Contemporary Challenges Facing the ICT Professional

EXECUTIVE SUMMARY

At one point the ICT department’s primary concern may have been to keep a system up and running. Yet from an emerging industry, transformation has resulted in organisations with IT capabilities integral to business security and success, and working directly to achieve business goals. As IT capabilities increase further, and professionalism grows within the industry, the cycle continues with new challenges that require addressing to pave the way for further development.

In exploring contemporary challenges, briefing papers were prepared on Cloud Computing Adoption, Cloud Computing Security, Big Data, Cybercrime and Disaster Recovery. In turn these led to interview questions presented to an experienced ICT professional. Juxtaposition between research and interview occurred indicating alignment in most areas. However whilst the challenge topics were technical in nature and require the skill set of the ICT professional, working as part of a team of people in a business operational sense came to the fore in the interview.

It was discovered that a CIO, with attitudes and ethical values that are professionally sound can be seen as having a positive impact on the group professional culture of ICT professionals internal to a workplace, perhaps in a more significant sense that the ACS, which whilst highlighting appropriate conduct is unable to enforce it. A constant need to balance knowledge of best practice with the realities of business continuity emerged as a strong theme, with the need to balance both risk management and change management in this context. The ICT professional is seen as bringing awareness to these issues, but must take into account business tolerance and potentially negotiate a path to adequately address them.

BACKGROUND

Gone are the days when the IT department’s primary concern was to keep a computer system up and running. Years of IT advancement have seen major transformation within most organisations driven by the organisations’ goal to improve business performance and to increase security. Alongside this professionalism with IT has continued to develop. Given that the capability of an organisation’s IT assets have improved with time, it is inevitable that an ICT professional encounters new challenges. In this report we examine contemporary challenges facing the ICT professional. 

Approach

Briefing papers were prepared in the key challenge areas of Cloud Computing Adoption, Cloud Computing Security, Big Data, Cybercrime and Disaster Recovery. These briefing papers along with other key topics related to professionalism in ICT were used to develop interview questions following which an ICT professional with relevant expertise and experience was interviewed. The interview was transcribed, and the collective data was then analysed and synthesized into this report.

INTERVIEW ANALYSIS: Challenges faced by an ICT Professional in the context of Energy Companies

Topic Overview

The project team placed significance on the interaction between the topics selected as interacting challenges faced by ICT professionals from several energy companies. Due to its Big Data collection and reporting to clients on tank installation, Wetstock, tank and line testing and fuel cleaning, Most of them have adopted cloud computing and has a Service Level Agreement (SLA) with AWS. Security in the cloud, as well as in its own network, is an important challenge to address in order to prevent and respond to cybercrime.  Access to company and customer data need to be assured in the context of business continuity and disaster recovery planning mitigates risk in this area.

Cloud Computing Adoption

Cloud computing adoption is increasing, and businesses are being presented with the challenge to make decisions in this area.  According to researchers’ relative advantage, IT capability and top management support are significant factors in the cloud adoption decision. Current research also indicates that within relative advantage, perceived benefits weigh more strongly in the adoption decision than perceived risk.

ICT professionals from several energy companies were asked about both risks and benefits that they considered in cloud adoption. In the technology area, they affirmed a number of aspects of relative advantage highlighting benefits of the deployment model (Hsu et al. 2014), implementation design, scalability, and reliability from a disaster recovery perspective, particularly in regard to data duplication and greater potential for business continuity. They also indicated that potential existed for total cost of ownership to be less in the cloud environment particularly when taking into consideration resource utilisation; however, the evaluation of cost needed to factor in existing infrastructure, project cost and time for return on investment. Most of them also emphasized the importance of considering cloud provider promotions carefully to avoid potential lock-in. In addition, most of the energy companies focused on the human aspect of the decision in regard to the actual evaluation of the business needs and addressing the questions that a business raise.

From an organisation point of view, correlation can be seen with El-Gazzar et al. (2016) in relation to the driver's framework component focussing on both client change management and IT competence and maturity. One of the project managers from the energy companies we interviewed was Steve and he highlighted the potential of cloud computing to release a business’s IT capability to support core business in terms of application support rather than needing to maintain infrastructure and systems, as these become the role of the service provider. The ability to adequately evaluate cloud computing from the perspective of enterprise architecture decisions highlights the need for IT capability in an organisation. Steve gave acknowledgement to the importance of top management support in cloud adoption, but in addition highlighted the need to engage the whole of the organisation from a change management perspective from a bottom-up perspective. In this area, Steve highlighted the potential risk related to low change tolerance and the need to address the concerns of staff around change, particular when they are comfortable with an existing system. This aligns with the findings of Fan et al (2015) in regard to the impact of status quo on cloud adoption in such cases.

