California – Gone Too Far Again
Lead Analyst: Cal Braunstein
California Governor Jerry Brown signed into laws Assembly Bill (AB) 1844, which restricts employers' access to employees' social media accounts, and Senate Bill (SB) 1349, which restricts schools' access to students' social media accounts. Due to the overbroad nature of the laws and the definition of social media, enterprises and schools may have difficulty complying while performing their fiduciary responsibilities.
Focal Points:
- Although both laws expressly claim they are only regulating "social media," the definitions used in the laws goes well beyond true social media over the Internet. The statutes use the following definition: "social media" means an electronic service or account, or electronic content, including, but not limited to, videos, still photographs, blogs, video blogs, podcasts, instant and text messages, email, online services or accounts, or Internet Web site profiles or locations. In effect, the law governs all digital content and activity – whether it is over the Internet and/or stored in local storage devices on in-house systems.
- Additionally, AB 1844, which covers employer-employee relationships, restricts employers' access to "personal social media" while allowing business-related access. However, the law does not define what comprises business or personal social media. It assumes that these classifications are mutually exclusive, which is not always the case. There have been multiple lawsuits over the years that have resulted from disagreements between the parties as to the classification of certain emails, files, and other social media.
- Many organizations inform employees that email and social media activity performed while using the organization's computer systems is open to access and review by the company. Furthermore, some entities have employees sign an annual agreement to such rights. However, the law makes it illegal for employers to ask for login credentials to "personal" accounts and the statute does not allow access to mixed accounts, which supposedly do not exist.
RFG POV: The new California statutes are reminiscent of CA Senate Bill 1386 (SB 1386), which requires any state agency or entity that holds personal information of customers living in the state to divulge any infringement of databases that include personal information, regardless of the business' geographic location. The new laws do more harm than good and allow potential class action civil suits in addition to individual suits. This will make it more difficult for organizations to protect the entity, its image, enterprise data and client/student relationships, and ensure appropriate conduct guidelines and privacy requirements are being met. In addition, the ambiguities in the wording of the laws leave them open to interpretation, which in turn will eventually lead to lawsuits. Business and IT executives can expect these new laws to extend beyond the borders of the state of California, as did SB 1386. IT executives should review the legislation, discuss with legal advisors all elements of the laws, including the definitions, and explore ways to be proactive with their governance, guidelines and processes to prevent worst case scenarios from occurring.
Blog: Data Center Optimization Planning
Lead Analyst: Cal Braunstein
Every organization should be performing a data center optimization planning effort at least annually. The rate of technology change and the exploding requirements for capacity demand IT shops challenge their assumptions yearly and revisit best practices to see how they can further optimize their operations. Keeping up with storage capacity requirements with flat budgets can be a challenge in that capacity is growing between 20-40 percent annually. This phenomenon is occurring across the IT landscape. Thus, if IT executives want to transform their operations from spending 70-80 percent of their budgets on operations to more than half the budget spent on development and innovation instead, executives must invest in planning that enables such change.
Optimization planning needs to cover all areas of the data center:
- facilities,
- finance,
- governance,
- IT infrastructure and systems,
- processes, and
- staffing.
RFG finds most companies are greatly overspending due to the inefficiencies of continuing along non-optimized paths in each of the areas; thereby providing companies with the opportunity to reduce operational expenses by more than 10 percent per year for the next decade. In fact, in some areas more than 20 percent could be shaved off.
Facilities. At a high level, the three areas that IT executives should understand, evaluate, and monitor are facilities design and engineering, power usage effectiveness (PUE), and temperature. Most data center facilities were designed to handle the equipment of the previous century. Times and technologies have changed significantly since then and the designs and engineering assumptions and actual implementations need to be reevaluated. In a similar vein, the PUE for must data centers is far from optimized, which could be resulting in overpaying energy bills by more than 40 percent. On the "easy to fix" front, companies can raise their data center temperatures to normal room temperature or higher, with temperatures in the 80° F range being possible. Just about all equipment built today is designed to operate at temperatures greater than 100° F. For every degree raised organizations can expect to see power costs reduced by up to four percent. Additionally, facilities and IT executives can monitor their greenhouse gas (GHG) emissions, which are frequently tracked by chief sustainability officers and can be used as a measure of savings achieved by IT operational efficiency gains.
Finance. IT costs can be reduced through use of four key factors: asset management, chargebacks, life cycle management, and procurement. RFG finds many companies are not handling asset management well, which is resulting in an overage of hardware and software being paid for annually. Studies have found this excess cost could easily run up to 20 percent of all expenses for end-user devices. The use of chargebacks better ensures IT costs are aligned with user requirements. This especially comes into play when funding external and internal support services. When it comes to life cycle management, RFG finds too many companies are retaining hardware too long. The optimal life span for servers and storage is 36-40 months. Companies that retain this equipment for longer periods can be driving up their overall costs by more than 20 percent. Moreover, the one area that IT consistently fails to understand and underperforms on is procurement. When proper procurement processes and procedures are not followed and standardized, IT can easily spend 50 percent more on hardware, software and services.
Governance. The reason governance is a key area of focus is that governance assures performance targets are established and tracked and that an ongoing continuous improvement program is getting the attention it needs. Additionally, governance can ensure that the reasonable risk exposure levels are maintained while the transformation is ongoing.
IT infrastructure and systems. For each of the IT components – applications, networks, servers, and storage – IT executives should be able to monitor availability, utilization levels, and virtualization levels as well as automation level. The greater the levels the fewer human resources required to support the operations and the more staffing becomes an independent variable, rather than one dependent upon the numbers and types of hardware and software used. Companies also frequently fail to match workload types to the infrastructure most optimized to those workloads, resulting in overspend that can reach 15-30 percent of operating costs for those systems.
Processes. The major processes that IT management should be following are application instances (especially CRM and ERP), capacity management, provisioning (and decommissioning) rates, storage tiers, and service levels. The better a company is at capacity planning (and use of clouds) the lower the cost of operations. The faster the provisioning capability the fewer human resources required to support operational changes and the likelihood of less downtime due to human error. Additionally, RFG finds the more storage tiers and automation of movement of data amongst tiers the greater the savings. As a rule of thumb organizations should find the savings as one moves from tier n to tier n+1 to be 50 percent. In addition to tiering, compression and deduplication are other approaches to storage optimization.
Staffing. For most companies today, staffing levels are directly proportional to the number of servers, storage, network nodes, etc. The shift to virtualization and automatic orchestration of activities breaks that bond. RFG finds it is now possible for hundreds of servers to be supported by a single administrator and tens to hundreds of terabytes handled by a single database administrator. IT executives should also be looking to cross-pollinate staff so that an administrator can support and of the hardware and operating systems.
The above possibilities are what exist today. Technology is constantly improving. The gains will be even greater as time goes on, especially since the technical improvements are more exponential than linear. IT executives should be able to plug these concepts into development of a data center optimization plan and then monitor results on an ongoing basis.
RFG POV: There still remains tremendous waste in the way IT operations are run today. IT executives should be able to reduce costs by more than 40 percent, enabling them to invest more in enhancing current applications and innovation than in keeping the lights on. Moreover, IT executives should be able to cut annual costs by 10 percent per year and potentially keep 40 percent of the savings to invest in self-funding new solutions that can further improve operations.