. New technologies and equipment is more easily supported as a well managed vendor based solution provides the ability for the vendor to support new technologies and devices as they hit the market.
  10. Better security and operations than companies can otherwise afford (monitoring and meeting the SLA requirements for response time, continuous backups, redundancy, SSAE 16, PCI certifications, etc.).

Order ERP Job DescriptionsDisaster Plan Sample

Mobile applications more secure with new technology

Mobile applications more secure with new technology

Mobile Applications – (Upper Setting, Inc. — http://www.uppersetting.com/) A new startup has come up with a great new tool that that lets developer quickly develop lightning fast secure real-time client/server applications with its SDK.

Application developers can create highly responsive apps proving users with the ability to receive real-time notification on their Androids, iOS and Windows Phones. The framework is geared to meet the needs of the automation industry as well as defense systems monitoring and control applications. With this solution, when critical events occur, users are able to immediately react and control right from their smart mobile devices.

Mobile Application SDK

The real beauty of this is that it a SDK that is well documented and easy to implement.  Gone are the days of the hammer and chisel.  This is a great productivity tool that every enterprise and IT organization needs to investigate.

There is a white paper that is available that describes this SDK – http://www.uppersetting.com/WhitePaper.

Mobility Policy Bundle (more info…) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable

  • BYOD Policy Template (more info…) Includes electronic BYOD Access and Use Agreement Form
  • Mobile Device Access and Use Policy (more info…)
  • Record Management, Retention, and Destruction Policy (more info…)
  • Social Networking Policy (more info…) Includes electronic form
  • Telecommuting Policy (more info…) Includes 3 electronic forms to help to effectively manage work at home staff
  • Travel and Off-Site Meeting Policy (more info…)
Order

 

Cloud Disaster Plan lacking

Cloud Disaster Plan lacking

Cloud Disaster Plan lacking and is not enough to protect your data.  Google with all of its resources had data destroyed and lost due to 4 lighting strikes at one of it data centers.

Cloud Disaster Plan lacking
Cloud Disaster Plan lacking

While four successive strikes is rare, lightning does not need to repeatedly strike a building in exactly the same spot to cause additional damage.

A project manager for the lightning protection service of one major company, said lightning could strike power or telecommunications cables connected to a building at a distance and still cause disruptions.  The cabling  outside of a data center can be struck up to a mile away, bring the power surge back to the data center and cause extensive damage.

In an online statement, Google said, “… data on just 0.000001% of disk space was permanently affected.” Some people have permanently lost access to their files as a result of this event.

Disaster Recovery Security Cloud DRP Security Incident Communication Policy Security Audit Program
 Order Disaster Plan Template Disaster Plan Sample

Top 10 Best Practices Cloud Security Defined

Top 10 Best Practices Cloud Security Defined

Top 10 Best Practices Cloud Security
Top 10 Best Practices Cloud Security

Top 10 Best Practices Cloud Security Defined – The need to lower cost, increase efficiency and conserve cash has increased the motivation of companies to turn to Cloud Computing and increased the appeal of alternative delivery models. The disruptive shifts in new demand and supply patterns drives changes for how IT services are bought and from whom. Cloud computing requirements need to be well defined. CIOs need to consider implementing these best practices.

  1. Utilize a SDM (System Development Methodology)
  2. Implement a disaster recovery and business continuity plan
  3. Implement metrics and cloud application monitoring
  4. Utilize a secure access and change management system
  5. Utilize a patch management approach to install revisions
  6. Implement a log management system
  7. Implement firm security policies (see https://www.e-janco.com/Security.htm and https://www.e-janco.com/cloud.htm)
  8. Review latest published cloud vulnerabilities
  9. Use  independent  3rd parties to find security vulnerabilities
  10. Conduct a security compliance audit

The Cloud Guide and the Businesses and IT Impact Questionnaire are over 120 packed pages and include everything needed to plan for, negotiate, and manage an outsourcing process within an enterprise.  The top 10 best practices cloud security were the base for the creation of this.  The electronic document includes:

  • Cloud Outsourcing Management Standard Overview
  • Cloud Outsourcing Policy Standard Policy
  • Cloud Outsourcing Approval Standard Process
  • Sample Service Level Agreement 
  • Service Level Agreement Metrics Definition
  • Outline for Contract Negotiation 
  • Base Case Development Detail
  • Mutual Non-Disclosure Template
  • Job Description for Manager Cloud Applications
  • Job Description for Cloud Computing Architect
  • Business & IT Impact Questionnaire
  • ISO 27001 & 27002 Security Process Audit Checklist

Top 10 CIO Concerns

Top 10 CIO Concerns

Top 10 CIO Concerns – With the changing economy and improved outlook for IT spending, Janco has identified the top  10 CIO concerns.