In regard to most of the energy industry perspective and also from a business environment perspective, Steve indicated that movement to cloud computing and big data was necessary from the perspective of competitive pressures within the industry. This is an important consideration for business when considering adoption of innovative technologies. (Tornatzky and Fleischer, 1990).

Cloud Computing Security

When discussing the important issue of security in Cloud Computing, Steve used an example that security and accessibility in the cloud is based on trust with the service provider. He illustrated that if he took ten dollars from his pocket and put it in another person's pocket to secure for him, does he still maintain control over the money. Similarity, these concerns are mentioned in the work of Brokdin (2008), Padhy, Patra & Satapathy (2011) and Sun et al. (2014). They point out that cloud users really do not know where data is actually located and worry about the privacy of this data storage in the cloud. To ensure security and accessibility of data, Padhy, Patra & Satapathy (2011) recommend users to use methods such as authentication, data encryption, and identity management to ensure a user's access. Steve is in agreement with them in using strong passwords and changing them frequently as a great to protect information. Moreover, SSL, Tunneling Protocol are current and common security methods addressed by Steve, one of the project managers at a leading energy company and in this way align with the work of Padhy, Patra & Satapathy (2011), Sun et al. (2014) and AlJadaani et al. (2016). However, Steve's makes a new point of concession in the interview when he indicates a business must choose whether to prioritise the security of data or the convenience of data accessibility. This point highlights the direct experience of a CIO with competing demands at a business level versus best practice adopted by researchers based on theory.

In regard to terms in a contract between businesses and providers, Steve indicates that security and protection of information is an important aspect of the service level agreement (SLA) as well as availability level, maintenance of data access and cost. However, Padhy, Patra, and Satapathy (2011) purport that businesses struggle to evaluate the SLAs of vendors, as vendors tend to shield themselves against legal regulations and offer minimal insurance to customers. Therefore, it’s very important for users to examine the terms of an SLA related to data security before signing the contract. As Steve indicates in relation to data recovery, you don't want to end up in a situation where you 'put all of your data on [a] system, but the moment you want to leave, [they won't] give you it back.' Kumar and Arri (2013) address this issue; however they put emphasis on technical mechanisms to recover data.

In considering business versus service provider data backup, Steve claims that with maturely engineered infrastructure and architecture, information should be distributed in such a way that it should not matter if a single system is unavailable. This appears to be an important strategy to recover data compared to the research reviewed during this project.

Big Data

Big Data analytics deals with data that is high speed, high volume and unstructured. When asked to mention about reports and data collected by energy companies, Steve described the HDSIRA (High Definition Statistical Inventory Reconciliation Analysis) service. This involves a probe that is installed in underground fuel storage tanks of petrol stations. The probe sends data every 5 minutes regarding tank state observations. Tank state observation means volume in the tank, temperature of the tank, volume of water in tank, etc. This data is high volume, high speed and in a different format to other manual readings. This service is a good use of big data analytics as trends and early warning indicators can be detected. Using the HDSIRA service, leaks in tanks can be detected through data collected at five-minute intervals versus daily measures. Therefore, one of the big advantages of big data is on-time diagnosis. Khazaei et al (2014) describes a similar solution at NICU department which analyses data from heart rate monitors, ECG’s and other monitors of newborn babies, where data collected by sensors helps in early onset detection of conditions and disease prevention.

Krishnan (2016) explains about savings in health care through reduction in readmission by correct diagnosis and disease management in hospitals supported by a Big Data solution. Similarly, Steve elaborated on the benefits Big Data provides to his company’s clients through predicting ‘days to stock out’; based on past usage, if the service station fuel tank is not refilled. This predictive analysis achieved can help service station owners to refill their tanks on time and prevent loss of business. The benefits achieved can outweigh the cost of implementation; however Steve indicated that the solution required needs to be robust. Using unstructured data and the need to ensure business continuity adds to the costs as where data is flowing fast, outages need to be dealt with rapid response times. Whilst the cost factor is higher than normal analytics the cost benefits, like predictive analysis and early diagnosis, can bring significant savings to clients. Dhar (2014) also states that predictive analysis can help in minimising risks and but one has to consider the costs of wrong predictions as well. Even though more expensive than normal analytics, it can provide higher benefits and reduce operational losses.

