Tuesday, October 09, 2018

How a Widely Distributed Dental Firm Protects Sensitive Data While Making It Highly Available

Transcript of a discussion on how a rapidly growing dental services company combined hyperconverged infrastructure with advanced security products to efficiently gain data availability, privacy, and security.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: Bitdefender

Dana Gardner: Welcome to the next edition of the BriefingsDirect  podcast series. I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host and moderator.

Gardner
Modern dentistry depends on more than good care. It also demands rapid access to data and applications. For a rapidly growing dental services company -- consisting of hundreds of dental offices spread across 10 American states -- the task of managing all of its data availability, privacy, and security needs started out as complex and costly.

The next BriefingsDirect security innovations discussion examines how Great Expressions Dental Centers found a solution by combining hyperconverged infrastructure (HCI) with advanced security products.

Here to share the story of how to best balance data compliance and availability requirements via modern IT infrastructure is Kevin Schokora, Director of IT Operations at Great Expressions Dental Centers in Southfield, Michigan.

Welcome to BriefingsDirect, Kevin.

Kevin Schokora: Thank you, Dana.

Gardner: What makes Great Expressions Dental Centers unique? How does that impact your ability to deliver data wherever your dentists, staff, and patients need it with the required security?

Schokora
Schokora: Our model is based on being dispersed in multiple states. Across those sites, we have many software packages that we have to support on our infrastructure. Based on those requirements, we were afforded an excellent opportunity to come up with new solutions on how to meet our patients’, doctors’, and customers’ needs.

Gardner: You have been in business since 1982, but you have really expanded a lot in the past few years. Tell me about what’s happened to your company recently.

Schokora: We found our model was ripe for success. So we have experienced tremendous growth, expanding to 275-plus sites. And going forward, we expect to expand by 62 to 100 new sites every year. That is our goal. We can do that because of the unique offerings we have, specifically around patient care and our unique software.

Gardner: Not only do you have many sites, but you allow your patients to pick and choose different sites -- if they need to cross a state border or move around for any reason, but that wide access requires you to support data mobility.

Snowbird-driven software

Schokora: It does. This all came about because, while we were founded in Michigan, some of our customers go to Florida for the winter. Having had a dental office presence in Florida, they were coming to our offices there and asking for the same dental care that they had received in Michigan.

So, we expanded our software’s capabilities so that when a patient has an appointment in another state, the doctor there will have access to that patient’s records. They can treat them knowing everything in the patient's history.

Gardner: Who knew that snowbirds were going to put you to the test in IT? But you have come up with a solution.

Schokora: We did. And I think we did well. Our patients are extremely happy with us because they have that flexibility.

Gardner: In developing your solution, you leveraged HCI that is integrated with security software. The combination provides not only high availability and high efficiency, but also increased management automation. And, of course, you’re able to therefore adhere to the many privacy and other compliance rules that we have nowadays.

Tell us about your decision on infrastructure, because, it seems to me, that’s really had an impact on the end-solution.

We were able to go from five server racks in a co-location facility down to one -- all while providing a more consistent services delivery model. We have been able to grow and focus on the business side.
Schokora: It did, and the goal was always to set ourselves up for success so that we can have a model that would allow growth easily, without having huge upticks in cost.

When we first got here, growing so fast, we had a “duct tape solution” of putting infrastructure in place and doing spot buys every year to just meet the demands and accommodate the projected growth. We changed that approach by putting a resource plan together. We did a huge test and found that hyperconverged would work extremely well for our environment.

Given that, we were able to go from five server racks in a co-location facility down to one – all while providing a more consistent services delivery model. Our offices have been able to grow so that the company can pursue its plans without having to check back and ask, “Can the IT infrastructure support it?”

This is now a continuous model. It is part of our growth acquisition strategy. It's just one more check-box where we don't have to worry about the IT side. We can focus on the business side, and how that directly relates to the patients.

Gardner: Tell us about the variety of data and applications you are supporting for all 275 sites.

Aligning business and patient records

Schokora: We have the primary dentistry applications, and that includes x-rays, patient records, treatment plans, and all of the various clinical applications that we need. But then we also have cumbersome processes – in many cases still manual – for coordinating that all of our patients’ insurance carriers are billed properly. We have to ensure that they get their full benefits.

Anywhere we can, we are targeting for more provider-payer process automation, to ensure that any time we bill for services or care, it is automatically processed.  That level of automatic payments eliminates the touch points that we would have to do manually or through a patient.

And such automation allows us, as we scale and grow, to not have to add as many full-time employees. Our processes can scale in many cases by leveraging the technology.

Gardner: Another big part of the service puzzle is addressing privacy and compliance issues around patient information. You have to adhere to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Payment Card Industry Data Security Standard (PCI DSS) nowadays. What were your concerns were when it came to balancing the availability of data with these compliance requirements?

Schokora: We had to ensure from an infrastructure perspective that we afford all of our customers -- including the software applications development team -- a platform that they can have confidence in, and we had to earn their trust. To that end, the HCI approach allowed us the capability to use encryption at rest, which is a huge component for compliance for HIPAA, PCI, and things of that nature.

The other benefit was to move our entire environment -- what I call a forklift of our entire data center. That allowed us to then review what I would call the sins of our past to ensure that any of that cobbled-together infrastructure is built with the security needed to meet all of the requirements of the customer. We can now plan on a top-down basis.

We just completed this project and we have made a lot of changes to that model to support a better and more secure infrastructure.