Order CIO Job Description

The top 10 concerns are:

  1. Security – as more instances of cyber-attacks are identified CIOs are well aware that their jobs are at risk if this occurs under their watch,.
  2. Cloud Computing – This is the new hidden IT that is driving many new applications and is not under the complete control of the CIO and IT organization.
  3. Infrastructure – No longer are those interacting with the data and systems in a single location utilizing standard hardware and software. Records management, retention and destruction as well as version control are just a few of the areas that CIOs need to manage and control.
  4. Consolidation – Islands of data and computing continue to exist as new technologies are implemented. Redundancy leads to disparate information and needs to be resolved.
  5. Big Data – As data is consolidated it needs to be analyzed more quickly so that decision making within the enterprise is improved.
  6. Automation – Traditional functions are now being eliminated and automation needs to take placed which will meet the strategic objectives of the enterprise.
  7. Mobile Computing – BYOD and mobile applications are where users are looking for support in order to improve their bottom line results.
  8. Staff Retention – During the past few years that has not been an issue but now with an improved IT job market staff will leave.
  9. Social Networks – This is the wave of the future and needs to be managed more effectively.
  10. Succession Planning – Not only for the CIO role but for all of the other key roles within the IT functions. Job family definition is now a priority.

Top 10 Reasons Cloud Fails

Top 10 reasons Cloud fails

Applications are moving to the cloud and CIOs are striving to make the cloud they use as private and secure as possible.

Outsourcing Template
The top 10 reasons cloud fails are:

  1. Changing infrastructure but not changing the operational processes
  2. Ignoring what others are doing
  3. Real benefits are not understood
  4. Alignment of IT and business in the private cloud not done
  5. The wrong staff resources assigned to the design, implementation and operation of the cloud
  6. Benefits are not measured
  7. Charging is not done fairly for services rendered
  8. Benefits are not communicated
  9. The application is not really a cloud based solution – just a conversion of an existing mainframe solution
  10. Organization is not geared to support cloud applications and cloud users
Order Cloud Outsourcing Template    Sample Cloud Outsourcing Contract

Mobile Devices are how many start and end the day

Mobile Devices are in many bedrooms

How did you start your day today? How did you end your day yesterday? For many, starting or ending our day involves connecting in some way with a mobile application. In 2014, the number of Internet users worldwide has reached nearly 30 billion. While the majority of these users connect via fixed-line to a PC, the growth of mobile- and cloud-based solutions has skyrocketed. Industry experts estimate that mobile-only users (no laptop, no desktop) will hit 1 billion next year.

  • Mobility Policy Bundle (more info…) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable
    • BYOD Policy Template (more info…) Includes electronic BYOD Access and Use Agreement Form
    • Mobile Device Access and Use Policy (more info…)
    • Record Management, Retention, and Destruction Policy (more info…)
    • Social Networking Policy (more info…) Includes electronic form
    • Telecommuting Policy (more info…) Includes 3 electronic forms to help to effectively manage work at home staff
    • Travel and Off-Site Meeting Policy (more info…)
Order

Cloud Technology Impacts Outsourcing

Cloud Technology Impacts Outsourcing

Cloud Technology

What makes cloud computing different from this “ordinary” system of computing is that the cloud functions as a collective computer that exists in the virtual world. The cloud uses resources and information from computers and servers, running these applications independently and making the specific hardware less important to how the applications work.

Janco Associates has just updated its CIO IT Infrastructure Policy Bundle. This is part of Janco’s continuing effort to create a set of standard ‘Best Practices’ procedures that CIOs can implement to meet the challenges they face as they adjust to the new ways that technology is being used. Included is a new policy “Outsourcing and Cloud Based File Sharing“.

The Outsourcing and Cloud Based File Sharing Policy defines everything that is needed for the data and/or application of a function, department, or area to be outsourced or file shared via the cloud.

The policy template is ready to use and is easily modified to meet the unique requirements of your company.

The policy comes as a Microsoft Word document that can be customized as needed.

The template has been updated to include an ISO audit program definition and electronic form. The policy template includes:

  • Outsourcing Management Standard
    • Service Level Agreement
    • Responsibility
    • Cloud Based File Sharing
  • Outsourcing Policy
    • Policy Statement
    • Goal
  • Approval Standard
    • Base Case
    • Responsibilities

Note: Look at the Practical Guide for Outsourcing over 110 page template for a more extensive process for outsourcing which includes a sample contract with a sample service level agreement

Order Outsourcing PolicySample Outsourcing Policy

Cloud Based Disaster Recovery

Cloud Based Disaster Recovery

Cloud based disaster recoveryCloud based disaster recovery is all the rage. May Disaster Recovery and Business Continuity experts are pushing this cloud solution because:

  • It is very easy to get the process going – There is little if any investment in hardware, plus most service providers say they are secure and offer automated process to upload the data.
  • It is flexible and not very inexpensive – The user has the option to determine what is backup and how frequently.  It is a very scalable solution.
  • It simplifies the disaster recovery environment – It provides a way to use the same architecture across environments minimizing training and maximizing support.
  • It provides management consistency – With a single remote platform the disaster recovery and business continuity staffs can modify and test without impacting day-to-day operations.

Businesses are using the cloud based disaster recovery to enable faster business continuityof their critical IT systems without incurring the infrastructure expense of a second physical site. The cloud supports many popular disaster recovery (DR) architectures from “pilot light” environments that are ready to scale up at a moment’s notice to “hot standby” environments that enable rapid fail-over. With data centers in multiple regions around the world, cloud based disaster recovery  enables rapid recovery of your IT infrastructure and data.

Related posts:

  1. Released CIO IT Infrastructure Policy and Procedure Bundle Update
  2. Disaster Recovery Business Continuity Tools
  3. Released BYOD Policy Template – Bring-Your-Own-Device
  4. What is Disaster Recovery
  5. What is Disaster Recovery