Risk of Cybercrime

On the question of when energy companies felt that cybercrime was becoming a serious threat and a need existed for preventative measures, Steve used the example of his two-year-old daughter becoming aware of the risk of crossing a road compared to his own experience. The point he drew on was that business people are focused on the business goal and the benefits that innovation technology brings; however the ICT professional should bring knowledge of the risk that might be associated with it. Steve’s view is that business start off being ignorant to risks of cybercrime but as their technology understanding matures, they can become more aware of escalating cybercrimes levered at their peers or possibly themselves. It is not until then that a business will consider implementing preventative measures against cybercrime.

Risks of cybercrime to business do not only come from technology alone, Steve highlights with an example at his previous place of work where the computer system was compromised by the behaviour of its employees. He accepts that people should not share their passwords and that it is still an existing challenge for the energy industry. In fact the rules for changing passwords at most of the energy companies has become less stringent over the years and Steve attribute this to the organisation’s view that the ability of a business to function efficiently may supersede the security risk and that the businesses may need to balance competing demands. Different businesses will have different perception to securing user passwords. In an age where mere passwords is viewed as inadequate, it is not surprising that 91% of organizations interviewed have engaged advanced authentication to improve their business practice by improving trust with customers and business partners (PWC, 2016, p. 8)  

Steve predicts future cybercrime risks for energy companies will come from the mobile domain as employees exchange data between devices especially in the context of the merging of work and personal data on them. This is in line with the challenges that professionals will face with the explosive uptake will the Internet of Things (Goodman, 2015).

Disaster Recovery Planning

In a knowledge economy people are heavily reliant on intangible assets and they face many discrepancies over data and backup if they do not have a well-prepared disaster recovery plan (DRP). In addressing disaster recovery planning, Steve elucidates the importance of business recovery and emphasizes business continuity. He highlights that a business evaluates the disaster recovery needs of various systems from this perspective and argues that one method of implementing disaster recovery is for the business to have an automatic failover. This is true in that sense that this can allow for business continuity when there is insufficient time for a full disaster recovery process. However, Corrigan (2007) indicates even the most thoroughly developed DRP cannot account for secondary shocks or unexpected challenges following a disaster. Therefore, businesses still need to employ systematic plans for disaster recovery.

Steve reported tapes were previously mainstream, however with technological advancements you have hard disks and even online based drives. This has led to evolution of off-site storage facility for backup information with cloud data center becoming mainstream. In order to prepare and mitigate the risk efficiently, backup sites should be located over ten kilometers away from operational storage. Choy et al. (2000) reported that well-rounded knowledge backup and restoration approach that incorporates offsite tape storage, online backup and knowledge restoration, among other elements, dramatically reduces the risk of downtime and rapidly enables business continuity following a disaster.

Steve acknowledged that most of the energy companies DRP remains untested, further indicated only two major incidents requiring DR had occurred; however his experience at NAB included practice twice a year and Amazon, his companies cloud provider, tests its recovery plans frequently. Technically, to implement an effective DRP, a business should do trial tests when implementing their DRP to overcome any repercussions incurred in the testing process and to ensure the feasibility of the plan.

In indicating that most of the energy companies hasn't tested its DRP and doesn't have training programs associated with disaster recovery and places its 'trust in the people that you empower to do the job' Steve is alluding to the reality that in a business environment, knowledge of best practice and risk management is somewhat an ideal and whilst all attempts should be made to adopt these, businesses also need to prioritise resource allocation and value entrusted staff to provide mitigation within these constraints.

Professionalism, Ethics, Skills Frameworks, Governance and Legal Implication for ICT Professionals

Professionalism and the ACS

Steve indicated a belief that whilst the ACS is effective in providing resources, it is currently ineffective in encouraging professional behaviour from its members. He notes that the minimum requirements for other similar professions do not exist in the ACS. If such standards were implemented it will definitely encourage professionalism. In addition, Steve thought that whilst legislation exists for the protection of personal information, it is worthwhile for these businesses’ systems to be audited to ensure that they comply with the minimum legal standards. He believes that a lot of existing companies do not aspire to properly protect their clients’ private data. 

