 It's the CUBE covering HPE Big Data Conference 2016. Now, here are your hosts, Dave Vellante and Paul Gillan. Welcome back to Boston, everybody. This is, we're wrapping up day two, there's the CUBE, the Worldwide Leader in Live Tech Coverage, our friend Tim Crawford is here, CIO Advisor and Principal at AVOA. Great to see you again, thanks for coming on. Dave, always a pleasure to be on the CUBE. Yeah, so I was happy to see you on what was it, Monday night, I guess we ran into each other and we seem to see each other quite a bit. It's good that we crossed paths. This is an interesting event, right? Different than many of the big mega events that we go to. What's your take? It is, I think quite often we're at those mega events and you're just in a sea of people and trying to kind of get the signal from the noise as you like to say. Here, it's quite a bit different. It's a practitioner event. This is an event that you don't see a lot of vendors, you don't see a lot of that marketing push even from HPE. You see practitioners talking about their stories, talking about real problems that they're trying to solve. And so in some ways, it's a little challenging because it's smaller, but on the other hand, because it's a practitioner event, you're getting right to those folks that are dealing with those issues and that's really refreshing. Yeah, you don't see a lot of HPE salespeople in your face. The sales guys are in, you know, the exhibits, obviously, but they're not, a lot of these conferences, you can see the suits. Yes. It's me in a suit and then you can pick out the sales guys easily. You know, so, well, let's get into it. You know, what's on the mind of the CIOs these days, especially in the context of data? Well, it's the same thing that's been on the mind, at least for the last 12, 18 months, which is how do we up level the conversation? And I think, you know, being here at this conference and talking about analytics, we're really at the heart of it. How do we start to understand the customer more? How do we start to understand how our business is operating and how we can be either more efficient on one end of the spectrum or more engaging on the other end of the spectrum? And so that becomes a real interesting discussion because it then drives a lot of things that kind of lead right up to your business vision. And so things like analytics and being able to take the data and put it in context, as well as even newer things like IoT, you know, and your last guest, you had started to touch on that about IoT. That's another piece across industries that's starting to come up, is how do I start to leverage that, again, for some of the same reasons? CIOs are dealing with a lot of disruption right now. They're, the traditional role of IT as the, you know, the adjudicator, the center of all technology for the organization, that's being exploded. A lot of the analytics responsibility is moving into self-service for the business users. Projects are being handled differently, much more of an agile approach than big, all-encompassing projects in the past. Are CIOs, does this worry them or are they supposed to be embracing this with eagerness? So I think on the whole, it's concerning. It absolutely is concerning. I think anyone that doesn't say that, they're probably trying to kind of keep the, keep the concern out of the limelight. But the reality is it is a little concerning because we're talking about people that don't necessarily have a background in some of these disciplines that are just trying to get their job done. In many organizations, IT becomes that stumbling block or that, I've heard some of the misnomers, but the department of no, the problem department where big projects go to die, I mean, I've heard it all. And there is some reality to that in some organizations. And so we have to change that. But in the meantime, the business still moves on. And so we have to find ways to kind of work through those hurdles and find ways to get some of these things done. So that's why you see Shadow IT. You see some of these other groups that are starting to come up and going, you know what, I can pick up these applications, consume them, do what I need to do, solve some of these business problems without having to involve IT. You were at the MIT CDO conference. I wasn't there this year. I'd been there several years before. And I was watching some of the videos. You had some interesting discussions about the role of the CIO. We interviewed John Halamka from Beth Israel a couple years ago. He basically said, I'm not sure the CIO's role is going to be around here. Now, I was shocked, he's a famous CIO. I didn't agree with him. We had an interesting discussion about that. But it seems like that role is settling in, certainly within financial services, healthcare and government. What was the discourse like this year? And I'd love to get Tim's thoughts on that. Yeah, I'd like to hear what Tim would say as well. This chief data officer role, and Forester says there are about 3,000 chief data officers worldwide now. I think two years ago, we were hearing a lot at the MIT CDO conference about this being a threat to the CIO. And potentially the chief data officer would be a more strategic role. CIO will become the chief infrastructure officer. What I heard this year was that that is not as much of a concern anymore. That the two roles seem to have settled out. CDO not being a technology role primarily, but being more of a strategic role. And the big problem that they're having is just getting their arms around all the data that the companies have. CIO is still very critical of the organization. Curious in your perspective on that, is the CDO a threat or a replacement? So I actually think, and I've written a bit about this myself, I think the CDO is both a threat and also a help. And it's important to first understand the CIO role, because a CIO is not a CIO is not a CIO. And I kind of bulk it into two general buckets. There is the traditional CIO, which that is in the decline. And that's what we are commonly looking at in terms of the tech-centric organization, the historical CIO, that's a traditional CIO. Then you have the transformational CIO. The transformational CIO is far more business-centric. Less about technology, more about business. The transformational CIO is also the one that's having the same conversations that the rest of the C-suite is having. So it's a very different level of conversation. The CDO kind of sits in the middle. And I wish I could show this graphic to you, because there was some discussion that, well, maybe the CMO is gonna fill that gap and take over from the CIO. That gap is being filled by a number of different roles. And depending on the organization, depending on their needs, and in the case of data, how they're using