Gardner: Before you had a Swiss army knife approach to security. What was the problem with that approach? And what kind of performance tax came with that?

HCI scalability adds value

Schokora: To meet the needs of the business at the time, the Swiss army knife approach took us far. But as we ramped up our acquisition strategy and expanded Great Expressions, we found that this was not scalable to achieve our new business needs.

We needed to look at a couple of key pieces. One was automation, and two was how we revolutionized how we do things. Once we looked at HCI and saw the differences in how we used to do things – it was an easy decision.

We put our new plan through a proof of concept (POC) test. I had some people who were heavily invested in our former technology, but they begged for this new technology. They wanted to use it. They saw how it translated into a value-add for the customers.

Gardner: What was the story behind the partners and technology you chose?

The one thing that really stood out for us with Nutanix was their customer approach, their engagement, and how they ensured that they are a partner with us. They were there hand-in-hand with us.
Schokora: We looked at three different vendors. We were an existing VMware customer, so we looked at their solution. We looked at Hewlett Packard Enterprise (HPE) SimpliVity, and we looked at Nutanix. They were all very similar in their approach, they all had their strengths.

The one thing that really stood out for us with Nutanix was their customer approach, their engagement, and how they ensured that they are a partner with us. They showcased this through the POC process, throughout testing the equipment and environment. They were there, hand-in-hand with us, responding to our questions -- almost ad nauseam. They ensured that customer experience for us, just to make sure that we were comfortable with it.

They also had their own hypervisor, what all their virtual machines rest on; same as VMware has their own. There were some benefits in moving with that, and it also aligned into our backup strategy, with the product we use called Rubrik.

So given all of this, as a complete package, we felt that this was an opportunity that could not be passed up on. When we wrote the business case -- and this was the easy part at that point, showcasing the benefits over five years -- this solution easily won out from a cost perspective and aligned with the business requirements of growth. That alignment supported our whole business, not just IT. That was also critical.

Gardner: How quickly were you able to do the migration? How did it go across 275 sites and 4,000-plus workstations, laptops, and other client devices?

Well-managed migration

Schokora: This required a lot of testing. This was about us going through with planning, with the test migrations, working with our users to have maintenance windows, so that once we did move we could execute a fully developed test plan to ensure that our customers also signed off on, “Okay, yes, this works for me, this meets my requirements.” I thought that was key as well.

Going through it, we did experience some hiccups, things that impacted project events, and so we had to adjust our timelines. We still finished it before we thought we would. We were on a pace to beat our timelines by half.

Gardner: Wow.

Schokora: Yeah. It was great. We were moving at this rapid pace and then we discovered that there were some issues or some errors happening in some of our virtual servers and some of the ones that were rather big, and this kind of showcases that support from Nutanix.

So we had Nutanix on the phone. They were with us every step of the way. They took our logs and they evaluated them, and they quickly issued out patches to address some of the things that they noticed that could be better within their migration tool. So we had a positive effect on Nutanix as well, recognizing some of their opportunities and them quickly addressing them.

Once we implemented this new tool that was provided to us, we were able to move some of our extremely large systems over without impacting the customer outside of our maintenance windows. And we are talking, not necessary petabytes, but very close to it, with database servers and customer entry points into our dental software.

Gardner: And this is for 2,400 employees, but you only have an IT staff of 30 or so people?

Schokora: Correct. And you will hear the A word a lot: Automation. While we had some late nights, given the tools and some of the automation techniques that the vendors use, specifically Nutanix, we were able to get this done with limited staff and with the result of our board of directors personally thanking us, which was great.

Gardner: Not only did you consolidate and modernize your infrastructure, but you in a sense consolidated and modernized your approach to security, too. How did the tag team between Nutanix and your security vendor help?

A secure solution

Schokora: From a security perspective, we chose -- after a lengthy process of evaluation -- a Bitdefender solution. We wanted to attack our endpoints and make sure that they were protected, as well as our servers. In addition to having a standardized methodology of delivering patches to both endpoints and to servers, we wanted an organization that integrated with Nutanix. Bitdefender checked off all of those boxes for us.

So far the results have been fairly positive to overwhelmingly positive. One thing that was a positive -- and was a showstopper with our last vendor -- was that our file server was so big. We needed to resolve that. We couldn’t run our antivirus or anti-malware security software on our file server because it made it too slow. It would bog down, and even as we worked with the vendor at the time we could not get it passed to “green.”

With Bitdefender, during our POC, we put it on the [file server] just to test it and our users had no impact. There were no impacting events, and we were now protected against our biggest threats on our file server. That was one of the clear highlights of moving to a Bitdefender solution.

Gardner: And how important was Bitdefender’s integration and certification with Nutanix?

The integration between Nutanix and Bitdefender put them ahead. Leveraging encryption at rest was a huge win for us from a compliance standpoint.
Schokora: It was one of the strengths listed on the business case. That integration between Nutanix and Bitdefender was not a key decision point, but it was one of those decision points that if it was close between two vendors it would have put Bitdefender ahead. It just so happened, based on the key decision points, that Bitdefender was already ahead. This was just another nice thing to have.

Gardner: By deploying Bitdefender, you also gained full-disk encryption. And you extended it to your Windows 10 endpoints. How easy or difficult was it?

Schokora: Leveraging encryption at rest was a huge win for us from a compliance standpoint. The other thing about the workstations and endpoints was that our current solution was unable to successfully encrypt Windows 10 devices, specifically the mobile ones, which we wanted to target as soon as possible.