Ethics in ICT

Regarding ethics in ICT, Steve concentrated his response on behaviour in a business context around the use of client data. Beyond privacy legislation, Steve indicated that a client's data should only be shared and used in a way expected by the client, specifically indicating that providing data to customer’s competitor with advantages is unethical. Across the interview, Steve’s understanding and application of ethics is seen to align with Australian Privacy Principles (OAIC, 2014) and the ACS Code of Ethics (ACS, 2014).

Governance

Felstead (2016), in the context of IT Governance quoted a former CEO of GE, Jack Welch, saying 'If you don't measure it, you can't manage it'. Steve strongly affirmed this statement, both from measuring system performance (e.g. availability, load, mining error logs) and staff performance (e.g. resource allocation) within energy companies. Governance in terms of measurement and management was further evidenced when Steve emphasised a mature approach of measuring the effort required in the cloud adoption process and monitoring that benefits are actually achieved post deployment. Throughout the interview Steve placed weight and value on the interaction of business and human element within his work as an ICT professional. By the display of his attitude and professionalism in this area, Steve is seen as capable of managing the diversity that his team and business presents.

Skills Framework

When asked about frameworks to evaluate the capability ICT professionals in his team, Steve indicated that technology is moving at a fast pace and rather than a specific framework tool, such as the Skills Framework for the Information Age (SFIA Foundation, 2011), the business IT strategy is used to monitor the skillset, with a particular focus on innovation and commercial benefits to the business this in turn links to training opportunities resulting from the identification of skills gaps. Steve indicated here the integral link between business strategy and IT strategy.  

Legal

When asked about the impact of legal issues in IT, Steve provided an example from NAB misrepresenting level of risk, which resulted in a downgraded rating, which in turn impacted on business earnings. Whilst Steve's example was not directly related to IT, the same principles could be applied to legal issues around an SLA with a cloud service provider.

CONCLUSION

There are a diverse range of challenges confronting the ICT professional and this project is limited in scope by only being able to address a few of these. Similarly the project is qualitative in nature and limited to the reflections of only one ICT professional across the interview questions. Since we believe putting all of their interpretations might direct the project scope to another direction. Hence why we cannot embrace all the happening around the world and narrow it down to one individual for this project. Yet for the project team there has been considerable value in being able to contextualise our topic research to the business realities that an ICT professional must face.

The range of topics we chose form important challenges that technology and innovation focused businesses must address. Many companies are adopting and evaluating cloud computing. Hence, security and protection of data on cloud computing is an important issue. Relevant research and interview also show that most of the Big Data solutions run on cloud-based architecture. Cybercrime and Disaster Recovery are always relevant, although evolving over time, and are actively addressed by cloud service providers and clients. Thus, there is interrelation between the diverse topics studied by us and they are also relevant for applications like the Internet of Things (IoT).

In addressing questions on our topic, alignment with research was frequently found. However, whilst the challenge topics are technical in nature and require the skill set of the ICT professional, working as part of a team of people in a business operational sense came to the fore in our interview with Steve. His presence as a CIO, with the attitudes and ethical values that he holds can be seen as having positive impact on the group professional culture of ICT professionals internal to his workplace, perhaps in a more significant sense that the ACS, which is external. A constant need to balance knowledge of best practice with the realities of business continuity emerged as a strong theme, with the need to balance both risk management and change management in this context. The ICT professional is seen as bringing awareness to these issues but must consider business tolerance and potentially negotiate a path to adequately address them.

Acknowledgements

Our thanks go to Steve Rose, who as an interviewee provided a depth of expertise to assist us in our research.

REFERENCES

AlJadaani, S, AlMaliki, M, AlGhamdi W & Hemalatha, M 2016, ‘Security Issues in Cloud Computing’, International Journal of Applied Engineering Research, vol. 11, no. 12, pp. 7669-7671.

Australian Computer Society 2014, ACS Code of Ethics, Australian Computer Society, viewed 10 October 2016, <https://www.acs.org.au/content/dam/acs/acs-documents/Code-of-Ethics.pdf>

Brodkin, J 2008, ‘Gartner: Seven cloud-computing security risks’, Infoworld, July, pp. 1-2.