data or how they could best leverage data, the CDO starts to fill some of that gap. At some point, I think over time, the CDO does somewhat fall into the background as the transformational CIO starts to pick up steam. But that's a very early stage that we're starting to see across the industry. When I started Wikibon with my colleagues, it was in 2006 timeframe, and the federal rules of civil procedure had just changed, right? And email became admissible. And there were some very high-profile cases. And so we started doing research on information, data as an asset or liability. And back then, before the big data meme, people weren't thinking about information as an asset so much as they were, uh-oh, I'm going to get sued or there's going to be a smoking gun. But we at the time said, it's really the CIO's job to manage that asset versus liability balance, like a balance sheet. And I think we might've been wrong. Maybe it was their job, but they haven't done that job. It's been too much of a job for that role to handle. What's your take on that? You've got to do the role in order to put judgment on it first. I mean, the problem is, and I've seen, well, no, but I think we kind of should judge in this case because we've got to start having some of these hard and provocative conversations. Let's stop dancing around the problem, let's get right to it, let's solve it and move on. Yeah, so is it the CIO's role? I think it's the CIO's role. I really think it's the CIO's role. But here's the problem. You put data policies in place and then you don't follow the data policies. So you might say that you have an archiving policy, you might have a data destruction policy. And then, well, we didn't quite follow those rules and now all of a sudden it opens up Pandora's box for discovery when you get sued. So one of the first problems is we have to understand, number one, how are we gonna manage data? And I don't mean the mechanics of bits and bytes and disks and networks. What I'm talking about is how do we manage the elements of data? And what's important? And there was some question of what data do we keep and what data do we not keep? And that's still a problem partly because there's a real cost to storing that data. And I was just having a conversation earlier today with someone that we were talking about the storage of data and it's getting to a point where we need to start keeping all of that data. Forget about the liability for just a minute in the conversation because that will layer in here but the value of data today is going to be very different than the value of data in the future. Some data elements will go up, some data elements will go down. But we can't predict that. We don't know. And so it's important now to just really start to amass that data, find ways to protect it but there's a real cost that comes with that too. Well, let's- Lindles aren't cheap, Flash isn't cheap. So, okay, well so and Colin said in this keynote the other day we should keep it forever. Chris Selland was talking about keeping it forever and I was saying the general counsel's going to have agita if we keep it forever. So let's layer back in that liability piece. I don't necessarily, if I'm a pharmaceutical company I don't want work in process hanging around somebody saying, oh, this could cause cancer and some email, I think it might and somebody pulls that out years later. I don't want that around, get rid of it. So yes and no. And I think this is the complexity, frankly, that we all face as CIOs is where do we draw that line? And to some regard, what you're talking about is not a decision that the CIO should be making. For sure, right? Business you're talking about. This is a business decision. Now the CIO may drive that decision, may help facilitate that conversation amongst a number of different groups but the reality is this is not an IT decision. This is a decision that is collaboratively made across the organization. It's a very hard job and you're right. We have to be careful about judging but I mean, in part technology created this problem. There's so much data and so many uses and I don't know if technology can help us get out of this problem. The volume of data, if the IDC numbers are going to be believed or to be believed is going to grow by something like 20 fold over the next five years. Well, the curve is pending beyond exponential. Yeah, I think if you look at any of the numbers, pick your favorite analyst firm, pick your favorite numbers and then let's put an exponential component to it. Because I think the reality is and we touched upon IOT and some of our conversations in the past but IOT is a great example of something that is going to put the hockey stick on steroids in terms of that ramp up of data. I don't think we really truly understand and can fathom the amount of data we're going to have to contend with as organizations. I think the challenge though is how do we manage that data and to Jeff's point in your last segment, how do you start to manage that data where it rests, right? We heard in some of the earlier discussions today and yesterday, how do you manage the data where it rests so you're not making copies of it and bringing it back so that you're working on it all together. You have to be able to do analytics where the data resides because much of that data that you're going to consume especially as an enterprise isn't going to be your data. And you don't have ownership to it. You can't necessarily grab it all but you might be able to manipulate it. Well, to the point, the CIO, how is the CIO going to implement a bunch of business rules when risk is so distributed, users are using Gmail here and there, they're putting in thumb drives. I mean, good luck, I mean. Well, you know, and I think that's a great example of where those folks that are using Gmail to move files across and using thumb drives were focused on the wrong problem there. We're focused on trying to secure that and lock that down rather than the real root of the problem is why are they doing that? There are too many hurdles. It's too difficult. I can't get to my VPN. I can't get to the file storage. I'm here, my boss is on me. I've got to get this done. I can't get to the file. I'm just going to send it to Gmail and off we go. And when you flag that, they're going to find another workaround. Right. There's always going to be a loophole. And then we start putting processes in place, right? And what do processes lead to? More and more debt. So this liability versus asset, right? You put handcuffs on people and there's a cost of doing that. You drive business value and ignore the DM the torpedoes where you expose yourself to risk. So it really is a balance sheet type of approach. And actually CIO is in a good position to manage that because he or she has visibility across the organization. I want to ask you about lock in, that question that we were asking. What's the CIO's perspective on that? Is lock in overstated in terms of a risk or is it something that's real in the CIO's mind? There's a lot of noise about lock in. Lock in at the end of the day is a red herring. Talking about lock in is a red herring because if you think about it, everything we do is a form of lock in, right? Whether it's the email package that we choose to work with. I mean, so you use Google Apps today and tomorrow you want to go to 365. Guess what? Moving from one to the other or vice versa. That's really challenging to do. Search engines. I mean, it doesn't matter what aspect you're talking about. Moving data around. And this gets into a really interesting deep conversation you could go maybe some time into transit of data and moving data, shipping data. That's not a trivial thing. And even if you could take care of the technological challenges, you still have to deal with the users. So now there's a whole retraining of users from using one product to using another product. And anyone who's led an IT organization will tell you firsthand, that's one challenge I don't want to take on. I'm looking for whatever is easiest, whatever is the most gentle way to engage my users because it's incredibly problematic. And unless it's going to provide significant uptick in terms of business value, you really have to stay up. Yeah, it's going to disrupt the business. Now, there's too much risk. There's far too much risk to it. Is the CIO, the future CIO, is that individual a business person, a technologist or a hybrid? Yeah, it's a hybrid. But the way that I've characterized it before, and I'll say it again, the transformational CIO is a business leader first that happens to have responsibility for technology, for IT. And before people kind of jump off that and say, well, does that mean that's a non-IT person? No, I think you have to have balance. And that's one of the pieces that I think we have to get away from is the world of IT is absolutely about as far away as you can get from being black and white. It's incredibly gray and has multiple shades within one organization. And then extrapolate that to other organizations and you start to see the complexity pretty quickly. You mentioned transformation. I probably get at least one PR pitch a day that mentions digital transformation these days. It seems to be the hot buzzword. Is this something that CIOs are taking to heart or is it a buzzword? I think it's more of a buzzword. What I find is when we talk about transformation and probably four or five years ago, transformation was a conversation subject amongst CIOs, that quickly got dismissed because you can't put metrics around it. How do you start to measure that from a business standpoint? Okay, so great, you transformed the IT organization. What did that do to the bottom line or top line in your organization? What is the customer gonna see from that? It's really hard to be able to put value, business value, and what that means is monetary value around some of those changes. So what typically happens is you talk about transformation, but at the end of the day you gotta break it down into chunks because transformation on the whole is a big hairy object that you just can't, you'll never necessarily achieve in one step, but you can do smaller steps to be able to work in that direction. And so that's really where they've gone, is how do we start to break down this problem? We want to become more business-centric, less tech-centric. How do we start to become more business-centric and what are the steps we need to get through to get there? That involves technology in some cases, but more often it's going to involve process and people and organization and cultural change. I got to ask you a security question. What, first of all, is security a board-level issue in the organizations that you work with and what should the CIO be communicating to the board about cyber security? So security is a board-level issue, especially in organizations that have had a recent breach and especially with publicly traded organizations more so than private organizations. So there are some dynamics that come into play there. What should they be communicating? I always err on the side of transparency. I think transparency is the best medicine, just be candid on here's what's happening, here's where we are, and make it a group decision. I think part of the challenge that we face as IT leaders is if there's a fault, and this is a cultural problem, if there's a fault, it's seen as weakness. And that's something that folks that are IT leaders tend to be hesitant to raise and bubble to the surface. They only want the good stuff to get out there. Not the, well, I'm not quite good on this or I don't know the answer to the problem. And we've got to get beyond that. So I would err on the side of transparency of saying, look, here's the situation, here's what we're doing with it, give me some guidance, are you comfortable with that? If not, here's what else we could do. Here are the risks and opportunities, and on the whole, what do you want to do? Has the communication protocol within the CIO community shifted from our job is to protect and thwart penetration and has it shifted to, we're going to get penetrated. We have been compromised. It's all about how we respond and how we integrate this as part of our risk management strategy. Has that shift taken place? In some organizations it has, not on the whole. I think we're still in the infancy from a maturity standpoint of having that kind of mature conversation of admitting that we're all vulnerable. So what level of vulnerability are we comfortable with working on and what steps are we going to take to be able to shore up some of those components? And again, that's a broader conversation to have beyond IT, beyond the CIO, beyond the CISO. Unfortunately, it doesn't necessarily rise to the C-suite's attention or the board's attention and those folks don't necessarily have access to those organizations, right? The C-suite or the board of directors. I feel like it's a big slow battleship that's turning and it's where the spending is aligned in the wrong places. All right, we got to jump. What's next for you? It's another airplane ride somewhere. You're saying a lot of times inside of an aluminum tube. You a lot of travel this summer you were saying now that it's going to pick up this fall season. It's the fall conference season, so I'm sure we'll be running into each other another conference soon. I hope so, Tim. Great opinions as always. Really a pleasure seeing you. Always a pleasure. Thanks so much. All right, keep it right there, everybody. Paul and I will be back. Be back to wrap right after this short break.