The Bitdefender solution worked right out of the box. And I was able to have my desktop support team run that project, instead of my network operations team, which was hugely critical for me in leveraging labor and resources. One team is more designed for that kind of “keep the lights on” activity, and not necessarily project-based. So I was able to leverage the project-based resources in a more efficient and valuable way.

Gardner: It sounds like you have accomplished a lot in a short amount of time. Let’s look at some of the paybacks, the things that allowed you to get the congratulations from your board of directors. What were the top metrics of success?

Timing is everything

Schokora: The metrics were definitely based on timing. We wanted to be wrapped up by the end of June [2018] in support of our new enterprise resource planning (ERP) system. Our new ERP system was going through testing and development, and it was concluding at the end of June. We were going for a full roll-out for our Michigan region at that time. The timing was critical.

We also wanted to make sure there were no customer-impacting events. We wanted to ensure that all of our offices were going to be able to provide patient care without impact from the project that was only going to be deployed during scheduled maintenance hours.

We were able to achieve the June timeframe. Everything was up and running on our new Nutanix solution by the third week of June. So we even came in a week early, and I thought that was great.

We had no large customer-impacting events. The one thing we will own up to is that during our IT deployment and maintenance window, the applications development team had some nightly processes that were impacted -- but they recovered. All cards on the table, we did impact them from a nightly standpoint. Luckily, we did not impact the offices or our patients when they wanted to receive care.

Gardner: Now that you have accomplished this major migration, are there any ongoing operational paybacks that you can point to? How does this shakeout so far on operational efficiency measurements?

Schokora: We now have had several months of measurements, and the greatest success story that we’ve had on this new solution has been a 66 percent cut in the time it takes to identify and resolve incidents when they happen.

If we have slow server performance, or an impacting event for one of our applications, this new infrastructure affords us the information we need to quickly troubleshoot and get to the root cause so we can resolve it and ensure our customers are no longer impacted.

That has occurred at least five times that I can recall, where the information provided by this hyperconverged solution and Bitdefender have given us the ability to get our customers back on track sooner than we could on our old systems.

Gardner: And this is doing it all with fewer physical racks and fewer virtual servers?

Schokora: Yes. We went from five racks to one, saving $4,000 a month. And for us that’s real money. We also do not have to expand personnel on my network operations team, which is also part of infrastructure support piece.

Now, as we’re preparing for even more expansion in 2019, I’m not going to have to ask for any additional IT personnel resources. We are now attacking things on our to-do lists that had always been pushed back. Before the “keep the lights on” activities always took priority. Now, we have time back in our days to proactively go after those things that our customers request from us.

Gardner: Because you have moved from that Swiss army knife approach, are there benefits from having a single pane of glass for management?

Know who and what’s needed

Schokora: Based on having that single pane of glass, we are able to do better resource evaluations and forecasting. We are better able to forecast availability.

So when the business comes back with projects -- such as improved document management, which is what’s currently being discussed, and such as a new learning management system from our training department -- we are able to forecast what they will demand from our systems and give them a better cost model.

From an automation standpoint, we are now able to get new virtualized servers up within seconds, whereas it used to take days. We have a window into more metrics, and are in a better place as we migrate off of legacy systems.
From an automation standpoint, we are now looking at how to get new virtualized servers up within seconds, whereas it used to take days. From a support of legacy systems standpoint, now that we have a window into more metrics, we are in a better place as we migrate off. We are not having lingering issues when we are moving to our new ERP system.

All of these things have been the benefits that we have reaped, and that’s just been in two months.

Gardner: Looking to the future, with a welcome change in emphasis away from IT firefighting to being more proactive, what do you see coming next?

Schokora: This is going to directly translate into our improved disaster recovery (DR) and business continuity (BC) strategies. With our older ERP system and that Swiss army knife approach, we had DR, but it was very cumbersome. If we ever had a high-impact event, it would have been a mad scramble.

This new solution allows us to be able to promise our customers a set schedule, that everything will be up in a certain number of days or hours, and that all critical systems will be online to meet their requirements. We never really had that before. It was hopes and prayers without concrete data behind how long we would need to get back up.

From a business continuity standpoint, the hyperconverged solution affords us the flexibility to leverage a hybrid cloud, or a secondary data center, in a way that my technicians feel, based on their testing, will be easier than our older approach.

Now, we haven’t done this yet. This is more for the future, but it is something that they are excited about, and they feel is going to directly translate into a better customer experience.

Being able to have Bitdefender provide us that single pane of glass for patching and to get critical patches out quickly also affords us the confidence in our compliance. For the latest assessment we had, we passed with flying colors.

There are some gaps we have to address, but there are significantly fewer gaps than last year. And other than some policies and procedures, the only thing we changed was Bitdefender. So that is where that value-add was.

Gardner: Any words of advice now that you have been through a really significant transition -- a wholesale migration of your infrastructure, security, encryption, new ERP system, and moving to a better DR posture. What words of advice do you have for other folks who are thinking of biting off so much at once?

Smooth transition tips

Schokora: Pick your partners carefully. Engage in a test, in a POC, or a test plan. Ensure that your technicians are allowed to see, hear, touch and feel every bit of the technology in advance.

Do yourself a favor and evaluate at least three different solutions or vendors, just so that you can see what else is out there.

Also, have a good relationship with your business and the business representation. Understand the requirements, how they want to accomplish things, and how you can enable them – because, at the end of the day, we can come up with the best technical solutions and the most secure. But if we don’t have that business buy-in, IT will only fail.

