SurfControl: Max Rayner, CIO

As chief information officer of a security company, Max Rayner is under even more pressure than others to practise what his company preaches. In this CIO Vision Series interview, he tells Munir Kotadia how his role as CIO and head of product development delivers efficiency in the supply chain.
Written by Munir Kotadia, Contributor

Q: What are the main technology areas that excite you looking forward?
Rayner: We've moved the entire company to IP telephony.

Because it's pretty? No, because it increases productivity. So, as part of "A" -- the global MPLS deployment, "B", -- IP deployment around the company -- we're saving a lot of money, since we have people in all parts of the world calling each other internationally, there's significant savings on the money side.

We're also becoming more nimble, because we're now able to do tech support 24/7. As people call us, if the UK has now gone to bed, well, the US carries on, and when we get to the end of the US day, well, Australia and Beijing carry on. So, those are examples of technologies that I think actually do have an impact in helping us do more for less.

Do you think you'll be spending more or less on IT in general?
Rayner: More, and more because we've realised that these are not costs, these are investments.

And it's part of the reason, it's an unusual thing in many companies to have the CIO be also the head of product development. We just recognise that the underlying systems were the conduits that allowed us to be efficient, and that a business approach to what was needed was more important than a cost containment approach.

Very few companies have grown by cutting, and in our case we're committed to growing by investing and by leveraging our resources around the world. A standard yardstick for IT spent in companies is often 5 percent of revenues. We believe that for a technology company you should invest more than that, because you actually know how to exploit the technology to maximum advantage. It depends on how trivial you take security or seriously you take security.

So, is there a price on doing wireless right? No, not really, because if you do it wrong, any 13-year old in their mom's van can come and snoop your network.

What are your views between open source and proprietary [software], especially where security is concerned?
Rayner: Open source actually has a healthy effect on security, because it allows a vast community to expose fallacies or defects in products. So, we certainly are not part of the security run by obscurity camp, and if it's truly secure, it ought to be intrinsically so, not because you've hidden it. As a matter of principal, the more open you are about the nature of your solution, the more secure it will be.

What is your view on outsourcing, and do you actually take advantage of it?
Rayner: To a certain extent, but outsourcing was much misunderstood, and there was this entire era, where in my view, outsourcing was being done for political and gloss-over reasons. Meaning, suppose you have two hundred people executing a function, and suppose you quote, 'outsource' it, and it's now costing more, and producing less ... in your reports to Wall Street and the London Stock Exchange and so on, you're able to say, 'I have 200 less people,' but what's hidden is that your cost base has just went up and you became less flexible.

That's just silly. That's management for show rather than for results. So, one of the things that we've routinely looked at -- and this goes back to my days at Sun -- where we continuously benchmarked the cost effectiveness, for example, of our Database Administration Teams, which we ran 24/7, followed the sun around the world ... and it turned out that the cheapest outfit in India couldn't be cheap enough to beat our productivity.

So, the rational economic choice was don't outsource. It was for a while just a fad and people were doing it so that they could go their cocktail parties or their CIO friends and say, 'Ooh, Ah, I outsourced,' and they were hiding the fact that it was actually increasing the cost. So, I'm not opposed to it, but it's an economic decision, it shouldn't be a religious decision.

As a CIO, what are your key measures for success?
Rayner: Actually, a mentor of mine and a former CIO at Sun Microsystems has this formula that says quality times acceptance equals effectiveness. And I often go back to that notion, because so many of our peers in technology are enamoured of technology alone, and fail to pause and think about, 'What is the human factor? Will people want to use it? Does it bring enough customer delight that people will actually cooperate? Or, do you have to fight them every step of the way to use it?'

So, as I look at all these solutions -- in fact, at a lot of security solutions, the question is always, 'OK, so it may be technically elegant, will it be accepted?' Because if it isn't, it's just a law of the universe. Entropy in humans will find a way to surprise you in the most intriguing ways, and you cannot ever possibly predict all the risks.

But, as a friend of mine from IDC here in this region, Willie Low, likes to say, 'You can anticipate the predictable results of unanticipatable outcomes.' You don't know whether a monsoon will take down half of the Internet in India, but you know that it could happen, and so you can start working yourself around that possibility.

And what are your views on Vista? What plans do you have for moving to that?
Rayner: We acknowledge it both as a commercial reality and sort of as a CIO decision. So, if we distinguish those two for a moment...

As a CIO decision, I will be expecting evidence that the upgrade to Vista has a positive ROI. I'm sure that our friends at Microsoft will work rather hard at making that case to industry. A lot of the CIOs I talk to are exactly in the same camp of, 'It's a good thing. It's a step forward in making Windows more secure at the client layer, and yet, we need to balance that with the commercial reality of it.'

So, that is just a cost-effectiveness, if you will, question. From a perspective as a products company, clearly we need to be on Windows, be certifying our products on Vista, and so on, and that's exactly what we're doing. So, we have no question that betting against Microsoft and the desktop is something that a few people have lost their careers and companies at. And, although there's intriguing trends, and many emerging economies -- you see Linux, and other solutions -- it's just a commercial reality that we have to be there, too.

Editorial standards