Corrigan, A 2007, 'Disaster: response and recovery at a major research library in New Orleans', Library Management, vol. 29 no. 10, pp. 293-305.

Choy, M, Leong, HV & Wong, MH 2000, 'Disaster recovery techniques for database systems', Communications of the ACM, vol. 43, no. 11 pp. 272-280.

Dhar, V 2014, 'Big Data and Predictive Analytics in Health Care', Big Data, vol. 2 no. 3, pp.113-116.

Eastwood, B 2013, '6 Big Data Analytics Use Cases for Healthcare IT', CIO, viewed 6 September 2016, <https://www.cio.com/article/2386531/healthcare/healthcare-6-big-data-analytics-use-cases-for-healthcare-it.html>.

El-Gazzar, R, Hustad, E, & Olsen, DH 2016, 'Understanding cloud computing adoption issues: A Delphi study approach', Journal of Systems & Software, vol. 118, pp. 64-84.

Fan, Y-W, Wu, C-C, Chen, C-D, & Fang, Y-H 2015, 'The effect of status quo bias on Cloud System Adoption', The Journal of Computer Information Systems, vol. 55, no. 3, pp. 55-63

Felstead, C 2016, ‘What makes a technology professional – A CIOs Prespective', ICT80008 Professional Issues in IT, Learning materials on Blackboard, Swinburne University of Technology, 8 August, viewed 10 August 2016.

Goodman M, 2015, ‘Security Expert Marc Goodman on Cyber Crime’, CIO Journal, viewed 7 October 2016, <https://deloitte.wsj.com/cio/2015/05/12/security-expert-marc-goodman-on-cyber-crime/>.

Hsu, P-F, Ray, S, & Li-Hsieh, Y-Y 2014, 'Examining cloud computing adoption intention, pricing mechanism and deployment model', International Journal of Information Management, vol. 34, no. 4, pp. 474-478.

Khazaei, H, McGregor, C, Eklund, M, El-Khatib, K, Thommandram, A, 2014, ‘Toward a Big Data Healthcare Analytics System: a Mathematical Modeling Perspective’, 2014 IEEE 10th World Congress on Services, pp. 208-215.

Krishnan, S 2016, 'Application of Analytics to Big Data in Healthcare', 2016 32nd Southern Biomedical Engineering Conference (SBEC), pp. 156-157.

Kumar, P & Arri, HS 2013, ‘Data location in cloud computing’, International Journal for Science and Emerging Technologies with Latest Trends, vol. 5, no. 1, pp. 24-27.

Marr, B. (n.d.), 2016, 'Big data in practice'.

Neef D 2014, 'Digital Exhaust, What Everyone Should Know About Big Data, Digitization and Digitally Driven Innovation'.

Office of the Australian Information Commisioner 2014, Australian Privacy Principles, Australian Government, viewed 10 October 2016, <https://www.oaic.gov.au/privacy-law/privacy-act/australian-privacy-principles>

Padhy, RP, Patra, MR & Satapathy, SC 2011, ‘Cloud computing: security issues and research challenges’, International Journal of Computer Science and Information Technology & Security, vol. 1, no. 2, pp. 136-146.

PWC, 2016, ‘Turnaround and transformation in cybersecurity: key findings from The Globe State of Information Security Survey 2016’ pp. 1-29.

Rahman, F., 2016, 'Application of Analytics to Big Data in Healthcare Analytics – Prospects and Challenges', 2016 IEEE-EMBS International Conference on Biomedical and Health Informatics (BHI), pp. 13-16.

SFIA Foundation 2011, ' Skills Framework for the Information Age: SFIA 5 framework reference', SFIA Foundation viewed 22 August 2016, <https://iitp.nz/upload/files/SFIA5ref.en.r4.pdf>

Sun, Y, Zhang, J, Xiong, Y & Zhu, G 2014, ‘Data Security and Privacy in Cloud Computing’, International Journal of Distributed Sensor Networks, 2014, pp. 1-9.

Ta V., Liu C., and Nkabinde, G., 2016, 'Big data stream computing in healthcare real-time analytics', 2016 IEEE International Conference on Cloud Computing and Big Data Analysis (ICCCBDA), pp. 37-42.

Tornatzky, LG & Fleischer, M 1990, The Processes of Technological Innovation, Lexington Books, Lexington, MA.