Gardner: I’m afraid we will have to leave it there. You’ve been listening to a sponsored BriefingsDirect discussion on how Great Expression Dental Centers combined hyperconverged data centers with advanced security products to solve their security and data-availability needs.

And we’ve learned how balancing compliance and availability requirements with new modern IT infrastructure can provide for greater automation, IT staff productivity, and allow for broad improvements in a very short amount of time.

Please join me in thanking our guest, Kevin Schokora, Director of IT Operations at Great Expressions Dental Centers in Southfield, Michigan. Thank you so much, Kevin.

Schokora: Thank you.

Gardner: I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host and moderator for this ongoing series of BriefingsDirect discussions.

Do follow me please on Twitter @Dana_Gardner and find more security focused podcasts at briefingsdirect.com. A big thank you also to our sponsor, Bitdefender, for supporting these presentations. A big thank you as well to our audience for joining. Please pass this on to your IT community, and do come back next time.
 
Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: Bitdefender

Transcript of a discussion on how a rapidly growing dental services company combined hyperconverged infrastructure with advanced security products to efficiently gain data availability, privacy, and security. Copyright Interarbor Solutions, LLC, 2005-2018. All rights reserved.

You may also be interested in:

Thursday, October 04, 2018

The Open Group Digital Practitioner Effort Provides Guidance to Ease the People Path to Digital Business Transformation

Transcript of a discussion on how The Open Group is closing the gap between IT education, business methods, and what it takes as a culture to succeed over the next decade.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: The Open Group.

Dana Gardner: Hello, and welcome to a special BriefingsDirect thought leadership panel discussion on the creation of new guidance on how digital business professionals should approach their responsibilities.

Gardner
Perhaps more than at any time in the history of IT, those tasked with planning, implementation, and best use of digital business tools are being transformed into a new breed of digital practitioner.

We will now explore how The Open Group is ambitiously seeking to close the gap between IT education, business methods, and what it will take to truly succeed at work over the next decade.

I’m Dana Gardner, Principal Analyst at Interarbor Solutions, and I’ll be your host and moderator as we now examine digital business transformation -- and what it will take to prepare the next generation of enterprise leadership.


Please join me now in welcoming our panel, Venkat Nambiyur, Director of Business Transformation, Enterprise, and Cloud Architecture at Oracle. Welcome, Venkat.

Venkat Nambiyur: Thank you, Dana. It’s good to be here.

Gardner: We are also here with Sriram Sabesan, Consulting Partner and Digital Transformation Practice Lead at Conexiam. Welcome, Sriram.

Sriram Sabesan: Good morning. It’s good to be here.

The panel examines digital transformation -- and what it will take to prepare the next generation of enterprise leadership.
Gardner: We are here with Michael Fulton, Associate Vice President of IT Strategy and Innovation at Nationwide and Co-Chair of The Open Group IT4IT™ Forum. Welcome, Michael.

Michael Fulton: Thanks for having me.

Gardner: And we’re joined by David Lounsbury, Chief Technical Officer at The Open Group. Welcome back, David.

David Lounsbury: Thank you, Dana. I’m happy to be here.

Gardner: David, why is this the right time to be defining new guidance on how IT and digital professionals should approach their responsibilities?

Body-of-knowledge building

Lounsbury: We had a presentation by a couple of Forrester analysts about a year ago at a San Francisco meeting of The Open Group. They identified a change in the market.

Lounsbury
We were seeing a convergence of forces around the success of Agile as a product management methodology at the edge, the increased importance of customer experience, and the fact that we have radically new and less expensive IT infrastructure and IT management approaches, which make this all happen more at the edge.

And they saw this change coming together into a new kind of person who’s ready to use digital tools to actually deliver value to their businesses. They saw this as a new part of transformation. The Open Group looked at that challenge and stepped up to define this activity, and we created the Digital Practitioners Work Group to bring together all of the necessary factors.

Those include an emphasis on customer experience, to manage digital delivery, to manage digital products, and the ability to manage digital delivery teams together. We want to build one body of knowledge for how to actually be such a digital practitioner; what it means for individuals to do that. So the people on this podcast have been working in that group toward that objective since then.

Gardner: Is this digital practitioner position an expansion of an earlier category, such as enterprise architect, chief information officer (CIO), or chief technology officer (CTO)? Or is it something new? Are we transitioning, or are we starting fresh?

Sabesan
Sabesan: We are in the middle of transitioning, as well as creating something fresh.  Through the last few decades of computing change, we had been chasing corporate-efficiency improvement, which brought in a level of rigidity. Now, we are chasing individual productivity.

Companies will have to rethink their products. That means a change will have to happen in the thinking of the CIO, the chief financial officer (CFO), the chief marketing officer (CMO), and across the full suite of chief executives. Many companies have dabbled with the new role of a Chief Digital Officer (CDO) and Chief Data Officer (CDO), but there has been a struggle of monetization and of connecting with customers because loyalties are not as [strong as] they used to be.

We are creating guidance to help people transition from old, typical CIO and CFO roles into thinking about connecting more with the customer, of improving the revenue potentials by associating closely with the productivity of the customers, and then improving their productivity levels.

Lead with experience

Nambiyur: This is about leadership. I work with Oracle Digital, and we have worked with a lot of companies focused on delivering products and services in what I call the digital market.

Nambiyur
They are all about experiences. That’s a fundamental shift from addressing specific process or a specific capability requirement in organizations. Most of the small- to medium-sized business (SMB) space is now focused on experiences, and that essentially changes the nature of the dialogue from holistic to, “Here’s what I can do for you.”

