Saturday, September 19, 2009

CrossCourts Pro Invitational Squash Tournament in Boston, USA

By Sarah Cortes

Most of you know me primarily as a technology writer, covering information security, compliance, risk, surveillance, privacy and privacy law, cybersecurity and the White House cybersecurity program for TechTarget Media and other publications. Readers of this blog know I write on a variety of other topics of personal interest to me. I also liveTweet a number of events, where the hand is quicker than the eye. For non-Twitterers, liveTweeting is just using the Twitter platform to report events live.

Yesterday I liveTweeted the excellent matches at the CrossCourts Pro Invitational Squash Tournament at Natick, just outside Boston, Massachusetts, USA. In order, we were offered some remarkably fine matches: Sharplin vs. Chaudhry, Palmer vs. White, Quick vs. Kenny, Razik vs. Illingworth.

Between 6pm and 11pm reporting consisted of 56 tweets, rife with typos reflecting the speed required of live reporting, about half of which covered the final match between Julian Illingworth, USA and Shahier Razik, Canada. This predictably reflected the approximate proportion of time all players spent on court: the Illingworth-Razik match consisting of five games stretched over and hour and 20 minutes.

Each match had its own flavor. Sharplin vs. Chaudhry pitted a hugely popular local coach, Daniel Sharplin (local- via New Zealand) against the Chaudhry, the reigning collegiate national Champion from, where else, Trinity.

Palmer vs. White, two foreigners now making the US their residence, a contrast in styles, periods, and fitness in a match conveying a flavor of longtime tourmates.

Quick vs. Kenny, the US's longtime highest-ranked player and Boston resident vs. the classic Irishman. 5 tweets total.

Then, finally, Illingworth vs. Razik. Illingworth, currently world #33, the highest-ranked US men's player ever. Razik, #27, current Canadian national champion, a highly experienced and respected player, known for punishingly long matches. Last night's match went to Ilingworth, his second win over Razik in their 5-match history. CrossCourts invitational is not PSA, so the win is welcome for Illingworth, but not official.

In interviews afterwards, both players voiced the standard expressions of mutual respect we have come to expect from world class athletes who spend their lives traveling the world more or less in a pack. Illingworth laid out the focused goals we expect of a younger player climbing the ranks. Politely appreciative of the media coverage afforded in a sport where the skill and effort are all out of proportion the the media attention received, Illingworth explained candidly his limied experience thus far with twitter. To wit, two Tweets. Gamely agreeing to participate in this livetweeting experiment, he will attempt to review the livestream in retrospect and make constructive suggestions for tonight's matches. He wasted no time continuing his warmdown during the interview. Explaining why he skipped Egypt, where the rest of the squash world is now gathered, he referenced the high quality of the matches on offer for him and the cost/benefit analysis of travel time vs. training time.

Shahier Razik, as expected, displayed the polite professionalism for which he is known, among other things, and echoed his appreciation for his squash media coverage to date in a world where coverage seems to be shrinking while the sport is expanding. He provided the same refined cost/benefit analysis when explaining his own absence from Egypt last night. As evidence, his charming wife Jacqueline was onsite to express her appreciation for Razik's support of her brief, albeit highly successful squash career to date. Razik also confessed his lack of familiarity with Twitter, but grasped the value of the experiment and graciously agreed to provide his feedback when reviewing the livestream before tonight's events.

Boston is thrilled to host these world class professionals and the liveTweeting experiment, which we will continue shortly in the final matches.

copyright 2009 Sarah Cortes
Reblog this post [with Zemanta]

Sunday, September 6, 2009

Social Media and my Escape from Spinal Surgery in Rural Pennsylvania

By Sarah Cortes

ZDNet/CBS link to Mark Krigsman's article about this story

Everyone wants to know why I'm wearing this Darth Vader outfit. The truth is, I’m smiling, but I'm still in shock from what happened to me a few days ago in Ithaca, NY and rural Pennsylvania. The short answer is that I fractured my spine, thanks for your concern. So then the question is, how did it happen? I mean, I'm wearing this big, scary-looking Freddy Kruger torso brace. How in the world? And why do I seem so happy?

I explain that Twitter (I'm @SarahCortes) helped save me from entrapment and unnecessary surgery in rural Pennsylvania, and that I still feel lucky to have escaped unparalyzed. Compared to which, 4 months in a torso brace seems like a stroke of luck. To add insult to injury, I was robbed of my money and credit cards while helpless, immobilized, and far from home. Astonished when Beth Israel Deaconess police officer Kevin Carroll relentlessly tracked down my property and obtained the return of every dollar, that’s the part that leaves me smiling. Officer Carroll, Dr. Paul Glazer, Dr. Lars Richardson, and Beth Israel Deaconess, you've proved that excellence in health care still exists. I'll never be able to thank you enough.

But more than that, mine is cautionary tale of seeming victimization due to my exceedingly comprehensive health insurance. Not only fully insured, I am lucky to happen to carry the most comprehensive possible coverage, despite my excellent health. It never occurred to me that carrying high-level heath insurance would mark me as a candidate for unnecessary surgery. I found out otherwise while helpless, immobile, and far from home.

You jumped from a 50’ bridge?

UPENN Students Bridge Jump in SchuylkillImage by Vincent J. Brown via Flickr

Injured jumping from a 50’ bridge with my son Cody into a quarry pond at Cornell University in rural Ithaca, NY, during a squash tournament, I lay helpless and still, unable to speak, on a high ledge by the shore where I had dragged myself out of the water and collapsed. I was taken by ambulance to Packer trauma center in rural Pennsylvania, where a second nightmare began. With a fractured spine, but otherwise excellent health and no medical problems, Packer staff, upon learning I had top-of-the line health insurance, prepped me for immediate “reconstructive spinal surgery” and a lengthy recuperation in Pennsylvania.

I requested instead to be transferred to my home in Boston for treatment. Boston hospitals had more experience and a higher volume of this complex surgery, I pointed out, a fact with which no one could disagree. But more importantly, they were asking me to leave my son for what seemed like an extended time. Out of the question, and very upsetting, to say the least.

At first appearing to concede to my request and agreeing to order a helicopter for my transfer, Packer staff changed suddenly and turned hostile when, with the help of Twitter, I made actual progress effecting the transfer. Twitter helped me get the word out to the outside world what was happening to me.

I have been Twittering for about a year. I’m a technology consultant, and I Tweet about information security, surveillance, IT compliance, data privacy, cyberstalking, and the White House cybersecurity plan, which I cover as a writer for TechTarget Media. I never imagined how important Twitter would be to me outside of professional interests. My followers and my regular doctor helped me obtain an “accepting” neurosurgeon in Boston at Beth Israel Hospital, and encouraged me not to give in. That's @JoselinMane in the picture with me at @SteveGarfield's BostonMediaMakers, who took some of the pictures and encouraged me to tell my story to help others avoid a similar fate.

