Skip to content
EP 07: CIO Cloud Insights: Tim Crawford on Evolving to a Cloud-First World

EP 07: CIO Cloud Insights: Tim Crawford on Evolving to a Cloud-First World

cloud-currents-tim-crawford-cios-cloud-first

About This Episode

In this episode of Cloud Currents, host Matt Brickey engages with Tim Crawford, a seasoned CIO and strategic advisor for AVOA. Crawford discusses his diverse experiences across various industries and how these have shaped his approach to IT leadership. He discusses the intersection of business and technology, the importance of customer and employee experiences in technology strategies, and the evolving landscape of cloud computing, AI, and IT governance. Crawford also shares valuable insights into the soft skills crucial for today’s IT leaders and the future of technological innovations.

Know the Guests

Tim Crawford

Chief Information Technology Officer

Tim Crawford is a highly influential Chief Information Technology Officer, ranked among the Top 100 Most Influential CIOs and recognized as a Top 100 Cloud Expert and Influencer. With extensive experience in strategic leadership and advising, Tim collaborates with large global enterprise organizations across various industries, leveraging technology as a strategic lever to drive transformative change. An internationally renowned thought leader in Digital Transformation, Cloud Computing, Data Analytics, and Internet of Things (IoT), Tim has held senior IT roles with prestigious global organizations such as Konica Minolta/All Covered, Stanford University, and Philips Electronics. He is the host of the CIO In The Know podcast, regularly quoted in publications like the Wall Street Journal and Forbes, and serves as a board advisor to Latent AI and myElth. Tim holds an MBA in International Business with Honors from Golden Gate University Ageno School of Business and a Bachelor of Science degree in Computer Information Systems from Golden Gate University.

Know Your Host

Matt Brickey

Sr. Vice President, Professional Services

Matt Brickey is the Sr. Vice President, Professional Services. Joining TierPoint in 2016, Matt Brickey oversees the team of professionals that help the company’s clients navigate a range of IT challenges, offering them cloud readiness assessments, and support on cloud or physical asset migrations, as well as business continuity planning and security assessments. Matt earned his bachelor’s degree at the University of Illinois and MBA at Southern Illinois University.

Transcript

00:00 - Intro to Tim Crawford

Matt Brickey: Hello, I'm Matt Brickey, and welcome to another episode of Cloud Currents. Today I'm pleased to be joined by Tim Crawford, CIO of strategic advisor for AVOA. Tim, thank you for joining me today.

Tim Crawford: Hey, Matt, great to chat with you, and looking forward to the chat.

Matt Brickey: Yeah, yeah. Before we jump into the conversation, would you mind providing the audience a few minutes on your background and yourself?

Tim Crawford: Yeah, thanks, Matt. So former CIO have worked mostly in enterprise, large enterprise, but of late have kind of stepped away and worked more as a CIO at large, working with both vendors and end users, really seeing that intersection between business and technology and talking about the pragmatic but also reality of where people sit, and adding a little provocativeness to the conversation, too, because I think it's good to kind of look out their ways, but let's be realistic about where we are today. So I'm having a lot of fun doing this, taking the skills and things that I've learned and people that I've met along the way and being able to put that together into something that I'm finding that both vendors as well as end users are finding valuable.

Matt Brickey: Yeah. Great. So looking through your history, you've had a number of different kind of job titles, and you've been in a number of different industries, right, from semiconductors to academia. Why don't you give us a little bit of an idea on all those various experiences, how that kind of changed your lens and how you approach that today?

Tim Crawford: Yeah, it's a great question because I think quite often we talk about how someone has a background in a specific industry. They might have spent 1015 years or so in semiconductors or in healthcare or financial services. And frankly, I mean, growing up, going across a number of different industries, it was challenging because people were looking for that. But as time has gone on, people have realized that there's actually value in the variety that comes from taking things from one industry and being able to apply it to yet another. And that's something that I've done over the course of my career, is I'll learn about something in one industry, but I'll find ways that it becomes valuable and unique and differentiating for a different industry. And so that differentiation becomes something that is unique and valuable to those companies.

And I would encourage other folks to look for those opportunities, too, but it's been a great ride. I mean, as you mentioned, working in semiconductors, I started my education in electronic engineering and then eventually switched over to working more with computers and then eventually got my MBA. And so high tech and semiconductor manufacturing was a natural extension of that. But as you've mentioned, I've had the opportunity to work for some just wonderful people and just incredible organizations, from National Semiconductor to Stanford University.

Matt Brickey: You mentioned switching from an engineering focus to more of an IT leader focus. What was it that kind of sparked your interest at the beginning? And probably more interesting is what kept you in it for as long as you've been in it?

Tim Crawford: It's actually been it that's been the most interesting throughout the course of my career. It is that intersection between business and technology. It's using technology in a way that really kind of provides value to customers, to companies, to how they operate, how they can work more efficiently, but how they can also grow their businesses. And that really is kind of the heart of what it is about. It's not as much about just the building of a technology, not to minimize that, because there's a lot of value and opportunity there. But for me personally, it's been about that intersection in business and technology, and I think that's really where it strives.