The nature of these roles has changed from a CIO, a developer, or a consumer to a digital practitioner of different interactions. So, from my perspective at Oracle, this practitioner work group becomes extremely important because now we are talking in a completely different language as the market evolves. There are different expectations in the market.

Fulton: There are a couple of key shifts going on here in the operating model that are driving the changes we’re seeing.

First and foremost is the rapid pace of change and what’s happening in organizations and the marketplace with this shift to a customer focus. Businesses require a lot more speed and agility.

Historically, businesses asked IT to provide efficiency and stability. But now we are undergoing the shift to more outcomes around speed and agility. We are seeing organizations fundamentally change their operating models, individual skills, and processes to keep up with this significant shift.

The other extremely interesting thing we’re seeing are the emerging technologies that are now coming to bear. We’re seeing brand-new what’s possible scenarios that affect how we provide business benefits to our customers in new and interesting ways.

We are getting to a much higher bar in the context of user experience (UX). We call that the Apple- or Amazon-ification of UX. Organizations have to keep up with that.

The technologies that have come up over the last few years, such as cloud computing, as well as the near-term horizon technologies, things like quantum computing and 5G, are shifting from a world of technology scarcity to a world of technology abundance.

Dave has talked quite a bit about this shift. Maybe he can add how he thinks about this shift from scarcity to abundance when it comes to technology and how that impacts a digital practitioner.

From scarcity to abundance 

Lounsbury: We all see this, right? We all see the fact that you can get a cloud account, either with a credit card or for free. There has been this explosion in the number of tools and frameworks we have to produce new software.

The old model – of having to be very careful about aligning scarce, precious IT resources with business strategies -- is less important these days. The bar to roll out IT value has migrated very close to the edge of the organization. That in turn has enabled this customer focus, with “software eating the world,” and an emphasis on digital-first experiences.

The result is all of these new business skills emerging. And the people who were previously in the business realm need to understand all of these digital skills in order to live in this new world. That is a very important point.

Dana, you introduced this podcast as being on what IT people need to know. I would broaden that out quite a bit. This is about what business people need to know about digital delivery. They are going to have to get some IT on their hands to do that. Fortunately, it’s much, much easier now due to the technology abundance that Michael noted.

Fulton
Fulton: The shift we are undergoing -- from a world of physical to information-based -- has led to companies embedding technology into the products that they sell.

The importance of digital is, to Dave’s point, moving from an IT functional world to a world where digital practitioners are embedded into every part of the business, and into every part of the products that the vast majority of companies take to market.

This includes companies that historically have been very physical, like aircraft engines and GE, or oil refineries at Shell, or any number of areas where physical products are becoming digital. They now provide much more information to consume and much more technology rolls into the products that companies sell. It creates a new world that highlights the importance of the digital practitioner.

Limitless digital possibilities 

Nambiyur: The traditional sacred cows of the old are no longer sacred cows. Nobody is willing to just take a technologist’s word that something is doable or not. Nobody is willing to take a process expert’s word that something is doable or not.

In this new world, possibility is transparent, meaning everybody thinks that everything is possible. Michael said that businesses need to have a digital practitioner in their line of business or in many areas of work. My experience of the last four years of working here is that, every participant in any organization is a digital practitioner. They are both a service provider and a service consumer simultaneously, irrespective of where they stand in an organization.

It becomes critical that everybody recognizes the impact of this digital market force, and then recognize how their particular role has evolved or expanded to include a digital component, both when they deliver value and how they receive value.

In this new world, possibility is transparent, meaning everybody thinks that everything is possible. ... The traditional sacred cows are no longer sacred.
That is the core of what they are accomplishing as practitioners, to allow people to define and expand their roles from the perspective of a digital practitioner. They need to ask, “What does that really mean? How do I recognize the market? How do I recognize my ecosystem? How do I evolve to deliver that?”

Sabesan: I will provide a couple of examples on how this impacts existing roles and new roles.

For example, we have intelligent refrigerators and intelligent cooking ovens and ranges that can provide insights to the manufacturer about the customers’ behaviors, which they never had before. The designers used to operate on a business-to-business (B2B) sales process, but now they have insights into the customer. They can directly get to the customer’s behaviors and can fine-tune the product accordingly.

Yet enterprises never had to build the skill sets to be able to use that data and create new innovative variations to the product set. So that’s one gap that we are seeing in the market. That’s what this digital practitioner guide book is trying to address, number one.

Number two, IT personnel are now having to deal with a much wider canvas of things to be brought together, of various data sets to be integrated.

Because of the sensors, what was thought of as an operational technology has become part of the network of the IT as well. The access to accelerometers, temperature sensors, pressure sensors, they are all now part of your same network.

A typical software developer now will have to understand the hardware behaviors happening in the field, so the mindset will have to change. The canvas is wider. And people will have to think about an integrated execution model.

That is fundamental for any digital practitioner, to be thinking about putting [an integrated execution model] into practice and having an architectural mindset to approach and deliver improved experiences to the customer. At the end of the day, if you don’t deliver experiences to the customer, there is no new revenue for the company. You’re thinking has to pivot-change from operation efficiency or performance milestones to the delivery of an experience and outcome for the customer.

Gardner: It certainly looks like the digital practitioner role is applicable to large enterprises, as well as SMBs, and cuts across industries and geographies.