The costume of the science fiction character D...Image via Wikipedia

That neurosurgeon, Dr. Paul Glazer, upon consulting with me and my regular doctor by phone, rendered the opinion that since I had swum independently, however painfully, to shore, and stood up briefly, and had full sensation everywhere, that it was modern protocol that I should next be given a mobility test. “You’ve already passed the mobility test when you swam to shore and stood up,” he explained. You are likely able to walk and leave that hospital now with a brace.” He advised immediate medical transport back to Ithaca so I could collect my son and return to Boston for less invasive treatment. It was 7:45pm, only 6 hours after the injury. My ordeal had only just begun.

Packer staff insisted I still needed immediate spinal surgery. They then declared that because they were “qualified” to perform such surgery, the question of whether they were best was irrelevant, and they would not authorize transfer. Sympathetic nurses quietly mentioned I was one of few patients who had any form of health insurance and tried to help me obtain release. “This is about the money,” I thought. Not just the money, they said. Rural trauma centers need to keep up their numbers of severe cases like mine to maintain their accreditation. I was beginning to get the picture.

My pleas with Packer staff that I could not leave my son and undergo such a potentially lengthy ordeal at an inexperienced facility far from home fell on deaf ears. They tried numerous maneuvers over 48 hours to hold me there against my will. Unbelievably, tactics included:

Threats that my insurance would not pay any expenses if I did not accept their treatment. My bill was already in the many thousands of dollars, they informed me.
Intimidation that if I did not stop resisting their treatment I could be paralyzed
Impeding my communication with Boston doctors by needlessly limiting my phone access. Thank God for Twitter and iphones.
Initially refusing to speak with my Boston neurosurgeon themselves, claiming they were unavailable
Eventually upon my insistence, refusing to make the Packer neurosurgeon available to my Boston neurosurgeon for consultation, instead making only the first-year resident available to him, on the grounds that “this is a training hospital, so we have the most junior person possible handle the cases so they can learn.”

The Corinth CanalImage via Wikipedia

Stating falsely to me that my neurosurgeon was in agreement that I should be treated at Packer, necessitating me paging Dr. Glazer 4 times in the middle of the night to discover the truth, that he had not even spoken to the Packer neurosurgeon. This was because when he called, he was told Dr. Thompson was at first, “unavailable,” and later, he was only able to speak with the resident.
Attempting to cut off my access to Twitter and phones. Requested to bring a phone as the first nurse had done, a second shift nurse briefed by staff as to my supposed intractability snapped, “that’s not happening.”
Blocking insurance authorization by attempting to wrongly characterize their facility to insurance as “the best to provide this procedure,” over Beth Israel Boston. A losing battle for them in the end, but that didn’t prevent them from trying.
Contradicting my Boston neurosurgeon’s information that they were failing to follow modern spinal injury protocol, which called for giving me a mobility test
Refusing myRoosevelt Dam Bridge from Arizona Trail Boston neurosurgeon’s advice to give me such a mobility test, keeping me needlessly physically restrained, immobilized and helpless “to prevent paralysis”
Questioning Dr. Glazer’s competence. He is, among other qualifications, an assistant professor at Harvard Medical School.
Ignoring my information that I had swum independently, however painfully, to shore, and stood up briefly, indicating my mobility
Attempting repeatedly to medicate me with 8cc of morphine when I adamantly refused narcotics, insisting my pain was not great
Isolating me needlessly in the Intensive Care Unit to prevent my communications with doctors and insurance representatives
When I insisted on transport, presenting me with forms to sign in the middle of the night agreeing my medical transport was voluntary and taking personal liability for thousands of dollars in medical transport costs
Claiming the brace-fitter, required to enable my transport, was tied up for 2 days. A stretcher attendant unwittingly revealed upon my questioning on the way back from the MRI that the fitter was immediately available with nothing else to do, and brought her into the trauma room. After discovering staff was angry this had happened ahead of their schedule, the attendant pleaded with me not to explain how I had gotten the brace so quickly, “I could lose my job.”

Other elements of Packer’s care included:
Refusing me food or glucose after I objected to immediate surgery, first explaining I could not eat before surgery then refusing any explanation
Leaving me alone for hours in the Trauma Room. After I stood up for myself, nurses and medical personnel would no longer respond to my calls for help in my immobilized state. “This happened to another woman from Texas not long ago,” one of the staff whispered at one point. Stick to your guns. Her surgery went badly and she was here for two months recuperating. They refused to authorize her transport and she ended up taking a commercial flight to get back to her doctors in Texas.”

At this point Dr. Glazer advised me he was “uncomfortable” with Packer staff, and advised me to “get out of there.” I told him how they were trying to prevent me from leaving, and suggested that I was so desperate that I wanted to simply rip out all the tube and wires, call a taxi, and struggle out back to Ithaca. He advised that they were taking an astonishing chance by not sending me in an ambulance, but encouraged me to depart by whatever means necessary. It was midnight.

I repeatedly rang for a nurse, sat up, and ripped out my monitor wires. The nurse appeared, and I asked for the resident. He appeared and I asked him to substitute a female nurse for my male nurse, since I wanted my catheter removed and my IV out. Whereupon residents and medical staff came flying into the trauma room from all directions.

“Who will be liable if you leave here against medical advice?” a doctor asked, trying to intimidate me into obedience. “Yes, who, indeed?” I demanded to know. He fell silent, aware of the real answer. “If you leave against medical advice, your insurance will pay nothing of your bills so far, and it is in the many thousands! Your transport is medically unnecessary! We are the best qualified to operate on you! If you go to Boston, it is up to you to pay the expense, we cannot authorize it!” All lies, I would later learn. Unable to contact my insurance company at midnight, “I will stay here only until they answer the phones in the morning,” I conceded, exhausted, and lay back down for them to re-wire and re-immobilize me. I thought of Cody in Ithaca, with my friends for the night but without his mom.

I had to battle all the next day before succeeded in obtaining medical transport to Boston at 4pm. The ambulance attendant was one of the only people who was kind and helpful. It was a small town, he explained, with not much to do. Hospital staff had regaled him for two days with the tale of the unbelievable crazy woman from Boston who stood up to the doctors and insisted on transfer.
The Golden Gate Bridge and San Francisco, CA a...
Turns out he was friends with the Packer case manager, a former EMT, who finally helped get me out. The gossip that had rippled all over Packer, about the woman who fought with the doctors while in the Trauma Room and refused to follow their orders. At that point, I wondered if I even had a spinal fracture at all. The ambulance attendant obligingly pulled my MRI and together we checked and saw the shattered vertebrae 12 clearly outlined.

Upon arriving 7 hours later in Boston, Dr. Glazer reviewed the records, gave me the mobility test, ordered a custom torso brace, and I was released shortly thereafter.

Since that time, people on both sides of the health care debate have listened to my story and pointed out it supports their views, both pro and con. I am still trying to sort out what it all means. If you figure it out, please let me know.

Oh right, I forgot the part about the robbery. Imagine my surprise when Officer Carroll of the Beth Israel Police solved the case and got back my cash and credit cards. "Do you remember the ambulance company?" he asked.

Tell me more? You've got to be kidding.
So many of you have written and asked more questions. So here are details of the story...

What happened to me is really frightening, although comical in parts. I took my 13-year-old son Cody to play in a 4-day squash tournament at Cornell University in Ithaca, NY, the North American Jr Open. It is probably the 500th squash tournament my children have played at various locations around the globe, from Egypt to Edinborough, and many familiar friends and faces met us at Cornell's impressive squash facility. 50 juniors commenced match play Monday morning.


By Tuesday noon, kids were hot and needed a break. Someone suggested families try out the local quarry pond where generations of Cornell students relax by diving into the cool water. Upon arrival at the quarry behind two dozen families, we were the last to climb up on the bridge, where moms, dads and kids had already jumped several times.

Looking down, Cody and I contemplated the drop. Later measured by police at 50 ft, it was not the quaint experience we had imagined. "Not fun" I thought, jumping back down into the bridge, and Cody looked terrified. "You don't have to jump," I told him. But the other, bigger boys already in the water were teasing him about being scared, and he wanted to make friends. So I got back up on the bridge ledge, thinking that if Mom jumped, it would give him the courage to follow and join the boys below. Squash moms know, nothing is more important to overall athletic competition enjoyment and recidivism than the friendships carried from one tournament to another. Cody's older sisters, varsity squash players at Harvard and Princeton, are the result of years of similar social engineering. Bracing myself and avoiding glancing down, I jumped.
Updated image from this image at Japanese Wiki...
Bystanders explained that although I went into the water in the expected upright position, it appeared I arched my back oddly as I hit the water. No, it was not too shallow, several dozen moms and teenagers splashing happily below testified to the ample depth. It was the force of hitting the water that caused a searing pain in my back as I plunged deep below the surface.

Opening my eyes underwater to find the direction of the light, I could barely move. Twisting helplessly underwater, after a few seconds, my options were: swim, or...drown. My dive had not looked noticeably wrong, and help was not forthcoming. My first thought was of Cody on the bridge above, and how to prevent him from jumping and hurting himself like me. Images of him falling to his death flashed across my mind and I struggled to reach the surface to prevent him from jumping. I tried to recall the direction of the shore, and paddled weakly as I rose slowly to the surface. When I finally popped above the surface of the water, I could barely breathe and could not speak. Onlookers asked if I was OK, and I was unable to answer. Onlookers assumed I was ignoring them and continued their activity. The image of Cody plunging to his death or permanent disability kept flashing through my mind, and I felt a panic... I had to prevent that.

"Can Cody jump?" called down a mother from somewhere above? "No!" was all I could shout, drifting weakly to shore. "No, no, no." "Do you need help?" someone asked. I was unable to answer, but still no one realized the reason for my silence. Struggling, I pulled myself up on a rock. "No big deal, "I told myself, "You’ll be fine in 5 minutes." "Do you need help?" someone asked again. “No, I'm fine," I said, struggling to my feet. I didn't want Cody to know I was hurt and worry. I wanted him to have fun. I pulled myself up on a narrow stone ledge, on the other side of which was another 30 ft. drop. It was the last time I would move independently for 48 hours.

An ambulance appeared within 2 minutes. I would later learn that this ambulance had been called earlier due to 3 other injuries sustained minutes before my jump. The driver mistakenly assumed I was the caller, fortunately for me, and my predicament began to attract the notice of the rest of the squash families and Cody. Barely able to speak, I stared up into the sky while medic after medic and police arrived at the scene. I was braced, and loaded into the ambulance. Insisting I would be fine but anticipating a long, boring, and ultimately, I imagined, pointless emergency room ordeal, I cheerfully insisted Cody stay with our friends and the rest of the kids and refused all offers for friends to accompany me to the hospital.

That is where the real nightmare began.
Three bridges from another angle

"Where are you taking me?" I gasped, gathering my wits. "Do you have a preference?" they responded." I looked from face to face and reflected on my location in rural upstate NY. "I have excellent health insurance, where is the very best place?" I replied. "Sayre, Pennsylvania trauma center," they replied. Running through my options, it seemed that was my only viable one. And so I left the state, apprehensively.

Well over an hour later, I was rushed into an enormous trauma center and surrounded by dozens of medical personnel. They ran through a prescribed spinal protocol with military precision. I was a "Code," classified as a hi-urgency situation. Restrained to prevent any movement that might cause paralysis or permanent injury, I lay helplessly and waited for the ordeal to be over. With full feeling in my arms, legs and neck, I was cleared of immediate paralysis concern. My bathing suit was snipped off and I lay, still helpless, while my body was minutely examined for further signs of trauma. I thought of Cody back in NY and closed my eyes.

Minutes later, I headed for CAT-scan and MRI. If I needed surgery, they explained, I would be fitted with a body brace to temporarily prevent any movement while I was prepped. If I needed transport elsewhere, I would need the brace prior to helicopter or other transport. I sent out my first tweet since the morning when I got a signal in the corridor. Jumped off a bridge, in a hospital in PA, I tweeted. No one in the hospital noticed. I texted Cody that I was fine, not revealing my actual location lest he worry.

The neurosurgeon rendered a swift diagnosis. "Spinal fracture confirmed, V-12." The impact of the water surface had traveled up the fluid part of my spine and exploded on vertebrae 12, the first one fixed at the base of the rib cage. "Reconstructive spinal surgery," were his words, along with a lot of other confusing ones. I asked the nurse to write them down on a paper towel so I would understand what was happening. Because the doctor had already disappeared.

Alone with a nurse and a first year resident in the Trauma room, they explained I would be prepped for surgery. I would not be able to climb stairs, maybe for 6 months, they explained. I would have to get a porta-potty and move into my living room for a many-months recovery from the surgery. I saw their lips moving and I heard the words come out, but I could not comprehend them. These people were not real, I concluded. If there was any talk of surgery, I will have it in Boston, I stated firmly. "They'll transport you in a helicopter," the nurse explained, "They use it for just about any injury. We had a simple ankle fracture a few days ago and they gave her a helicopter. So they'll definitely give you one." "How soon can I get the helicopter?" I asked. All I had to do, they explained, to start a transfer to a Boston hospital, was get an "accepting neurosurgeon" to agree to accept my case.

I sent out my second tweet on the way back into the trauma room, "Trapped in hospital in rural Pennsylvania, fractured spine. Need a neurosurgeon in Boston," I tapped into my iphone on Tweetie. Frantically texting my non-twittering friends at the tournament, I arranged for them to look after Cody. As I reentered the Trauma Room, the signal cut off.

I would learn later that the doctors and staff never expected in a million years that I would get an "accepting neurosurgeon" within the hour. Even my own doctor could not believe it when I told him later. "How in the world did you get an accepting neurosurgeon so fast?" she asked. "Is that hard?" I asked back? "Well, more like, impossible," she explained.

The answer was a combination of Twitter and the squash world. Twitter friends sent me advice and expressed their concern and support, which I could only receive in snatches when I was moved from one test area to another. Mainly stuck in the trauma room, which no signal could penetrate, a sympathetic nurse conspired to bring me a phone from her station.

Lars Richardson, MD, of Meeks & Zilberfarb, PC is orthopedist to the top athletes in Boston, including many professionals as well as college varsity athletes. He has been on call for my family of little athletes since they were 10 years old, the age at which today's mini-athletes develop their first knee problems. Consulting my iphone and encouraged by my Twitter followers, I placed my first call to Meeks & Zilberfarb, orthopedists, at 4:45pm, about 3 hours after the accident. "I'm in a trauma center in rural PA and I need Dr. Richardson to refer me to his neurosurgery partner," I explained. "Dr. Richardson is busy. You'll have to ask your family physician for a referral," dismissed the receptionist. "No, this is a serious emergency. Dr. Richardson can just refer me to your neurosurgery partner in 30 seconds. I need to get out of here as soon as possible." "I'll send him an email and he will try to get back to you by the end of the week," she replied. "I need him paged now," I said. She put me on hold. The nurse kindly waited on hold for me for 30 minutes before giving up. I later realized she was quietly determined to help me help myself.

Frustrated, alone, immobilized, and cut off from the rest of the world, I turned to Twitter and asked again for neurosurgeons. The names of top doctors at MGH came back. I started the difficult process of calling new neurosurgeons. Later, after offices closed and the receptionist went home, I paged Dr. Richardson. He responded immediately. "Dr. Paul Glazer, Beth Israel," he said. He called back within 5 minutes, having obtained his partner's "acceptance" of my case. Thank you, Dr. Richardson. I'm sure you never expected when you go that call you would make such a tremendous difference to the direction of my case, and the next several weeks, months and years of my life.

Dr. Glazer called me seconds later. With information and encouragement from my Twitter followers, and Dr. Richardson, I had my "accepting neurosurgeon" and my ticket out of hell. But it would be days yet before my ordeal was over.

Could I move my arms and legs? I had swum to shore, I told him. The protocol in these cases is for them to sit you up slowly and give you a mobility test, see if you can walk, he said. The protocol they are using on you, total immobility, that is an old protocol, not used anymore. Today's treatment calls for them to give you a mobility test."

"Dr. Glazer wants to speak with the neurosurgeon here," I told the only person I could find, the first-year resident. When he returned, his attitude had changed. Accompanied by the 3-year, his senior, I was informed that Dr. Glazer had agreed I was best treated in Pennsylvania. "What?" I laughed. "Not possible." I would later learn, after another page, they had refused to connect Dr. Glazer with Packer's neurosurgeon. The nurse defended this, on the grounds that "we're a training hospital, so the most junior person handles each case to train them." I demanded of the 3-year resident why Dr. Thompson was unavailable when mine in Boston was responding to 4 pages throughout the night from his dinner table. Summoned the 3rd year resident, who hurriedly contradicted this, and stated that no one had ever said Dr. Thompson was unavailable. He repeated this over and over.

I paged Dr. Glazer for a 3rd time that night. He was finally connected with Dr. Thompson. The nurse was fiddling with my IV. "What are you doing?" I asked. "We're giving you morphine," he explained. I refused, and the nurse argued with me. I don't want narcotics, I don't need that. 8cc they were preparing for me, a 115 lb woman. I twittered and texted my friend. "Hold firm. Refuse morphine if you can stand it" was the advice.

11:25pm, 3rd year resident again. "Dr. Glazer agrees you are best treated here. That is final, there is no arguing. If you want to go to Boston, that is elective, we will not authorize your insurance for the transport and it will cost $20,000 for the helicopter. It will be available at 1am." I told them to send for it.

Midnight, 4th page to Dr. Glazer. He is "uncomfortable" with the medical staff there and advises me to "get out of that place any way you can." More to follow...

September 11, 2009 - I have followed readers' advice and reported this to the Joint Commission, which provides accreditation for hospitals. I'll keep you posted on what happens.

copyright 2009 Sarah Cortes

Reblog this post [with Zemanta]

Monday, June 8, 2009

Risk Management at Harvard Business School

This morning we find ourselves back at Harvard Business School listening to some of the finest minds in the country talk about "major failures in companies’ risk management practices" that led to the current financial crisis.

David Champion, of Harvard Business Review opened the discussion by posing the question: was the current f

Harvard Business SchoolImage via Wikipedia

inancial crisis "unknowable?"
Robert S. Kaplan, the Baker Foundation Professor at the Harvard Business School and chairman, Professional Practice, at Palladium Group, Inc. answers first. Prof. Kaplan sees it as a "classic credit crunch. " Together with David P Norton, Kaplan created the Balanced Scorecard." He sees the current crisis as essentially a "human problem." Financial engineering and executive pressure for growth and on share price, were two factors and nothing new. What is new, sees Simons, is "rationalization...that greed is good...and self-interest is a defining principal...and some people can be smarter than anyone else and can capture value better than anyone else." He felt the measurements they used gave them a "false sense of control," enjoying the numbers but failing ot appreciate the complex assumptions behind the numbers.

Robert L. Simons, the Charles M. Williams Professor of Business Administration at Harvard Business School and an expert in performance measurement and control,
talks about "responsibility and rationalization."

Mikes says, "blaming modeling is not good enough, because models don't make decisions, people do." She sees risk managers tied to the view that all risks are quantifiable. The "ultimate fragility of risk models," is one of the lessons of the current situation, because they are so heavily based on assumptions is where they fail. Different risk areas lend themselves to quantifiable models, other do not, points out Mikes.

Peter Tufano, the Coleman Professor of Financial Management at the Harvard Business School, serves as the school's Senior Associate Dean for Planning and University Affairs, and sits on the executive committee of the Global Association for Risk Professionals (GARP) (, says, he would "hate to see entrepreneurs stop being entrepreneurial."

Acording to the program, Michael W. Hofman is "Vice President and Chief Risk Officer at Koch Industries, Inc., a privately-owned Wichita, Kansas, based group involved in re

CAMBRIDGE, MA - JUNE 7: Microsoft co-founder a...Image by Getty Images via Daylife

fining and chemicals; process and pollution control equipment and technologies; minerals and fertilizers; polymers and fibers; commodity and financial trading and services; and forest and consumer products. He is a member of the executive committee of the Global Association for Risk Professionals (" He sees risk managers excessively caught up in the technique of financial modeling, and losing focus on why they are doing the modeling.

Hofman sees advantages in a privately-owned company that "you are playing with real money, the owner's real money. Not shareholders money, not stock option money, not play money, real money." Mikes ponts out some companies like Citigroup who "tried to get out of te dance earlyand got really hammered...they were unable to successfully educate shareholders aboutthe kind of risk with which they wer comfortable."

Simons points out that in the 1970s the questoins was, "how do we get corporate managers take on greater risk?...That led in the 1980s and 90s to a set of performance incentives that led managers to take on more risks." Tufano sees regulatory rethinking in the Obama administration regarding capital structures on companies' balance sheets.

Kaplan returns to the Balanced Scorecard which, he explains, contains measures of the varying types of risk. He explains a 'heat map approach" which highlights high risks and reasonable likelihood of adverse consequences. "This doesn't count black swan events, very low likelihood, catastropic consequences," though, cautions Kaplan.

:The only known photograph of five Harvard pre...Image via Wikipedia

Hofman comments on all these tools that "there are times when these tools are very helpful in informing your decisionmaking. And there are other times when they just aren't. We start with the premise that the future is unknown and unknowable." The best premise for a risk manager is to assume that "whatever predictions you make for the future, you will likely be wrong." That leads risk managers to spend time considering, "what will happen if I am wrong?" in their predictions, which, Hofman feels, is productive thinking. A self-confessed reformed accountant, he feels the problem with derivatives is that the leverage is invisible.

Tufano feels greater professionalism and independence among risk managers is an answer, to which end he has devoted time and energy to GARP.

Mikes comments, "Risk manages were seen only as compliance officers or buyers of insurance. The road to professionalism and independence has been problematic for this reason."

Simons has a concern that the professionalism of different disciplines like IT and HR has led to the view among CIOs that they can then be freed up from significant personal involvement. "Risk," he says, "is not like that." Kaplan feels a problem with risk officers is their lack of line experience, sine they are staff. He feels risk officers need line experience.

Mikes points out that functions that have evolved over the last 100 years have been reframed depending on changing priorities, and she sees te rise of the "risk executive" as a possibility going forward.

Hofman responds to Kaplan's suggestion that risk managers should come from the line, however, he sees drawbacks. A line manager is too anchored by his experience of what goes on in the business, and he may need to think bigger than than. For example, what will be the effect of the global economy today? More important is a willingness to admit when the risk officer does not understand. "I don't get that, can you explain that to me?" articulates Kaplan.

Simons closes by saying we need the courage and confidence to say, "hold on, I don't understand."

Reblog this post [with Zemanta]

Wednesday, May 20, 2009

MIT CIO forum

Academic keynote

Moderator: Mr. Gary BeachPublisher EmeritusCIO Magazine

Prof. Erik Brynjolfsson, Schussel Professor of Management and DirectorMIT Center for Digital Business (CDB) - boo coming out - Wired for Innovation: How Information Technology is Reshaping the Economy, MIT Press (book) (October, 2009, In Press)

Prof. Thomas Malone, Patrick J. McGovern Professor of Management and DirectorMIT Center for Collective Intelligence (CCI)

Dr. Jeanne Ross, DirectorCenter for Information Systems Research (CISR) - has a book coming out - IT Savvy - realist in the group "don't see cloud computing as a game-changer for big companies where the challenge is still cleaning up the complex environment that has developed over the years. It facilitates small and new companies getting into businss/computing.

Erik- how to guarantee getting you fired - run a control group ...

CIO Keynote Panel: CIO Leadership and the Bottom Line

Moderator: Prof. Erik Brynjolfsson, DirectorCenter for Digital Business at MIT

Mr. Bob Greenberg, General ManagerInformation Technology Optimization, IBM

RADM Elizabeth Hight, Rear Admiral, Vice Director Defense Information Systems Agency - Vice Director of the Defense Information Systems Agency (DISA). She helps lead a worldwide organization of more than 6,600 military and civilian personnel responsible for planning, developing, and providing interoperable, global net-centric solutions that serve the needs of the President, Secretary of Defense, Joint Chiefs of Staff, the combatant commanders, and other Department of Defense (DoD) components."what is most important to the people I work with is whether we accomplish the mission."

DOD "deploys mobile wifi to sattellite communications to tactical structure. It's a long way from your dad running wire down the mountain."

"We have been working closely with Melissa (Hathaway) for the lat 18 months since the president (Bush) launched the cybersecurity intiative." Expects focus on privacy of govt employee data.

"DoD is able to offer SaaS/cloud services on government intranet to other government agencies.

I can't imagine an IT project that takes >3 months. If it does , I haven't modularized it enough." #pmp

on client data sitting in the cloud - "It just won't happen. Trust me." due to privacy and security reasons. Hight agrees, although she identifies herself and her organization as cloud computing providers - she considers their security superior to that of the govt agencies to which she is providing data.

Connected Healthcare Systems

Governance, Risk and Compliance
Moderator: Dr. George Westerman, Research Scientist Center for Information Systems Research (CISR)
Ms. Karen Kotowski, SVP and CIO, SALLIE MAE, INC.
Dr. David Blaszkowsky, Director, Office of Interactive Disclosure US Securities and Exchange Commission
Mr. Shawn Banerji, Managing Director, Global Technology SectorRussell Reynolds Associates
Mr. J. Kent Crawford, Founder and Chief Executive Officer, PM Solutions
Mr. Scott MitchellChairman and CEO, Open Compliance and Ethics Group

Enterprise 2.0
Moderator: Prof. Andrew McAfee, Visiting Associate Professor, Center for Digital Business at MIT
Mr. Marco Pacelli, CEO, Clickfox
Mr. Sid Probstein, CTO, Attivio
Mr. Raheel Retiwalla, CTO, Monitor Analytics and Clearway Technology Partners
Mr. Geoffrey Oblak, General Partner , Ascent Venture Partners

Anna Convery,CMO, Clickfox -

: Prof. Glen L. UrbanDavid Austin Professor of Marketing, Dean EmeritusMIT Sloan School of ManagementChairman, MIT Center for Digital Business

Keynote Panel: Cloud Computing

Moderator: Mr. Brian Watson, Editor in Chief, CIO Insight
Mr. Ron Markezich, Corporate VP, Microsoft Online
Mr. Ed Bugnion, VP, Cisco
Mr. Emil Sayegh, GM, Mosso, Rackspace Cloud
Mr. Bill Rogers, Chief Information Officer and VP of Information Technology, Goss International

Wednesday, May 13, 2009

Hearings on Major Revision of Expansive Massachusetts Data Privacy Law today on Beacon Hill

by Sarah Cortes

Public comment was received today on Beacon Hill on a major draft revision to MassachusettsData Privacy Law, Senate Bill 173. House Chairman Theodore Speliotis, pictured left, Senate Chairman Michael Morrissey, below, and a half dozen elected state officials presided this morning over a hearing on dozens of privacy, identity theft and credit card laws and related amendments, including SB 173.

About a dozen representatives of industry organizations plus one IT security professional testified at today’s hearing, unanimously supporting the bill, which revises MGL 93H, Massachusetts’ Data Privacy Law. The amendment makes four revisions:
The most major of the changes defers to existing federal law where applicable. HIPAA and Sarbanes-Oxley cover most enterprises. This takes a considerable burden off firms handling data records and reduces complexity.

Another major revision is the reversal of provisions that would dictate specific technical tools or methods like encryption. The revised law would steer clear of any such specific requirements.
Small firms will find relief in the third change, which requires separate standards for them.
The fourth change allows firms to take action against employees violating the security policy.

“As a major technology state, we need to get this right,” observed Anne Doherty JohnsonExecutive Director, New England Council TechAmerica, which represents about 1,500 member firms. “The current regulations exceeded the intent of the legislature and are very problematic for the reasons outlined. TechAmerica believes this legislation will correct those and is a huge step in the right direction.” Doherty, who testified today as she has in hearings on the bill over the last several months, echoed the opening statement by Chairman Morrissey. Morrissey, pictured left, stated that the hearing marked a crossroads between the approach up to the present, where the legislature expanded the scope and jurisdiction of the law beyond the borders of Massachusetts and beyond its original intent, and a possible future approach by incoming undersecretary of the Office of Consumer Affairs and Business Regulation, Barbara Anthony. (see related story.)

Bradley A. MacDougall, Associate Vice President of Government Affairs for Associated Industries of Massachusetts (AIM), also testified. AIM is the state’s largest nonprofit, nonpartisan association of Massachusetts’ employers with more than 6,500 members who employ nearly one out of every five workers in Massachusetts. MacDougall captured the essence of sentiment expressed during three hours of testimony by approximately a dozen industry representatives:
“Data protection is a top priority for Associated Industries of Massachusetts (AIM) and our members who will continue to pursue the development of reasonable data privacy regulations in Massachusetts. The delay, in the general effective date of May 1, 2009 to January 1, 2010, does not resolve the substantive issues within the current rules that impose high costs and prescribe specific technology solutions. Massachusetts cannot afford additional unreasonable regulations on employers working to protect jobs and prevent layoffs while competing in a global economy. Senate Bill 173 would provide a necessary solution in the absence of regulatory rule changes. The legislation would ensure that clear guidelines for the development of identify theft regulations be utilized to provide consistency for those entities already regulated under Federal law and further provide businesses with greater flexibility to strategically invest their limited operational and IT resources.”

MacDougall,AIM and a broad coalition of industry groups representing Technology, banking, retailers and mutual funds, among others, have been instrumental players in deconstructing and analyzing proposed legislation, explaining it to the public, raising awareness of the proposed law, and advising the legislature and Administration on issues of concern, since the TJ Maxx data breach set in motion the chain of events resulting in today’s hearing.

copyright 2009 Sarah Cortes
Reblog this post [with Zemanta]

Ranch Kimball and John Halamka at HBS

by Sarah Cortes

Another early morning at the sunny and elegant Spangler Center at Harvard Business School finds over 100 leaders of industry preparing for a double feature from two health care movers and shakers. First on the program is the well-known Ranch Kimball, President and CEO of Joslin Diabetes Center and former Secretary of Economic Development under Governor Mitt Romney. As if Kimball weren't enough, John Halamka, pictured left playing the Japanese flute, will be speaking. CIO of Harvard Medical School, among many other roles, posts and responsibilities, this high-profile medical technologist is one of the most sought-after thinkers and speakers in the world of health information technology("HIT"). Although unclear at first why these two are double-billed, it soon becomes apparent.

Kimball runs through a deck of slides with dizzying speed and stunning clarity of message. Russ Vandenpool, a board member of HBSAB, the sponsor of the event, summed it up: "Kimball takes a page directly from Michael Porter's book on competition by applying focus on quality and defect reduction to health care delivery." Although only at Joslin since 2007, Kimball explains he has retooled the center based on lessons from Toyota's famous revolution - focusing on quality of care delivery up front to significantly reduce cost and improve patient quality of life over time. Kimball shows us how tuning and focusing on eight specific service delivery points with patients early on reduces the need for dialysis and surgery later. Some pretty clear slides prove this, he explains, where the purple Joslin cost bar is clearly shorter than the green cost bar for all other providers, as everyone can plainly see for the microsecond it flashes on the screen. It's just long enough to make the point effectively. Complete economy of Kimball's message and our time.

Next up is Halamka, who we look forward to from our acquaintance with his well-regarded daily blog, "Life as a Healthcare CIO." On this topic, electronic health records ("EHR") and electronic medical records ("EMR") are core concepts. Halamka apprises us how BIDMC coordinates with Joslin by sharing medical records, a technical feat in the world of health care, we come to understand. According to Kimball, pictured right, Joslin went to all-EMR seven years ago and was, he believes, the first Harvard hospital to do so. The disarming interchange between Kimball and Halamka informs us how closely these two coordinate professionally. An insight into a human success factor behind technical coordination?

Halamka's part of the program soon conveys how far from simple is his world of medical computing. Halamka's slides reflect a close watch on the Washington pulse, including a HIT Policy Committee, an HIT Standards Committee, and "Regional HIT extension centers." The first of these, the HIT Policy Committee, is apparently focused on "meaningful use," of electronic records, an elusive concept on which Capital Hill is still wandering in the wilderness. $19 billion in federal funds lie in the balance, it seems, available to spend and waiting for consensus on the best way to spend it. Only 2% of hospitals, we learn from Halamka, are currently on-line with EHR, and these funds are intended to encourage and allow the rest to get there as soon as possible. The government has announced it will divide the $19 billion among doctors, providing each with $44,000 to go into electronic records in 2011. Doctors can qualify for reimbursement if they show "meaningful use," whatever that is. As best as anyone can tell, this relates in some way to certification of the electronic method and software that doctors select against some technical standard. Guidance from HHS is expected to be available by the end of the year.

Because state law pre-empts HIPAA, Halamka notes there are, in effect, "50 privacy policies," in the sense that the patchwork of individual state policies effectively prevents information-sharing, quite apart from technical challenges. "Privacy has been protected differently in each locality," notes Halamka.

He hopes policymakers can do away with the current system whereby, after seeing a patient, the doctor calls a phone number on the patient's insurance card and "gets to argue with a high-school educated triage clerk about the appropriate diagnosis." Halamka's cynical humor conveys a deep-seated frustration with the current system, coexisting curiously along with what seems like good-natured optimism that we nevertheless can and should improve health care.

Halamka flashes a detailed slide on the data interoperability capability for all providers in Massachusetts, called the "MA-Share Appliance." Apparently this is opensource software, "built on a common messaging gateway," by which health care providers can communicate with each other to improve quality of patient care delivery.

He shares that he was the fourth human to have his genome mapped as a way of illustrating the rapid way the cost of such sequencing is coming down, from $350 million for the first human (which might include all sunk costs to that date. Or the special carrying case), to $100 million for the second, $100,000 for the third, and his cost only $10,000 for genome sequencing.

Halamka also shares that his annual budget is $30 million, which is 1.8% of revenue, always an interesting data point for IT professionals

Kimball, scheduled tightly, rushes off apologetically after Q&A, while Halamka lingers graciously a few minutes after the meeting ends as a crowd surrounds him, eager for every word with this oft-quoted, pace-setting CIO.

copyright 2009 Sarah Cortes
Reblog this post [with Zemanta]

Tuesday, May 12, 2009

Testimony of Sarah Cortes before Massachusetts Senate on Massachusetts Data Privacy and Security Laws

Testimony of InmanTechnologyIT of Massachusetts
Sarah Cortes, PMP, CISA, President
Before Chairman Michael W. Morrissey, Chairman Theodore C. Speliotis and Members of the Joint Committee on Consumer Protection and Professional Licensure in Support of S. 173, and Act Ensuring the Privacy of Certain Data

My name is Sarah Cortes and I am a technology professional in Massachusetts. Among other services, I follow and advise clients regarding the development of rules for the protection of personal information for residents of the Commonwealth, as well as laws and regulations with federal and other state jurisdictions and internationally. I also write extensively about security, privacy, surveillance, and technology. I wish to express my appreciation to the Administration for extending the general effective date of May 1, 2009 to January 1, 2010. As a security professional, I support S. 173, which would improve upon M.G.L. 93H. However, I remain concerned about wide-ranging rules which present significant enforcement challenges and could lead to widespread noncompliance, rendering a setback for overall compliance efforts. I urge the Administration to review rules and regulations in comparison with federal and other states laws, policies and regulations, and to revise them to ensure consistency and enforceability.
I support S. 173 because it:
  • Remains consistent with Federal law and regulations.
  • Avoids technology-specific requirements that will quickly render it obsolete
  • Facilitates for organizations the enforcement of their data security policies on employees who willfully violate data protection rules, regulations and policies.
  • Protecting personal information is a necessary activity and in the interest of the public, including consumers, businesses, and other organizations. The development of a reasonable public policy is vital for our economy.
As a data security practitioner, I see my clients continually struggle with the complex nature of technology and operational implications.These clients include:
  • Fortune 500 financial services, biotech and technology firms headquartered in Massachusetts, who operate in all 50 states as well as internationally
  • Colleges and universities located in Massachusetts but with associated overseas institutions
  • Small web design and social media service delivery firms operating in multiple states
  • Medium-sized training and certification delivery businesses based in Massachusetts but operating in multiple states
  • Medium-sized non-profit organizations operating in multiple states
  • Small non-profit organizations operating only in Massachusetts but with donors residing in many states
The jurisdiction and scope of the Massachusetts law, “persons who own, license, store or maintain personal information about a resident of the Commonwealth of Massachusetts,” presents issues as well. From a technical standpoint, the difficulty of continually sifting large databases that change minute-by-minute, lead to many possibilities, including:
  • A database that contained no in-scope data and was not subject to regulations, could add a Massachusetts data record and fall in scope within minutes. Detecting the presence of Massachusetts residents in databases from minute-to-minute presents technical challenges and expenditure of resources.
  • Due to failover and disaster recovery technology as well as cloud computing, third party firms engaged in a primary business of storing data for third party clients or providing computing services for such clients could find in-scope data of Massachusetts residents on their servers or storage devices due to a failover or split-second transfer of data. These firms not subject prior to data privacy laws could suddenly find themselves subject in this fashion.
Due to these and many other scenarios, I can testify that the Massachusetts data privacy laws and regulations, as written, essentially could extend far beyond Massachusetts to include many organizations who do little or no business with Massachusetts residents. This is because firms will need to invest time and resources to develop the ability to ensure to themselves and outside auditors and examining bodies that, from minute to minute, they remain exempt.

I advise clients in a number of technology areas, including:
  • Complex Application Development/Implementation, like large projects with over 100 technical staff implementing, for example, trading systems
  • IT Security/Privacy/ Risk/Audit management, performing risk assessments and managing large security implementation projects
  • Data Center Operations Management, including vulnerability scanning but also day-to-day operations
  • Disaster Recovery/High Availability, reviewing infrastructure and network architecture and advising on restructuring for resilience; and
  • Technology Program/Project Management.

In educating and advising my clients about Massachusetts Data Privacy laws, about which there continues to be widespread lack of awareness and understanding, I find a general view emerging. This view holds that the regulations are so far-reaching, yet vague, that they are unenforceable and organizations need not fear enforcement. I do not endorse this view, and have written many papers and articles urging and explaining compliance, including an article that appears today on a national media outlet, TechTarget, understanding-the-risk-of-penalties-for-violating-data-privacy-laws/, that warns against a dismissive view, and references numerous successful enforcement actions of state and federal data privacy laws.

Nevertheless, the fact remains today that enforcement of the many state and federal privacy laws remains costly and difficult at best, with limited success.

In closing, Massachusetts will ultimately best protect its residents by analyzing similar state and federal laws, ensuring consistency where possible, and “going beyond, where no man has dared to go,” only as a conscious step with a clear enforcement plan.
Thank you for your time. I wish to state that on behalf of data security professionals in this state, we stand ready to assist in adopting rules that are effective in achieving the Legislature’s goals. Thank you for the opportunity to provide comments and I would be happy to provide additional information.

Sarah Cortes, PMP, CISA

Reblog this post [with Zemanta]

Saturday, April 25, 2009

Harvard Crimson alumni lunch

Saturday afternoon finds us at the Sheraton Commander in Cambridge,MA, with a gathering of present and past Harvard Crimson editors. Mr. Mark Penn, CEO Worldwide, Burson-Marsteller and President, Penn, Schoen and Berland Associates, is speaking to a polite crowd.

Penn regales us with highlights of his undergraduate hijinks. It seems he exposed corruption at HSA, whilst baring shocking undergraduate exam scams involving hammers to hands.

Penn's 2007 book Microtrends: The Small Forces Behind Tomorrow's Big Changes

Penn makes the point that both the extreme right and the extreme left are effectively exploiting new media methods and getting their messages out. It is the moderates who have not got their message out. He cites the Huffington Post. He thinks the Huffington Post will be more valuable than the Washington post soon. Blogging is the newest profession, everyone is doing it. But he points out that blogspots have fewer employees. They do not keep stables of reporters, they do not have union press shops. Blogging are paid as freelancers, mostly, which is unfortunate, he feels. The ultra-specialization of bloggers is another phenomenon. One change is that journalism never covered in depth many beats that bloggers can now cove. There will be the tycoons of the blogging industry, and those who aren't tycoons.

9% of voting households made over $100,ooo. In the 2008 election, 26% of voters made over $100,000. The Obama voters included 4x as many lower-income voters.

Penn observes that the professional class was largely responsible for electing Obama, and he wonders what will happen in this economic climate.

"Rationality is on the upswing for most people," among what he calls "impressionable elites." Working and middle-class voters have become more consumers of information about candidates' health care programs, while elites are more interested in sound bites.

Also people are researching everything nowadays.

Value is the new Green. The idea of value is an equally important notion. Not just providing it, but having it in people's consciousness, like Wal-mart. He points to hybrid cars as an example of where actual value of cars on offer has gone up, and people are valuing green.

Penn feels it's NOT a young people's world. There have never been so many old people. When JFK was elected, there were twice a many people under 29 as over 65. Today that is flipped, it is 1.5x as many elders as young people.

He worked for Hillary Clinton, the person he "had hoped to become the next president." He points out that a lot of top positions like Congress are still dominated by men. But he notes that women are the majority of university presidents. He notes that boys "re not doing so well," because they are dropping out of school at hight numbers than men.

So where does all this leave the Crimson? One day there will not be a print edition of the Crimson, Penn forsees.

Taking questions from the audience, Penn states he feel the Obama administration has been more effective than, for example, the Clinton presidency, which lost both houses of Congress after the first term.

When asked about the Republican party at this time, he feels unsure if there is actually currently a republican party philosophy. Maybe they should split up, he ponders. Sarah Palin boomeranged because she embodied an anti-education image, while the country is becoming more educated.

Penn observes that McCain did not win the "3am phone call" crisis-handling test. The 3am call was the economy. McCain did not handle the crisis well during the election, Obama did, and he feels thus went the election.

Current trend in media today? Penn feels that the media is overlooking the LAS's, the "long attention-spanners." He notes the web is long and full of wordiness. The recent theory has been that writing was too long and people would not pay attention, but he feels the opposite is proving true.

He calls the Bush second term the "biggest failure of communications," in modern time. Bush couldn't get any legislation passed, he couldn't get anything accomplished, and yet he wasn't impeached. Should presidents make decisions on the basis of polls? When should they set aside those considerations?

What is the direction of polling? Online or with handheld devices like cellphones? Penn sees groups like Harvard undergraduates will best be polled by handhelds, but general population need to be polled online. He notes that people love to answer polls and questions about themselves.

Future of blogging? Don't bloggers simply comment on content of news actually generated by traditional journalists? Penn notes opinion is significantly cheaper to generate than actual news coverage. He sees the most effective method of getting attention is getting on "Live on 5" and motivating them to then go online and leveraging the live appearance. There are currently 20 million bloggers, and when they were asked if they derived their primary income from blogging, 1% or 200,000 said they were.

How can the Crimson integrate blogging? How many blogs does the Crimson have now? asks Penn? It has "sort of one, now" responds Childs.

Tuesday, April 7, 2009

Bob Brennan, Iron Mountain CEO, at Harvard Business School

by Sarah Cortes

This morning at Harvard Business School. Bob Brennan, President and CEO of Boston-based Iron Mountain,
delivered a vision for the future and reflected on the notable mid-recession growth and profitability of this perennial giant in the world of Records Management, Data Storage and Disaster Recovery.

Casual observers marvel at how the company not only survives but has recently exploded galactically into the S&P 500. It seems counterintuitive for a company that seemingly shares the same challenge we see each week on the popular TV show, The Office, namely, a core business built around a mundane, semi-obsolete medium, paper, (and similarly semi-obsolete medium, magnetic tape), in a hip digital age.

At the breakfast gathering in HBS's sparkling and sun-drenched Spangler Center, sponsored by the HBS Association of Boston, Iron Mountain materials summarized the firm's fortunes: "In 1998 Iron Mountain was a $400m physical box and tape storage company with operations entirely within the United States. Today, they have $3b revenues, operate in 38 countries on five continents, and have completed more than 250 acquisitions."

Make that 300 acquisitions, according to numbers Brennan quoted this morning. Things have been picking up in 2009, it seems.

His vision for the future and ambition is similarly galactic: "Adding technology services that increasingly will bring us into competition with IBM, EMC and Microsoft." We asked Brennan to throw a spear to pinpoint his definition of "technology services." Iron Mountain's growth has largely been fueled by its Document Management Services (DMS) division, which pretty much means image storage. A huge area with room for growth, but storing images of printed paper is a different goldfish pond than the growing online, real-time digital data backup and storage business. For their largest client sector, financial services, which Brennan today revealed accounts for 20% of Iron Mountain's business, data storage and backup means transaction records in database form. It also means, if not real-time backup, for example, via EMC's SRDF technology, then at least daily database synchronization in a batch backup, transmission and storage cycle.

"IBM." said Brennan, meaning, clients seeking that service should addre
ss themselves to Big Blue. "We have no clue about online data storage." Good to be clear about core vision. With an enormous slide projected behind him as he speaks, of a goldfish in a small bowl and another goldfish leaping into a larger bowl, set before a vast ocean, Brennan made the point that Iron Mountain's unarguable success in this economic holocaust, is due to leaping into bigger ponds like DMC, but not drowning in the ocean of online and realtime data backup and recovery. Iron Mountain sees its present and future in "inactive data" rather than online, real-time transaction-based data, according to Brennan. "Let us eliminate your noise," he says, summing up the approach.

Brennan also seeks to make Iron Mountain the leading provider of digital computing, now known as cloudshare. "In the old days, we called it timeshare," jokes Brennan. He compared his firm's market share in this arena to that of, another recent juggernaut.

His biography outlines a path to the executive suite reminiscent of Craig McCaw, who cobbled together the stupendous McCaw cellular empire in the 1990s. According to the company website, Brennan joined Iron Mountain through the acquisition of Connected Corporation, where he served as Chief Executive Officer. Before Connected, he was a general manager for network and service management with the highly successful and flamboyant Cisco Systems, Inc., a global leader and the "junkyard dog" of the networking and communications equipment business. He was CEO of American Internet prior to its acquisition by Cisco.

"We are not a software company and we're not a real estate company, and we're not a transportation company, although we maintains a fleet of 5,000 trucks making 75,000 stops," summarized Brennan.

Iron Mountain faces challenges as it continues to reinvent itself and move into cloudshare and other digital arenas. Brennan distinguishes himself from his counterpart on The Office, Michael Scott, the notorious (anti-)manager, by squarely facing the transformation required of Iron Mountain's 21,000 employees around the globe. Brennan clearly takes pride that his firm has managers who have worked themselves up from the warehouse to running multimillion dollar business lines, but acknowledges it is largely a blue collar workforce. With this in mind, he brought together the 200 company leaders from around the world a few weeks ago and focused on the company's strategy. At this gathering, Brennan articulated his management philosophy: "Lead with kindness - we have to pull, not push, people. And develop people." This philosophy is creating discomfort for some of his managers, and "it's creating a lot of discomfort for me, too," joked Brennan. "I've been getting a lot of feedback since I put this out there a few weeks ago."

copyright 2009 Sarah Cortes

Disclosure: The author was SVP and head of Disaster Recovery at Putnam Investments on 9/11 when parent company Marsh & McLennan's data center collapsed on the 96th floor of the
North Tower of the World Trade Center and failed over to Putnam's facilities while hundreds of colleagues died. Iron Mountain played a critical role in Marsh & McLennan's remarkable recovery, driving thousands of magnetic tapes across the country while airlines were grounded. Her technology consulting practice includes, among other areas, advising companies how to negotiate their Iron Mountain contracts and pricing. You can read her other Tech columns at IT Knowledge Exchange
Reblog this post [with Zemanta]