Matt Brickey: Is that kind of why you started your own firm, Avoa?

Tim Crawford: Yeah. Stepping into this realm that I'm in today was actually not planned. So I was actually looking for my next leadership role, and I wasn't finding anything, frankly, that was getting me excited. I mean, growing up in Silicon Valley, you tend to be a pretty forward-thinker. You're thinking about ways that you can do things differently, know, recreating the wheel in a more interesting way that's incredibly more valuable. And so stepping out and looking for my next leadership role, I was finding a lot of more traditional searches that were happening for CIOs and IT leaders, and that just wasn't appealing to me. And so at the same time, I had peers that were reaching out to me, other CIOs that were saying, hey, can you help me with this project or that project? Look over my shoulder, give me some perspective.

You get to see a lot of things I don't have access to, not just across industries, but then also across vendors and across geographies. And so one thing led to another, and the next thing you know, I've got this book of business built where I'm advising end users. And then that naturally progressed into vendors that were also interested in getting some of that CIO goodness. And of course, they had customer advisory boards and advisory boards that weren't customers, that were helping guide them, but they really wanted to bring that CIO perspective to the table in the conversations. And so they started bringing me in as analyst, as an industry analyst to provide some of that perspective.

And so that's essentially how AVOA came about, was that I was looking for a way to apply my background and skills in the best way I could to benefit an organization organizations in the best way I could. And it had a natural progression into what I've built now as a successful business that works with some of the top brands around the globe in both enterprise software, hardware services, as well as end users.

Matt Brickey: So that's pretty cool. You mentioned something during that answer that some of these opportunities weren't that interesting to you and all that. Do you think that organizations have transformed the way that they look for CIOs to be more of, like you said, a lot more experience, varied experience in different industries and all that? Or do you still find that organizations say, oh, I want someone that's a healthcare CIO?

Tim Crawford: Yeah, so both. You will still find a number of industries, and I think there's a generational component that has to be factored into this, too. And I think over time, we'll see that change as we see leaders change. But there are definitely some organizations that are like, if I'm a healthcare organization, I'm looking for someone that has healthcare experience, and there are some good reasons for that. And then you have other healthcare organizations that are saying, absolutely not. We want the search to be looking for someone outside of healthcare because we don't want to do the same thing as our competitors are doing. We want to look at other ways we can bring expertise into the fold and kind of mix things up a bit that is changing over time.

It's a slow process, though, because you have to change a number of different factors to make that play out. The culture of the organization, the IT organization has to change the culture of the broader company, has to change the expectations that you have of the IT leader, that the CEO or CFO or COO might have of the IT leader, and how the organization looks at it more broadly has to evolve, too. You can't just look at it as, this is an organization that works the same way as it did ten years ago or even five years ago.

I mean, I have been recently talking about how what you learned as an IT leader ten years ago need not apply today, because the way that we build, organize, and lead IT organizations and the role of technology within business today is dramatically different than even a short five years ago pre pandemic. So we have to be able to shift. But that shifting takes time. It takes time to do that. And so once we start seeing kind of a crossover of more folks that are interested in that and less focus on kind of the traditional ways of doing things. I think that'll pull the others along because it'll just be a necessity for them to survive.

Matt Brickey: Do you see organizations changing the way that they include the CIO more today? So I guess, let me rephrase that. I'd say, do you see that organizations give the CIO a seat at the boardroom more so today than they did five years ago?

Tim Crawford: On the surface, yes. However, the reasons why are varied greatly, meaning you have to have the right CIO first and foremost. So if you don't have the right CIO, the right individual that's leading the IT organization, with the right demeanor, with the right tone, cadence, they're never going to see the inside of a boardroom. The second piece to that is they have to have the right executive relationships, and they have to have positive relationships with those executives. One of the most important of those relationships is between the CIO and the CEO, because when you're wanting to get in the boardroom as a CIO, your doorway in is through either the CFO or the CEO.

And if you don't have a good relationship with the CEO, it's going to be pretty hard to get into the boardroom, let alone be asked to present, be invited to present, or even be invited to come back. And so that's true with just being part of the executive leadership team, the ELT within the organization, as much as it is in the boardroom. So overall, it is changing. But again, there are multiple factors that have to be taken into account from the individual, how it is viewed within the company, the role of technology within the company. Is that the CIO's role, or is that the CDO or CTO and their organization? Where does the CISO play a role in this? That's one that you absolutely cannot ignore.

But I've seen the gamut, and this is one of the things that has been really interesting about the work I do today versus working as an operational CIO for one organization is I get to see the gamut of what works, what doesn't work, how organizations are shifting and evolving. And I've seen the spectrum of publicly traded companies where CIOs have an engagement with their board and they present regularly. And I've also seen where CIOs have absolutely no interactions with their board, and neither does their CISO in some cases. And so you do see that exchange happen or that spectrum happen, but that exchange has to evolve. I think, over time, we have to see more engagement between the CIO and the CEO and the rest of the ELT, but then also with the board. But again, it's not an entitlement. It's not an entitlement.

It needs to be done in the right way, and that requires the right individual with the right Persona and with the right relationships.

Matt Brickey: So you host a number of podcasts where you interview CIOs, CTOs, CISos. Can you give us a little bit of an idea of how those interviews help you with your career now?

Tim Crawford: Yeah, I've had some amazing relationships over the years, and I was just with a group of CIOs a couple of months ago, and one of the things that I realized is there were a few folks in the room that I've known over 30 years, which just kind of floors you when you've kind of gone through your career. It does, and I'm having a great time. But in the conversations that I have with both the CIO and the know and the CXO and the Know podcasts, a lot of those interviews that I do are with people that I've known for a long time. I mean, I'm grateful for the relationships I have with other CIOs and the side conversations we can have about family and what's going on in life and then the challenges that we're having to deal with from a leadership standpoint.

But one of the things that it has done is it's really opened my eyes to different ways that CIOs think beyond just the actions that they take. And I often talk about this in the context of, there's the private conversation and there's the public conversation, and never shall the private conversation see the light of day, at least not where it, you know, Matt from this company said this, but rather, there's a generalization that can be made which maybe should see the light of day. And I've been able to learn from all of these people. I feel like I'm a sponge in a lot of ways that just got out of college, and I'm just learning about this thing called it. And I've always had that curiosity. And so this just fuels that intellectual stimulation of really trying to understand how people think differently.

And going back to what I was saying earlier about applying different things from different industries, this is just more the same. You take something from financial services that a CIO said, and you're able to bring that into the conversation with someone that's working for a major airline. And so I think those are great opportunities, and the podcast is just an extension of that. If I could take a minute. The whole reason for the podcast, it's really a labor of love. The CIO in the know is not a sponsored podcast, and it was really intended to elevate CIO conversations so others could get insights and actually hear how CIOs talk, because it is one of the more quiet or private types of conversations that happen within the organization, and not many people have the ability or are privy to those conversations.

And so that was really the genesis behind the podcast, was to say, there's some of these conversations we should have more publicly, and let me be the vehicle to be able to do that. And that's really where the CIO and the no came about.

15:37 - Key Pillars for Determining Effective IT Strategy

Matt Brickey: Yeah, that's cool. Sharing the variety of everyone's thoughts and concerns and all that. So let me transition that. We're in a market of buzzword bingo. So cloud, digital transformation, AI, ML, all that sort of stuff, right? There's a lot being thrown at the CIO CTO role. So when you're advising your clients, what would you say are the core pillars that you look for when you're trying to help them determine an effective strategy?

Tim Crawford: So, number one is understand what your objectives are, and the objectives are not specifically for it, but the objectives for the company. These are the objectives that are conversations at a board level, at an ELT level, but you need to understand those pretty intimately, and then you need to understand where technology fits into it, because ultimately, your organization is there to serve the broader organization and ultimately customers. If it's not for the customers, why are we doing this? And so it's important to understand that, but it kind of falls within three core pillars. I call it the big three. The first one is customer experience.

And so customer experience ranges everything from how you engage with customers at the very beginning of the relationship, meaning before they even call you up and say, or walk into a store and say, hey, I'm interested in your product. What do they know about your brand? What do they know about your company? What have they heard from friends and colleagues? To the other end of the spectrum, which is after they are no longer a customer and they're more of an alumni, what are they saying about your company? Do they still have a good perspective on your company? And some might say, well, wait a second, if you're an alumni, you're probably not going to be referring folks. Well, that's not true. Think about life cycles, customer life cycles that do have a finite end. Good example of this. Children.

As the children grow up, guess what? I'm not buying diapers anymore for children, but I still might have a really good perspective on a particular brand of diapers. Okay, well, I'm not using it for my kids anymore. They're fully grown. And so it's important to understand that whole spectrum and that journey that customers go through. And there are a lot of loops with it, too, right. That they kind of cycle through. So that's the first pillar. The second pillar is the employee experience. And again, it has a very early start and an end that sits off as an alumni. And so it's important to understand that whole journey and understand the people as people, not just resources, but it's important to understand that these are human beings, and each human is unique and complicated. And so that's the second pillar.

And then the third pillar is your business operations, or supply chain in some cases. And so that business operations piece is what connects the customer journey and the employee journey together. And that's the engine that works everything together. So it's important to understand how your company makes money, how it spends money, and everything that goes through it. And so, as the CIO, that's a tall order. But for everyone on the ELT, you need to understand those three core components at a fundamental level, and then understand how your particular area of the organization fits in with it. And so for the CIO, my advice is understand those three, and then understand where technology fits in, and then you can go from there as to where you need to go a little deeper.

Matt Brickey: Tim, what's your advice for a CIO that gets this type of experience from their ELT? We need to go to public cloud because we're behind.

Tim Crawford: Right.

19:34 - IT Strategy Challenges and Pushback

Matt Brickey: We've seen a number of those at our company that there's not necessarily a solid reason that they're doing it. There's not necessarily a business objective. There's some lightweight kind of objectives that we're not in the data center business. We shouldn't be in the data center business. We shouldn't, shouldn't is usually a lot of those things, but there's not a terribly compelling reason to be doing what they're doing. So how would you advise a CIO to either push back on that or modify that view if they encounter something.

Tim Crawford: Like, know, you're always going to encounter different perspectives and different interpretations of what those objectives are. And so this is where you really have to lean on the relationships you have with other members of the ELT and ensure that there's alignment between those folks. And that really becomes the guidance to help understand how you're going to work through those challenges where Umat might see things one way and I see it completely different and how do we work through it? How do we ensure that ties up appropriately to the overall objective that we're both supposed to be there kind of fighting for driving toward. And so when I find that it ties back to those objectives, it's a much smoother process.

What I find is where, when you run into those situations where folks are heading down a path that you just kind of scratch your head and go, why are they going here? I mean, first off, ask your question and understand. It's the old seek to understand first understand why they're doing it, because maybe there is a good solid reason that you're just not aware of. But let's say, for instance, they're heading down the path of they're continuing to support a data center. And you're like, why are we still doing this? This is the age of the cloud. And I'm not suggesting that all roads end with cloud, because it doesn't. There's still a need for a corporate data center, so let's be clear about that.

But there are some that believe that maybe cloud has kind of overplayed its hand and everything should be back in the corporate data center, which I don't agree with either. And so it's important to understand what the motivations are and what the education is in terms of how knowledgeable are they of the issues. So, for example, I've seen a number of situations where applications are moving back on prem and in talking to the IT leaders, not just the CIO, but maybe CIO minus one, a lot of the reasons that they give don't have a lot of foundation to it in most cases. And so when you start to get them to dig a little further, it really kind of opens their eyes to things that they didn't know they weren't aware of.

And so then it becomes more helpful to understand and make better business decisions of choices they make around technology and directions in technology. You're always going to find some folks that will say, hey, we're going to continue to do this because this is the way we've always done it. We've done it for 20 years or so. We're going to continue doing it for another 20 years. And that's a fatal flaw, because when you look at it, business has changed, customers have changed, technology needs to change as well to be able to support that. And while there still may be corner cases where doing things the same way might be the right way, to do it, you have to be real careful that you don't end up in a rut and down a path that ends up at a cliff before you know it.

And so that's one of the things that I always educate folks on, is, do you know where this path is going to take you, and at what point is it time to change the tracks to a different path? And so having that conversation sometimes opens people up to think about things in a different way. But, yeah, there's always going to be those situations where you've got someone that is steadfast. And quite frankly, there's a bit of a generational concern here. And I've heard other reasons why, too, whether it's I'm close to retirement, I don't want to take on the risk. I've also heard situations where I'm concerned about my staff. They're all kind of focused on this one technology. If we move to another technology, they're going to be out of a job.

There are ways to address all of these issues that I've found over the course of my career. You just have to put in the work to be able to figure that out.

24:05 - The Ever-Evolving Importance of Soft Skills in IT Leadership

Matt Brickey: So that's a very good transition into my next kind of thought was that you mentioned generational, and if you go through the generations, everyone has different needs for soft skills. There's jokes that boomers have none, and millennials need it constantly given to them. But when you've worked with your clients, what are the soft skills that you think have been the most valuable to them?

Tim Crawford: Yeah. And to be clear, it is not a steadfast or hard and fast generational is the answer. Meaning, I know boomers that I work with that they're awesome, and they are most definitely very forward thinking. And I know millennials that they're steadfast in their ways, and it's going to be hard to get them to change. So I want to be clear that I'm not necessarily putting people into a bucket, but rather it's more about the traits that different folks kind of exhibit. At the end of the day, the most important thing is what are the soft skills that they've learned as they've kind of grown up as a human being? Have they grown up to learn about things like imagination, curiosity? I mean, one of the things I would always interview for is what is it that you're curious about? Like, what motivates you?

What are you spending your free time doing? What are you tinkering with? Because those are traits that I can't teach you as a leader, very easily. I can teach you the hard skills, no problem. I can send you the class. I can have you sit with someone else and learn the hard skills. That's relatively easy to do. But those soft skills, those problem solving skills, those are the ones that are incredibly valuable. And if I could go a step further on the problem solving technology is an imperfect thing. As much as people expect technology to be perfect, whether it's on prem technology, which, guess what, data centers fail, surprise cloud fails, surprise technology is imperfect. And so you have to understand and respect that.

What we are gauged on, though, as leaders and as individual contributors, is how we react and how we plan and how we recover and respond when things do go wrong. And so it's important to have those kinds of skills, those kinds of sop skills. How do you solve for problems and give someone a problem they haven't seen before? What's the process they would go through, that thought process that they would go through to try and figure it out. And so those are things that I think are incredibly valuable. Imagination is another thing. If you go back, oh, I'm going to date myself a little bit here, but if you go back several decades, there was a lot more imagination that was happening within the average it organization than there is today. Today it's running from one project to the next.

And I'm sure there are a lot of folks listening to this are going, wow, yeah, I just finished one project and I'm on to the next. And now on to the next project, and I'm on to the next project. And you just don't get time to think, to stop and think. And so that's one thing that I think very strongly that we need to infuse back into our organizations is time to think. And that's really hard to do. If you don't have the right relationships, you don't have the right culture in the organization is giving people time to explore, to experiment, to think, and giving them a safe space to do that in. If you're just expecting people to perform twenty four seven and perform perfectly, you're setting yourself up for failure.

And so these are the kinds of soft skills that I would encourage folks to be thinking about is how can you contribute in your own way, whether you're the CIO of a large organization or you're the most junior individual contributor, equally you can figure out, what are those soft skills? How can I kind of sharpen those skills and bring them to the table and really provide value based on those? And to me, those are incredibly powerful and incredibly valuable. The other hard know, if you see a job description and it know, I'm looking for these five things and you've only got three of them still apply, because if you've got the right soft skills, I can teach the hard stuff.

28:41 - Complexities of Cloud Cost Containment and Value Maximization

Matt Brickey: That's a good answer. So, Tim, I think I want to switch gears a little bit, and I want to talk more technology now than necessarily technology leaders. And we'll start with cloud kind of cloud adoption, and I'll naturally take you probably into artificial intelligence there. But my first question is, we've seen in, I'd say late 2022. All throughout this year, anyone in public cloud is talking cost containment.

Tim Crawford: Right?

Matt Brickey: So can you give us a little bit of insight on why you think that has emerged into such a popular trend? And what should clients be thinking about that haven't adopted a new cloud to make sure they don't make the same mistakes as maybe some of their, some prior organizations have?

Tim Crawford: Yeah. The last 12-14 months, there has been an intense focus on this around cost containment with regards to cloud computing. It's been kind of bubling up for a couple of years prior to that, but the macroeconomic conditions have really kind of forced folks to say, wait a second here, what are we spending the most money on, and how do we start to kind of pull that in now? One of the things I will say is, I think too often people get wrapped around the axle on how do we reduce our costs when it comes to talking about cloud. And I think that's absolutely the wrong conversation to have, because it focuses on a finite number as opposed to focusing on a ratio, which is value.

So, for example, if you're spending a million dollars a month with a public cloud provider and someone comes to you, and I've heard this from CIOs across the board, is how do I start to reduce that million dollars a month to maybe even $800,000 a month? And my argument is that is not the question to be asking. Your question you should be asking is, what am I getting for that million dollars a month? So, for example, if that million dollars a month is tied to 5 million in top line revenue, which then ostensibly turns into some subset of that in terms of the bottom line contribution, then your question should be, how do I grow it? How do I grow my spend?

Because maybe there is something close to a linear progression between how much I'm spending with that particular cloud service and the revenue that's coming from it. So instead of reducing the million dollars a month, how do I increase it. And can I prove that by increasing it? And this is a question all of you should be asking, can I prove that million dollars a month truly is contributing 5 million in top line? And so if the answer is yes, and then I can project that out and model it to be able to say, well, if we multiply it by ten, then I'm spending 10 million a month and I'm getting 50 million in top line, and we can model that. And that's how the model plays out. Even if it's 40 million, I mean, that's still a forex turn on investment top line.

That's still really good. And then look at your bottom line contribution as a consequence of that. Those are the kinds of financial conversations we should be having around cost containment is where's the value? Not what's the most costly, where's the value? And for things that aren't providing the value to the organization, those are the ones that we should be targeting and reducing our spend on. But it's more focus on value over cost. And then of course we've had this conversation around Finops that's come up, which is, I think a more sophisticated way of saying, okay, this is really portfolio management and budgeting. Let's be honest, for most organizations, that's really what it comes down to is understanding your spend, understanding what you're getting for it, and understanding how that's trending. And from an actuals perspective, against a budget.

I mean, this is something that you should have been doing for decades. This is not something that should be new. But financial management has been a challenge for a lot of it organizations prior to cloud. And once we moved into the cloud era, it became even more complicated. And one of the things that makes it even more challenging is when you start getting into public cloud services, it's even more challenging because it's not clear what services tie to what potential outcomes. And so all of the cloud providers, public cloud providers, are trying to put together tools to help with that.

But there is no one tool today that says for a given application, no matter how much you tag a given application or services, rather within a public cloud provider, there is no way today to clearly articulate that a given service, meaning top line service that the customer is engaging with, is tied to very specific costs. There's no way to do that today. And so there's a lot of funny math that we have to do, assumptions we have to do to kind of work through that.

I think where this is going to get more complicated in the near term, and especially in this coming year, is when we start talking about the impact of sustainability into the mix, because now when we start getting into things like artificial intelligence and generative AI and the amount of power and the carbon footprint that it creates, which nobody's really talking about yet, but they're going to because it's either going to be driven by customers that are going to require understanding that information or it's going to be forced through regulatory bodies. And we're already starting to see the inklings of that yet. I will say most it organizations are going to get caught flat footed with it because they're not thinking about it generally, and they're definitely not prepared. And frankly, the vendors are struggling with it, too. They're working hard.

But this is a complicated problem. This is a really complicated problem. So add that to the mix of everything else we have to do. It reeks to a mindset that I often talk about, which is you have to drive to simplification. You have to make your environment as simple as possible, because the simpler you make it, the easier it is to solve for these problems. The harder you make it, the more complicated you leave things, because it has always been complicated, the harder it's going to be to get your arms around this stuff.

35:31 - Security and Governance Challenges in Cloud Maturity

Matt Brickey: I would imagine that plays very well into kind of the other theme that we've seen throughout 2023. And it's not just public cloud, but the need for stricter governance and a clearer security policy has been a very popular trend in our clients. So I would assume the same with you. But if it's not, tell me, but where have you seen clients misstep around security and governance with regards to their cloud maturity?

Tim Crawford: So number one is they assume that the cloud is just like their data center, and so they put the same protections and methodologies in place. They're not thinking about it as an ephemeral resource that is incredibly flexible and can come and go. And it's the whole spectrum from the tools that are used, the methods that are used, the processes that are used, auditing that comes into play, just the mindset of the individuals that are putting it in place. They're using traditional methods to apply to cloud. And I think that's the first mistake, is they're not stopping and saying, hold on, this is something brand new. Let's think differently about how we manage this. The other problem is I see a lot of groups that are focused on solving for one specific security problem, and they're not thinking about it holistically.

So, for example, how do I manage an application and all of the data and all of the analytics that go with it from the edge to the cloud, so from those sensors all the way at the edge and those input output devices all the way through the entire spectrum, all the way back to public cloud and everything and all the services that are involved in it, that's not being considered. If it were, we'd be seeing a wholly different conversation coming up. But instead, what we're seeing are these incremental improvements. And the question I often get is, are we spending too much already on security, or are we spending too little? Like if we spend another million dollars a year on security, what's that going to get us? Is it going to have a market improvement in our profile and our risk profile?

And the answer in a lot of times is no, it's not. You have to kind of step back and rethink the problem. And so I think this is something that we're going to see coming up. You mentioned regulatory, and I am not a big fan of regulatory when it comes to technology, because I think technology moves at such a fast pace that regulatory bodies just can't keep up. I mean, the process is just too cumbersome and too slow for it. We've seen a number of examples of where regulatory bodies that are largely uninformed when it comes to these technologies, meaning they just don't understand the nuances of it. They're not experts in the space, even though they have access to some pretty brilliant folks to educate them. At the end of the day, they're not experts in the space.

And so they try and take these broad strokes to protect data. And inevitably, what we're finding is that they will end up looping in a bunch of things that they didn't intend to loop into it. And so you have these unintended consequences that start to hinder things like innovation and protection and whatnot. And so I do think that we have to be real careful about where regulation goes into play. On the other hand, I would say that no regulation is not an option either. But I think we've kind of over rotated on that a little too much. And I'll give you a good example of this. When you have a breach, one of the things that is often a question that comes up is, was the breach material?

And for those of us that have played in that world and understand what materiality means, it's pretty clear when something is material or not. But here's the reality. When you first identify a breach, it may not be material when you first identify it. But as you start to look through your investigation and go through the process of trying to determine, okay, so how wide was the breach, what was impacted? You might be several days down the path of this really intense work of trying to determine the scope of it, only to learn several days later that, okay, yes, it was material. It's crossed the threshold because initially it did not include enough of an impact to consider it to be materially impactful. But as you go through the investigation, then you do determine that.

The problem is that when you look at the legislation and the regulatory requirements that are on the books, there's not a lot of guidance there on it. Now, some of it says when you determine that it's material, but I'd like to see how that plays out in the court of law because one could then argue, well, maybe you should have known that it was material day one, and in reality, you may not know that. And so I think these are great examples of where things get a little fuzzy and we have to give people a little bit of time and give them a little bit of grace to understand what is it that they're dealing with and what is being impacted and then take the right actions.

Now, if you're dumb and you make stupid decisions, then, yeah, you should be held accountable for that. But if you're doing the right thing and doing the right thing on behalf of your customers and your stakeholders, your investors, your shareholders, then great, all the more power to you. And if that takes you a few more days to figure it out, take the few more days to figure it out. But this is where I think you have to be real careful about how these regulatory bodies kind of get their fingers into these decisions. Because, again, technology is not perfect. And the way that these different situations play out, they're not unique or, I'm sorry, they're not common. They're very unique in the way that each one plays out.

And so I think that's one thing that we have to think about as we cautiously go down this path.

42:05 - Balancing Innovation and Governance for AI Adoption in Enterprise Environments

Matt Brickey: Speaking of cautiously going down a path, let's transition into a couple questions around AI. I want to focus not so much on the technology itself, but more the CIO lens of it. So I'm going to ask you a question, kind of a scenario. If you're on any of the news sites, right, the amount of new companies and new products that are coming out that utilize some version of AI, you get a picture, you upscale your picture, you can make a movie, you can do all kinds of things that at work. It can create presentations for you. It can do a lot of things for your user community. How does the CIO look at that from a standpoint of not controlling it, but making sure that their environment stays safe and that they have trustworthy vendors that they're using with those AI tools?

Tim Crawford: Yeah, it's a complicated answer. And again, I've seen the gamut of cios that want to control, and I use that term, that word very carefully because in the early days of it, early days of my career, back late 80s into the 90s, command and control was the way that you ran an it organization. You would never do that today. But unfortunately, there are still some that believe that is the way to run technology. And so when you look at these new, innovative technologies like AI, it comes back to how do we control it? How do we make sure that our users can't do certain things? In some cases, I've seen where organizations will block all AI domains. In other cases, you'll see companies that will block access to things like chat, GPT, and Bard. Those are not the answer.

We have to get more sophisticated with it to understand what are the right guardrails to put up so that we can encourage people to experiment with these new innovations, but at the same time, help them be successful and protect them from doing things maybe they shouldn't. Like, for example, taking protected data, let's say regulatory data, and serving it into Chat GPT to write a press release of announcement that is highly regulated, let's say financial data that has not been publicly announced yet. Okay, that's a problem. But what I found was that those folks didn't understand how it worked, how the technology worked.

And so it's a great example, and I wrote a blog post about this in more detail, but it's a great example of where a little more education would be helpful in helping these employees do the right thing on behalf of the company. A lot of times, the reason why they're doing what some might look at as the wrong thing is not because they're intentionally trying to harm the company. I mean, sure, there are those people that are intending to do that, and they should be prosecuted to the full extent of the law. But the vast majority that I see, they're just trying to get their job done. They're just trying to find a better, easier, more effective way to do it and trying to do right by the company. The vast majority of folks are trying to do that.

And so I think the important thing there is find ways to educate them, find ways to put the right guardrails in place, but don't try and be overly controlling with this new technology.

Matt Brickey: Do you foresee that, again, staying with the CIO Persona that they're going to receive, I'll just say pressure from business leaders that, why aren't we in AI? Very similar to a few years ago. Why aren't we in cloud? Are you experiencing that now with your clients?

Tim Crawford: Yeah, it's already happening. Unfortunately, we saw the cloud edicts that came out. Thou shalt use cloud from boards. A board of directors is a governing body. It's not an operational body. Right. That's what the elt. That's what your executive leadership team is intending to do. The board of directors should be a governing body. And so when I started seeing that boards were putting out these specific edicts to use specific technology, I mean, that's just a really bad situation on multiple levels, and we could have a whole podcast just talking about that and why. But I am seeing a little bit of that with AI, not nearly as much, and I don't think we will see as much because we've quickly gone through a cycle that cloud didn't have as quick of time frame to go through.

Meaning cloud took a little longer for us to understand the pros and cons. Before those edicts started coming about, a lot of the lighthouse companies that had started working with AI, and specifically generative AI, that's what we're really talking about, because AI has been around since what the. We've been doing different forms of AI and machine learning for decades, but generative AI is really what is concerning and what people are talking about today. For the most part, I'm not seeing as many edicts. I do see some that are coming out. But the good thing is we already have some of these lighthouse companies that went through the early exploration and realized that, yeah, there are some good things, but there are some risks here, too, and we need to be really cautious about that. And that could involve bringing more risk to the company.

And you start putting that on the table with very concrete examples like intellectual property leakage, bringing outside intellectual property into your organization and using it in an unauthorized way. Those are very simple examples that boards can understand, and the last thing they want to do is put an edict out that brings in risk without being able to quantify and understand that risk in more detail. So we have the benefit of that, which I think will keep it from happening.

Matt Brickey: Okay, good. Do you see most of your clients looking towards the cloud platforms to use the AI products and services they have, or do you see more of?

Tim Crawford: Yeah, so, you know, initially it was a diy, let me use the building blocks and the tools, and when they did, they were using public cloud resources to do know from Amazon and Google and Microsoft. However, as they've gone down that path, they very quickly realize that, holy cow, this requires a lot of specialization and a lot of expertise that my organization does not have, number one. Number two, if I tried to find those folks are hard to come by. And number three, if I can find those folks, they're bloody expensive. And so I do think it's a situation where they very quickly understood that aside from the risks that I alluded to a minute ago, there's also a reality of this is not a technology that we can easily consume through building blocks.

And at the same time, the enterprise software, hardware and services companies were starting to figure out on their own, and they had the girth, the space and number of customers to be able to amortize these expenses. But they were very quickly developing ways to put that technology into the existing products that these companies were already using. So the way that enterprises are evolving, the consumption of generative AI is moving very quickly from just consuming building blocks that run on public cloud to, in a large way, just consuming it through the existing tools and software and services that they get from their enterprise vendors. And that's a good thing for a couple of reasons. One, it doesn't create as much of a constraint in the marketplace for the specialization of these individuals.

Number two, each of these enterprises don't need that kind of horsepower in their organization for the most part. There are some exceptions to that. And then number three is these companies already know how to put the right guardrails in place to ensure that data is being used in an appropriate way. So the individual company, the individual customer doesn't have to contend with that too, because data leakage and ip leakage, not ip, Internet protocol ip as an intellectual property becomes a real concern when you start getting into generative AI, both egress and ingress. And so having these enterprise software, hardware and services companies build that into their technology is actually a great thing because they have the expertise of how to do it in the right way, and I don't have to do that as a customer, which is.

51:49 - Realizing the Potential: Navigating the AI Hype Cycle and Beyond

Matt Brickey: A couple more questions on the AI machine learning. It's called a hype cycle for a reason. Give me your opinion on do you think that AI is going to drive the amount of business value that's being hyped now, or do you think that's a little bit overblown.

Tim Crawford: I actually think it's going to drive a considerable more amount of business than what we're talking about today. I think it has a lot of legs, a lot more to go. We have definitely gone over the top of the hype cycle and we're in what, the trough of disillusionment? We've definitely crossed that boundary probably about six months ago. It came pretty early, went up the cycle and back down pretty early because you had these lighthouse enterprise customers that were trying to use the building blocks and they got burnt and they started to realize pretty quickly, whoa, we need to be smarter about how we use this technology. Doesn't mean don't use it, doesn't mean block it. It means we got to get smarter about how we do it. We got to think, we got to use that brain power to use it appropriately.

And so we are in that climb out from the low point and starting to find real ways to take advantage of it. But I think as we go down that path, we're going to not just explore, but we're going to discover new ways to use this technology and new opportunities and new tams for these companies, expanded tams for these companies that we just didn't have access to in the past. And I think that in its own right, creates opportunity all around for customers, for stakeholders, for investors, for companies, for employees, for leaders. Everybody wins. We just have to be smart about how we go through it. Great.

53:55 - Outro - Embracing the Future: Navigating Opportunities in Technology

Matt Brickey: So with that looking ahead, crystal ball kind of things, what are the innovations that have you the most excited for the next 510 years? AI is one, right? We've discussed it. But is there anything else that is piquing your interest in seeing the same type of innovative potential?

Tim Crawford: If were having this conversation a short two years ago, I would have been able to articulate some things in that three to five year horizon. If we look at just the last twelve months and how far, how wide reaching generative AI has come from and gone to, the actual speed has accelerated at such a pace that it's pretty hard to look three to five years out with any degree of accuracy today. It's pretty surprising. Just based on what we've done with generative AI, I do think what is really going to drive the opportunity is going back to something I was saying about people and soft skills is where's the imagination?

Who has the imagination to think about new ways and new questions to ask and new opportunities and finding those kind of hot spots, diving into engaging with customers in a more fruitful way, improving your supply chain and doing more clever things in your supply chain, finding new ways to expand your employee base. Kind of going back to my big three of employee experience, customer experience, business operations, when you start to kind of delve into the data, and I think the real opportunities are going to come with data and analytics, not just generative AI, but analytics across the board. As you start to delve further into that, I think this just opens the door to a number of other opportunities.

And then as we get more comfortable with it in the next, say, two to three years, because it's going to take some time to build up that trust, then we can start layering things like automation into the mix. And now it becomes really interesting because the speed in which we understand these insights and can react to them starts to improve, which then improves our business situation. But let me be clear. I'm not talking about artificial intelligence in the pure form, which has a cognitive component where all of a sudden computers take over the world and the rest, that's quite a ways out. So we're okay for now. At that point, we might have to start questioning humanity and some of the decisions we make as humans.

But for the time being, I think there's a ton of opportunity to learn, to explore, to gain better insights. And it's going to come from everywhere, from climate and sustainability to how we think about people, how we build and improve upon cultures and economies and businesses, and engage with customers and the value we create all around the value of life. And so, yes, there's a ton of opportunity, but again, it comes back to who's got that creative gene and can think about it in your company's domain as to how you can really kind of change lives. Think about healthcare and what we could do, financial services, there are some amazing opportunities, and I think that's what we'll be exploring here in the next, probably two to three years as we build up trust and find opportunities for automation.

And then longer term, I think we get more interesting stuff coming down the pike. I think then things like quantum and new ways to compute and new ways to leverage this technology start to come into focus more than it is today. But I think that's probably five-plus easily years out.

Matt Brickey: So, Tim, final question, one I like, but if our audience forgot everything that you said, except for one lesson, what would you like them to walk away with?

Tim Crawford: There is a lot of opportunity to come in technology and for those working in technology today, but it requires you individually to think about where that comes from, not someone to tell you not someone like me, not someone like Matt, but for you to think about where that comes from and what you can contribute. And I would encourage folks to think about those soft skills, think about how you can be a better person and where technology can fit in, and then explore.

Matt Brickey: Great, Tim, thank you for the conversation. I really appreciated it. That wraps up this episode of Cloud Currents.

Tim Crawford: Thanks for having me.