In putting together a set of guidelines, is there a standardization effort under way? How important is it to make digital practitioners at all these different types of organizations standardized? Or is that not the goal? Is this role instead individual, organization by organization?

Setting the standards 

Nambiyur: It’s a great question. In my view, before we begin creating standards, we need the body of knowledge and to define what the practitioner is looking to do. We have to collect all of the different experiences, different viewpoints, and define the things that work. That source of experience, if you will, can eventually evolve into standards.

Do I personally think that standards are coming? I believe so. What defines that standard? It depends on the amount of experiences we are able to collect. Are we able to agree on some of the best practices, and some of the standards that we need to follow so that any person functioning in the physical ecosystem can successfully deliver in repeatable outcomes?

I think this can potentially evolve into a standard, but the starting point is to first collect knowledge, collect experience from different folks, use cases, and points of use so that we are reasonably able to determine what needs to evolve further.

Gardner: What would a standard approach to be a digital practitioner look like?

Sabesan: There are certain things such as a basic analysis approach, and a decomposition and execution model that are proven as a repeatable. Those we can put as standards and start documenting right now.

We are looking for some sort of standardization of the analysis, decomposition, and execution models, yet providing guidance.
However, the way we play the analysis approach to a financial management problem versus a manufacturing problem, it’s a little different. Those differences will have to be highlighted. So when Venkat was talking about going to a body of knowledge, we are trying to paint the canvas. How you apply these analysis methods differently under different contexts is important.

If you think about Amazon, it is a banking company as well as a retail company as well as an IT service provider company. So, people who are operating within or delivering services within Amazon have to have multiple mindsets and multiple approaches to be presented to them so that they can be efficient in their jobs.

Right now, we are looking at some form of standardization of the analysis, decomposition, execution models, and yet providing guidance for the variances that are there for each of the domains. Can each of domains by itself standardize? Definitely, yes, and we are miles away from achieving that.

Lounsbury: This kind of digital delivery -- that customer-focused, outside-in mindset -- happens at organizations of all different scales. There are things that are necessary for a successful digital delivery, that decomposition that Sriram mentioned, that might not occur in a small organization but would occur in a large organization.

And as we think about standardization of skills, we want to focus on what’s relevant for an organization at various stages of growth, engagement, and moving to a digital-first view of their markets. We still want to provide that body of knowledge Venkat mentioned that says, “As you evolve in your organization contextually, as you grow, as your organization gets to be more complex in terms of the number of teams doing the delivery, here’s what you need to know at each stage along the way.”

The focus initially is on “what” and not “how.” Knowing what principles you have to have in order for your customer experiences to work, that you have to manage teams, that you have to treat your digital assets in certain ways, and those things are the leading practices. But the tools you will use to do them, the actual bits and the bytes, are going to evolve very quickly. We want to make sure we are at that right level of guidance to the practitioner, and not so much into the hard-core tools and techniques that you use to do that delivery.

Organizational practices that evolve 

Fulton: One of the interesting things that Dave mentions is the way that the Digital Practitioner Body of Knowledge™ (DPBoK) is constructed. There are a couple of key things worth noting there.

One, right now we are viewing it as a perspective on the leading practices, not necessarily of standards yet when it comes to how to be a digital practitioner. But number two, and this is a fairly unique one, is that the Digital Practitioner Body of Knowledge does not take a standard structure to the content. It’s a fairly unique approach that’s based on organizational evolution. I have been in the IT industry for longer than I would care to admit, and I have never seen a standard or a body of knowledge that has taken this kind of an approach.

Typically, bodies of knowledge and standards are targeted at large enterprise, and they put in place what you need to do -- all the things that you need to do when you do everything perfect at full scale. What the Digital Practitioner’s Body of Knowledge does is walk you through the organizational evolution, from starting at an individual or a founder of a startup -- like two people in a garage -- through when you have built that startup into a team, and you have to start to put some more capabilities around that team, up to when the team becomes a team of teams.

You are starting to get bigger and bigger, until you evolve into a full enterprise perspective, where you are a larger company that needs more of the full capabilities.

By taking this organizational maturity, evolution, and emergence approach to thinking about a leading practice, it allows an individual to learn and grow as they step through in a standard way. It helps us fit the content to you, where you are as an individual, and where your organization is in its level of maturity.

Taking this organizational maturity, evolution, and emergence approach to thinking about leading a practice allows an individual to learn and grow in a standard way.
It’s a unique approach, walking people through the content. The content is still full and comprehensive, but it’s an interesting way to help people understand how things are put together in that bigger picture. It helps people understand when you need to care about something and when you don’t.

If you are two people in a garage, you don’t need to care about enterprise architecture; you can do the enterprise architecture for your entire company in your head. You don’t need to write it down. You don’t need to do models. You don’t need to do all those things.

If you are a 500,000-person Amazon, you probably need to have some thought around the enterprise architecture for your company, because there’s no way anybody can keep that in their mind and keep that straight. You absolutely have to, as your company grows and matures, layer in additional capabilities. And this Body of Knowledge is a really good map on what to layer in and when.

Gardner: It sounds as if those taking advantage of the Body of Knowledge as digital practitioners are going to be essential at accelerating the maturity of organizations into fully digital businesses.

Given the importance of that undertaking, where do these people come from? What are some typical backgrounds and skill sets? Where do you find these folks?

Who runs the digital future? 

Sabesan: You find them everywhere. Today’s Millennials, for example, let’s go with different categories of people. Kids who are out of school right now or still in school, they are dabbling with products and hardware. They are making things and connecting to the Internet and trying to give different experiences for people.

Those ideas should not be stifled; we need to expand them and help them try to convert these ideas and solutions into an operable, executable, sustainable business models. That’s one side.

On the other far end, we have very mature people who are running businesses right now, but who have been presented with a challenge of a newcomer into the market trying to threaten them, to question their fundamental business models. So, we need to be talking to both ends -- and providing different perspectives.

As Mike was talking about, what this particular Body of Knowledge provides us is what can we do for the new kids, how do we help them think about the big picture, not just one product version out. In the industry right now, between V1 and V2, you could potentially see three different competitors for your own functionality and the product that you are bringing to market. These newcomers need to think of getting ahead of competition in a structured way.

And on the other hand, enterprises are sitting on loads of cash, but are not sure where to invest, and how to exploit, or how to thwart a disruption. So that’s the other spectrum we need to talk about. And the tone and the messaging are completely different. We find the practitioners everywhere, but the messaging is different.

Gardner: How is this then different from a cross-functional team; it sounds quite similar?

Beyond cross-functionality 

Sabesan: Even if you have a cross-functional team, the execution model is where most of them fail. When they talk about a simple challenge that Square is trying to become, they are no longer a payment tech company, they are a hardware company, and they are also a website development company trying to solve the problem for a small business.

So, unless you create a structure that is able to bring people from multiple business units together -- multiple verticals together to focus on a single customer vertical problem – the current cross-functional teams will not be able to deliver. You need risk mitigation mindset. You need to remove a single team ownership mindset. Normally corporations have one person as accountable to be able to manage the spend; now we need to put one person accountable to manage experiences and outcomes. Unless you bring that shift together, the traditional cross-functional teams are not going to work in this new world.

Nambiyur: I agree with Sriram, and I have a perspective from where we are building our organization at Oracle, so that’s a good example.

Now, obviously, we have a huge program where we hire folks right out of college. They come in with a great understanding of -- and they represent -- this digital world. They represent the market forces. They are the folks who live it every single day. They have a very good understanding of what the different technologies bring to the table.

We have a huge program where we hire right out of college. They represent the digital world, the market forces, and they are living it every day.
But one key thing that they do -- and I find more often – is they appreciate the context in which they are operating. Meaning, if I join Oracle, I need to understand what Oracle as a company is trying to accomplish at the end of the day, right? Adding that perspective cannot just be done by having a cross-functional team, because everybody comes and tries to stay in their comfort zone. If they bring in an experienced enterprise architect, the tendency is to stay in the comfort zone of models and structures, and how they have been doing things.

The way that we find the digital practitioners is to allow them to have a structure in place that tells them to add a particular perspective. Like just with the Millennials, you need to understand what the company is trying to accomplish so that you just can’t let your imagination run all over the place. Eventually and likewise, for a mature enterprise architect, “Hey, you know what? You need to incorporate these changes so that your experience becomes continuously relevant.”

I even look at some of the folks who are non-technologists, folks who are trying to understand why they should work with IT and why they need an enterprise architect. So to help them answer these questions, we give them the perspective of what value they can bring from the perspective of the market forces they face.

That’s the key way. Cross-functional teams work in certain conditions, but we have to set the change, as in organizational change and organizational mindset change, at every level. That allows folks to change from a developer to a digital practitioner, from an enterprise architect to a digital practitioner, from a CFO to a digital practitioner.

That’s really the huge value that the Body of Knowledge is going to bring to the table.

Fulton: It’s important to understand that today it’s not acceptable for business leaders or business members in an organization to simply write off technology and say that it’s for the IT people to take care of.

Technology is now embedded throughout everything that we do in our work lives. We all need to understand technology. We all need to be able to understand the new ways of working that that technology brings. We all need to understand these new opportunities for us to move more quickly and to react to customer wants and needs in new and exciting ways; ways that are going to add distinct value.

To me the exciting piece about this is it's not just IT folks that have to change into digital practitioners. It’s business folks across every single organization that also have to change and bringing both sides closer together.

IT everywhere, all the time, for everyone

Lounsbury: Yes, that’s a really important point, because this word “digital” gets stuck to everything these days. You might call it digital washing, right?

In fact, you put your finger on the fundamental transformation. When an organization realizes that it's going to interact with its customers through either of the digital twins -- digital access to physical products and services or truly digital delivery -- then you have pieces of information, or data, that they can present to the customer.

That customer’s interactions through that -- the customer’s experience of that – which also then brings value to the business. A first focus, then is to shift from the old model of, “Well, we will figure out what our business is, and then we will throw some requirements down the IT channel, and sooner or later it will emerge.” As we have said, that's not going to cut it anymore.

You need to have that ability to deliver through digital means right at the edge with your product decisions.

Gardner: David, you mentioned earlier the concept of an abundance of technology. And, Michael, you mentioned the gorilla in the room, which is the new tools around artificial intelligence (AI), machine learning (ML), and more data-driven analysis.

To become savvier about how to take advantage of the abundance of technology and analytics requires a cultural and organizational shift that permeates the entire organization.

To what degree does a digital practitioner have to be responsible for changing the culture and character of their organization?

Lounsbury: I want to quote something I heard at the most recent Center for Information Systems Research Conference at the MIT Sloan School. The article is published by Jeanne Ross, who said, the time for digitization, for getting your digital processes in place, getting your data digitalized, that’s passed. What's important now is that the people who understand the ability to use digital to deliver value actually begin acting as the agents of change in an organization.

To me, all of what Sriram said about strategy -- of helping your organization realize what can happen, giving them through leading practices and a Body of Knowledge as a framework to make decisions and lower the barrier between the historical technologist and business people, and seeing them as an integrated team – that is the fundamental transition that we need to be leading people to in their organizations.

Sabesan: Earlier we said that the mindset has been, “This is some other team’s responsibility. We will wait for them to do their thing, and we will start from where they left off.”

Now, with the latest technology, we are able to permeate across organizational boundaries. The person to bring out that cultural change should simply ask the question, “Why should I wait for you? If you are not looking out for me, then I will take over, complete the job, and then let you manage and run with it.”

We want people to be able to question the status quo and show a sample of what could be a better way. Those will drive the cultural shifts.
There are two sides of the equation. We also have the DevOps model where, “I build, and I own.” The other one is, “I build it for you, you own, and keep pace with me.” So basically we want people to be able to question the status quo and show a sample of what could be a better way. Those will drive the cultural shifts and push leaders beyond their comfort zone, that Venkat was talking about, to be able to accept different ways of working: Show and then lead.

Talent, all ages, needed for cultural change 

Nambiyur: I can give a great example. There is nothing more effective than watching your own company go through that, and just building off on bringing Millennials into the organization. There is an organization we call a Solutions Hub at Oracle that is entirely staffed by college-plus-two folks. Ans they are working day-in and day-out on realizing the art of what’s possible with the technology. In a huge way, this complements the work of senior resources -- both in the pre-sales and the product side. This has had a cumulative, multiplier effect on how Oracle is able to present what it can do for its customers.

We are able to see the native digital-generation folks understanding their role as a digital practitioner, bringing that strength into play. And that not only seamlessly complements the existing work, it elevates the nature of how the rest of the senior folks who have been in the business for 10 or 20 years are able to function. As an organization, we are now able to deliver more effectively a credible solution to the market, especially as Oracle is moving to cloud.

That’s a great example of how culturally each player – it doesn’t matter if they are a college-plus-two or a 20-year person -- can be a huge part of changing the organizational culture. The digital practitioner is fundamental, and this is a great example of how an organization has accomplished that.

Fulton: This is hard work, right? Changing the culture of any organization is hard work. That’s why the guidance like what we are putting together with the Digital Practitioner Body of Knowledge is invaluable. It gives us as individuals a starting point to work from to lead the change. And it gives us a place to go back to and continue to learn and grow ourselves. We can point our peers to it as we try to change the culture of an organization.

It’s one of the reasons I like what’s being put together with the Digital Practitioner Body of Knowledge and its use in enterprises like Nationwide Insurance. It’s a really good tool to help us spend our time focused on what’s most important. In Nationwide’s case, being on our site for the members that we serve, but also being focused on how we transform the culture to better deliver against those business objectives more quickly and with agility.

Lounsbury: Culture change takes time. One thing everybody should do when you think about your digital practitioners is to go look at any app store. See the number of programming tutorials targeted at grade-school kids. Think about how you are going to be able to effectively manage that incoming generation of digitally savvy people. The organizations that can do that, that can manage that workforce effectively, are going to be the ones that succeed going forward.

Gardner: What stage within the Body of Knowledge process are we at? What and how should people be thinking about contributing? Is there a timeline and milestones for what comes next as you move toward your definitions and guidelines for bring a digital practitioner?

Contributions welcome

Lounsbury: This group has been tremendously productive. That Digital Practitioner Body of Knowledge is, in fact, out and available for anyone to download at The Open Group Bookstore. If you look for the Digital Practitioner Body of Knowledge, publication S185, you will find it. We are very open about getting public comments on that snapshot as we then finish the Body of Knowledge.

Of course, the best way to contribute to any activity at The Open Group is come down and join us. If you go to www.opengroup.org, you will see ways to do that.

Gardner: What comes next, David, in the maturation of this digital practitioner effort, Body of Knowledge and then what?

Lounsbury: Long-term, we already began discussing both how we work with academia to bring this into curricula to train people who are entering the workforce. We are also thinking in these early days about how we identify Digital Practitioners with some sort of certification, badging, or something similar. Those will be things we discuss in 2019.

We will work with academia to bring this into curricula and to train people who are entering the workforce.
Gardner: I’m afraid we will have to leave it there. We have been discussing the creation of new guidance and a Body of Knowledge around how digital professionals should approach their responsibilities. And we have learned how The Open Group is ambitiously seeking to close the gap between issues around IT education, business methods, and what it will take to really succeed in the new generation of digital business.

For more information on this architectural approach, cultural change, and topics related to Digital Practitioners, do please check out The Open Group website at www.opengroup.org.

Please join me in thanking our panel, Venkat Nambiyur, Director of Business Transformation Enterprise, and Cloud Architecture at Oracle; Sriram Sabesan, Consulting Partner and Digital Transformation Practice Lead at Conexiam; Michael Fulton, Associate Vice President of IT Strategy and Innovation at Nationwide Insurance and Co-Chair of The Open Group IT4IT Forum, and David Lounsbury, Chief Technology Officer at The Open Group.

And a big thank you as well to The Open Group for sponsoring this discussion. Lastly, thank you to our audience for joining. I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host and moderator. Thanks again for listening, and do come back next time.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: The Open Group.

Transcript of a discussion on how The Open Group is closing the gap between IT education, business methods, and what it takes as a culture to succeed over the next decade. Copyright Interarbor Solutions, LLC, 2005-2018. All rights reserved.

You may also be interested in: