Cloud computing is a good thing? Well probably, however it is predicated on the availability of cloud applications to run in the cloud (Cloud computing will change business technology, knowledge.computing.co.uk).

Problem - applications to service particular functional needs are frequently determined and bounded by organisational preferences rather than inherent characteristics, so software tends to reflect the likes and dislikes of the commissioner, which many others reject on a "not invented here" basis.

The solution is that there needs to be a consensus on best of breed functional flows before applications can be easily picked up. For  example, the accounting industry has a best-of-breed process defined by the  accounting standards and several hundred years of double entry book-keeping. Result - companies can pick up most accounting software and use it successfully.

A converse example is the industry and sector where I am employed - public education for 16 to 19-year olds. Here we have little common and even less agreed mapping of function in, say, the administration of students. This results in multiple vendors with differing packages which do not even meet
external constraints in standard ways. Here, and throughout higher and further education generally, institutions cannot see a way to introduce even limited shared services, according to a recent survey.

So, for us, cloud computing is just a dream.

Jim Blair

Big volumes of data is not the issue regarding criminals hiding in the virtual world (Volume reduction,
letters.computing.co.uk).

Today's machines can process far more bytes than we can produce. Every single person online is becoming more traceable. With the eventual introduction of IPv6, anyone will be able to know exactly who and where you are. It will be quite the opposite - you will not hide online, you will go offline to hide.

Dave Walker

Martin Courtney's article refers to four IT service management frameworks, placing much emphasis on Cobit (Framework for change, www.computing.co.uk/2219498).

From our own findings, it is ITIL that remains the overarching de facto standard that companies have and continue to adopt.

From our latest research, a resounding 76 per cent of service desk managers across 10 market sectors are adhering to ITIL standards, compared with just 50 per cent four years ago.

In fact, the other frameworks to which the article refers are seeing a much  lower take-up, with only 10 per cent adoption.

Despite its popularity, the warning to businesses that have taken up ITIL already is that they must not become complacent.

With predictions stating that in five years' time "service management will expand to incorporate other areas, such as facilities management", there will be even more pressure for companies to continue investing in  in-house training and  accreditation of service desk staff.

It is better that companies start thinking about this now, as well as the increasing requirement for a wider range of skills, such as soft skills and business acumen to cope with the additional service areas.
If companies have the foresight to think about this now, they will be the ones who clearly differentiate themselves and become far more competitive in their market.

Howard Kendall,
The Service Desk Institute

The problem is that IT departments often fall into two areas - understaffed, or having a motherload of work to get through (Putting IT in the driving seat for business success, sandrasmith.computing.co.uk).

My department would not appreciate having to do projects that are not really our responsibility, because we do not have the resources to spare. We prefer to use the IT director as the bottleneck for all work coming into the department, so at that point we can start to apply project management constraints.

For example, "we can do that for you, but we don't have the resource for another two weeks" or "you can have X, but it is incompatible with Y, so which one is more important?"

Then, when a piece of work becomes a project, we have control of it from the start, and we can impose a realistic deadline to begin with, rather than have one  pushed upon us.

Jesus Horatio Hernandez

Avoiding the issue is not the answer to the oil price rise (Surge in oil prices hits IT, www.computing.co.uk/2219448).

As energy costs rise inexorably, the need for a detailed view of where energy is being consumed becomes business-critical. This is relevant to IT, facilities and finance - they need to know where the energy is going.

Before you can identify opportunities to make savings and improve efficiencies, or to charge based on consumption, you need to measure what you are consuming  and establish benchmarks.

The fact that datacentre owners do not know the "true cost" and do not have the tools in place to do this
is a good reason to remedy that, not to keep a lid on it.

Philip Petersen

The price of oil and gas will continue to rise, and everyone will take a hit in the short term at least (Surge in oil prices hits IT, www.computing.co.uk/2219448).

Virtualisation can help reduce power consumption, but the savings are not enough to offset continuous rises over the coming years.

The obvious and only long-term solution is to invest in viable alternatives to oil and gas. However, with the UK government widely expected to miss the 20 per cent renewable target by 2020, the solution seems to be for industry to secure its own renewable sources.

Few companies are willing to sacrifice profits just to tell a nice environmental story. But with some economists predicting oil prices of $250 (£126) a barrel, investing in green power sources is starting to make business sense.

As energy prices in IT departments start hitting the bottom line, we are likely to see sustainable power move from the marketing office into the boardroom, and companies not looking into renewable energy sources now will be left behind.

James Carnie, eLinia

Are energy prices a cause for consolidation (Surge in oil prices hits IT, www.computing.co.uk/2219448)? Supply versus demand is a point to ponder here.

Providing servers that are more efficient and applying technologies such as virtualisation are great low-level steps, helping on the supply side. But changing behaviours to reduce demand for unnecessary servers and ad hoc file storage is surely the bigger challenge.

Matt Quinn

Apart from a few pessimistic souls, one of our human failings is an inability to consider worst-case
scenarios and plan accordingly (Join the business continuity debate, www.computing.co.uk/2210713). This approach extends to our commercial lives.

A number of companies fail to realise that the commercial disaster scenario they would prefer not to think about can be avoided, or at least mitigated by effective planning.

One of the challenges, therefore, is getting people to go against their instincts and discuss all the terrible things that could happen, then plan for them.

This will seem daunting at first, but it can become liberating. Extolling the benefits of completing the process is part of winning hearts and minds.

Neil O'Connell

Business continuity planning and testing is obviously a cost to any business (Join the business continuity debate, www.computing.co.uk/2210713).

This being the case, there will always be a challenge to justify costs and approach to these activities. While challenge is a good thing and can prompt a rethink of any proposed solution, there comes a point at which the question must be: "Do we want to pay for this?"

Communication in companies needs to be good to gain commitment to the financial impact and potential risks of an effective business continuity plan.

One approach for obtaining commitment would be to produce mock news articles tracking the demise of the company following a critical incident.

Effective communication of the importance of business continuity is key.

David Creigh

My experience of suppliers is the same as your columnist - whether buying software or hardware (Hard sell is becoming hard buy, www.computing.co.uk/2217764).

Some suppliers, despite having unfettered access to us - a revenue stream - continually find ways to make no effort and seem to require being spoon-fed. Why is that?

John Romeis

Unfortunately, without staff willing to research, develop and document a good business continuity plan, the only way to know how to prepare is by one's own failures (Join the business continuity debate).

The problem resides in a delicate time-balancing act between solving real-time issues and preparing for what is yet to come. This, along with staff who may be experienced but too comfortable, can be disastrous in a dynamic environment. The pond ripple analogy does not compare with a hurricane causing a roof to leak water into your so-called "impermeable" datacentre - yes, this happened to us.

The extra money to bring in a set of trained eyes is well worth it. Not only does it free up your own resources to assess present damage, but it will also clear the palette of your desensitised IT mouth.
The key is redundancy and clarity. With chaos in the IT field, it helps to have someone who can smooth out the edges and prevent a catastrophe before it begins.

Mat Barry

I have to point out that the final comment in Jose's letter is a bit misleading - it implies that secondary schools are responsible for wasting huge amounts of public money on the Building Schools for the Future (BSF) implementation (Problem solved? Letters.computing.co.uk).

In my region, network managers at secondary schools have been told by the local authority that to qualify for BSF funding, schools will be obliged to buy into the full BSF package - the managed IT solution is not optional, or modular, it is compulsory; schools will have to take everything, irrespective of how relevant or useful they will find it or whether they want it or not.

The implication is that failure to do so will result in the school not being granted its BSF funding allocation - in effect, being held to ransom for perhaps wanting to work to locally-derived and proven best practices that may not necessarily agree with the BSF "one size fits all" ideal.

Those who accuse schools of massive wastage of public money should perhaps first look to the local authorities who are struggling to interpret then implement the government's BSF initiative.

Jim Christie

Being in a position to support eight schools, one of them a community college, I have a problem with the statement: "it is time to build a new professional IT workforce in schools" (Vice-like grip, letters.computing.co.uk).

I interact regularly with the IT managers from a number of secondary schools, and I can assure you that nobody aims to say "no".

Probably any IT manager can do a far better job if given the same budgets as available in BSF. Seeing as there is such massive budget shortfalls in education IT,  innovation flourishes - it simply has to. Need has led me to develop many  software utilities aimed specifically at schools.

Schools connect via something called national grids for learning, and the various grids do have stringent
firewall rules in place.

While I will be the first to point out how infuriatingly difficult this layer of red tape can be, that same inflexibility remains the only thing keeping many primary schools secure. So please enlighten us regarding the new and improved way of doing things? And do you know of many people administering networks where hacking tools are run against and from  inside the network virtually on a daily basis?

Yes, we are aware of when it happens, yes, we catch the culprits, and yes, they will be back in school the next day to do it again, as they are  almost not allowed to be  excluded.

Balance that against the level and nature of data schools hold on their networks: full personal details of all staff and students.

On the networks I support, that information is safe, and workstations remain functional. Teachers are happy because there is predictability in the network's overall stability. This simply means they can teach without disruption. And all this on a fraction of the budget you guys have to work with.

My advice to the letter writer is simple: change your attitude. You seem to be  incredibly quick to judge, without being aware of all the facts. Perhaps it is not just old schools that need  rebuilding, but also outdated and judgemental attitudes.

William Nel-Barker

Having survived the era of the MyNewt Manager (Pocket Edition) and 2+2=5, I think I am equipped for R=G (The sum of all parts, Computing, 22 May).

It seems to foreshadow our new climate with RAIN=GAIN and GUST=RUST. Not so good for GOOGLE=ROORLE. It even seems to suggest that the Tories will fade again with CAMERON=CAMEGON.

Some eggog surely?

Tom Lake

Partnerships for Schools chief executive Tim Byles said: "Building Schools for the Future (BSF) is not about taking things away" (School plan is to build, not demolish).

BSF will not be delivering the IT service, the service provider will, and it will wish to minimise costs to maximise profit.

So while BSF may not take things away, the service provider will - especially the IT technicians from schools - and allocate them centrally to save costs.

Proper consultation is  impossible because of the structure of the project. I participated as a school
governor in a consultation exercise. The local education authority (LEA) BSF IT team imposed last-minute changes in its contract with schools that seriously disadvantaged all the schools.
There was nothing the school governors could do about it. We could only discuss the school-LEA agreement, and not the real driver, the LEA agreement with the service provider.

On career development, some school technicians are working in schools because they want to serve their community and do not want to work for a large corporation.

They knew the job did  not offer much by way of opportunities in the  careerist sense, but offered different prospects.

Their choice to serve an identifiable social unit whose values they share  are destroyed by BSF IT.

The fundamental objection to the BSF IT project is that it is bureaucratic and anti-competitive. The LEA chooses the service provider prior to negotiating the terms of the contract, so the other businesses which might have bid are excluded before the exact service is  defined.The alternative approach would be to set interoperability standards and standard service contracts to create a genuine market in which
local suppliers and service  organisations could bid, and where individual schools choose to buy a service.

BSF IT is just a way of  diverting public money to large corporations in the guise of providing a service to schools. It is bad for the schools and bad for small UK IT  service providers.

Roger Hill, school governor

The seventh principle of the Data Protection Act is: "Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data" (Lose data and you go to jail).

IT professionals are already finding it tough to implement and maintain IT solutions to address evolving data security threats.

Vital projects are frequently competing for IT budget and resources.

In my experience, organisational measures - such as the effective communication of policies and procedures and training of employees - have a greater potential to  affect people's behaviour.

Therefore, better habits are acquired and risks truly minimised. Automated solutions which ensure the timely distribution of new and   revised policies and procedures, so that they are read, accepted and proved to be understood, make policy compliance affordable for all organisations, however large and dispersed its workforce.

It is high time that all departments within every organisation recognise  that data security is a
shared responsibility, which demands a collective  response and, dare I say, shared budget.

In this way, simple yet effective cross-function interventions are less likely to be overlooked, as large IT project rollouts take precedence.

Dominic Saunders

I read with interest your interview with Tim Byles regarding Building Schools for the Future (BSF) (School plan is to build, not demolish).

I note that he uses the mantra: "We are in the business of educational transformation; this is not a bricks and mortar project".

However, the examples he quotes are all linked to administration and facilities management rather than teaching and learning or the engagement of reluctant learners.

Where is the talk of personalising learning with engaging online resources sorted by learning type and ability? Where is the access to media-rich learning on an individual basis? Where is the principle of anywhere, anytime learning that allows our most able to access advanced learning material to extend their horizons, while at the same time allowing a child off school to catch up with missed work?

The administration systems are important, and engagement of parents in their children's learning is vital, but the learning activities are missing from this view of BSF. The danger of BSF is
re-creating the same education system in new buildings, and that will not transform education.

Our children deserve better learning environments than the tired and worn out schools they occupy. BSF is a long overdue investment in our education infrastructure and we must applaud our government for making this commitment. All is far from perfect, however. Is educational transformation at the forefront when schools are told by architects that, because of heat considerations, there should be no more than five PCs in a classroom?

Children find learning most engaging when they are trying something new in an environment where they feel safe and secure in case something goes wrong.

Well, BSF is certainly trying something new but as for feeling safe and secure?

Stephen Douglas
City Learning Centre Manager

John Jones appears to have all the answers with regard to Building Schools for the Future (BSF) and seems to be putting the blame squarely on IT support staff (Vice-like grip, letters.computing.co.uk).

Maybe if the education system employed teachers who were actually IT-competent, and did more to check on what the pupils are really trying to do with their computers in lessons rather than concentrate on their work, we wouldn't have to block such "innovation".

The only things we have to block is YouTube - because there is little related to education on there - social networking, proxy-bypass and games sites because the pupils cannot control themselves enough to not play games or chat when they should be working.

It gets to the point that we're having to manage behaviour because a teacher cannot.

I've never had to turn a teacher's idea down because of "firewall issues", but I have had to disappoint them when they purchase outdated software designed for Windows 95 or NT or is not designed to be run on a  network because they didn't speak to us first.

Perhaps John has watched far too many TV commercials for teacher training where all the little darlings are polite, friendly and willing to learn.

Instead of "advising",  perhaps he should spend some time in real schools and see the problems we face on a daily basis - threats, abuse, blatant attempts to bypass security, theft and damage.

If the pupils and staff don't respect the equipment we manage, they can hardly expect any respect from us.

Andy Davis

I find it shameful that a person in such a position would apportion blame to technical staff in schools, but fail to mention the years of poor leadership and direction from local authorities when it comes to strategic leadership of IT (Vice-like grip, letters.computing.co.uk).

Surely if local authorities were engaging with schools - as some are - and helping schools move forward to  sustainable models of IT which has significant impact on teaching and learning, leadership and management, and achievement and attainment in schools, comments such as this would not be able to be made.

We should try supporting technical staff in schools.

After all, these are likely to be the same people providing the support in the schools anyway, just under
a different company name, and having to respond based on company and contractual protocol rather than the directives of the senior leaders in the school.

Tony Sheppard, Edugeek.net

As a network manager in a school environment I find the biggest problem I come across is the support staff put "in my way" as part of BSF (Vice-like grip, letters.computing.co.uk).

For example, I had a hardware failure on the internet connection which I diagnosed, but I have to report to the company put in place under the BSF agreement. Twenty minutes later I get a phone call from a field engineer who goes through some diagnostics which I had already tried, which is then referred to the corporate IT department of our council.

Twenty minutes after the call from the engineer I get a call from the council's IT  department, which diagnoses a failure on the fibre converter which needs to be swapped out. The response I get is I have to contact the support company who deals with schools, who will then  contact the same person I have just spoken to, to arrange replacement parts to be sent out to them, then they will come out and change the failed item.

In the old system in the days before BSF, all I had to do was make one phone call and diagnose the issue.
Once this was done an agreement was made on when and where the hardware item was replaced. Nine times out of 10, I met the engineer halfway between his base and mine and exchanged the parts.
Most fixes were sorted within the hour. This incident was still going 12 hours after the fault was reported. By saying the likes of   in-house support staff stand in the way of education is a joke.

We know more of what is going on and work harder than most to deliver a system which meets the needs of pupils and staff and is as cutting edge as is possible to the tight budgets we are given.

Simon Dart

There are lots of good and bad things about the BSF programme, but one thing we must not forget is that BSF is not the solution (Consistency is key, letters.computing.co.uk).

If some IT systems in schools are bad, why not create a company that goes to schools every so often to help network managers with problems? Why not set up, manage and send experts to help IT departments in schools? Create policies about standard IT, and help schools with IT problems.

Putting public sector organisations under the umbrella of a private sector company is not solving any problems, it is going to increase them. My managers think so, teachers in my school think so, so what is going on? Why are the top guys not hearing us?

At a previous IT BSF meeting, they told us we have the opportunity to create the classrooms of the future. But suppliers taking the contracts are going to implement their systems, so it's just more of the same - but it will cost more.

I am disappointed that secondary schools are wasting all that taxpayers' money.

Jose, submitted on the web

Mark Surguy suggests that technology is both the problem and the solution when it comes to the issue of data protection and its legal implications (Do you know where your data is?).

However, closer consideration would suggest that technology is not the main concern.

Data is an incredibly valuable commodity. No one would ever consider stuffing a Jiffy bag full of £50 notes and sending it through the post to someone in the hope it arrives intact, if, in fact, it arrives at all. So why does the attitude persist that it is OK to do this with a few  million people's bank details, or the personal information concerning victims of crime, and then begin to worry when the data is lost?
The key to improving data security is changing this  attitude. Technology such as RFID or encryption can offer plenty of solutions to help prevent unauthorised access or corruption in the event of a breach.

However, if the right policies and procedures are already in place to foster a culture of prudence and forethought, these technology solutions should only ever have to offer the comfort of a backup plan.

George Purrio

While I would agree with Andy Hopkirk's statement that the number of people interested in virtualisation is large (Windows Server: the verdict), I would not wholly agree that the number of those with the ability to experiment with virtualisation is quite small.

The drive for virtualisation is not coming from the lofty heights of academia or research, or from some long-developed strategic plan, but from the ground floor of computing Ð where daily firefighting with limited datacentre space, ever-increasing power requirements and the need to get better value out of
datacentre assets.

Virtualisation has moved rapidly from an interesting technology to an essential part of dealing with the datacentre challenges of the 21st century.

While the National Computing Centre might be able to stand back and take a strategic view, the average IT user cannot wait and wants today's solutions to today's problems.

As second-generation virtual server products have slashed prices without  sacrificing functionality, techniques which have been the preserve of the enterprise are becoming available to small businesses.

Virtualisation is not  optional. That bandwagon is rolling and it will not wait for people to catch up.

David Galton-Fenzi

I recently returned to a client for whom I had created a business continuity (BC) and disaster recovery (DR) plan two years ago (In recovery, letters.computing.co.uk).

Despite a number of prompts, they had never tested the plan subsequent to our initial test. The person responsible for updating the plan had left the company nine months after its creation – taking all his knowledge – and the task was given to the office junior.

Needless to say they had neither the understanding or the incentive to make sure it was kept up-to-date, but it really was not that person’s fault. Luckily, the company had not suffered any catastrophic problems – but came close to a couple. The new managing director now understands the worth of such preparation and has appointed a senior manager to be responsible for BC/DR.

They have carried out two tests since January and now feel very “safe” and prepared for just about any eventuality. It is right to have a BC/DR plan, but someone has to take responsibility for it.

Mike McNamara

Mark Samuels is right to highlight the tendency for IT management to use insight services, such as Gartner, Forrester Research or the many other more specialised services, to justify spending which they have already decided on (Making best use of Gartner’s report).

But an IT organisation which is susceptible to the kind of problem he describes is barely at first base in its use of these services.

You must move towards a strategic relationship where you have a structured portfolio that meets needs you have discussed and defined.

Create continuing dialogue with the analysts through which IT strategy is shaped and directed. The “latest research” should already be in the hands of those who need to know, perhaps even before it was published. If your provider is not in favour of this kind of relationship, it is time to switch – but they will be, guaranteed.

Dr Tony Law

I was very interested to read the article, Face value or face ache?. A bit that especially interested me was the views of David Hobson regarding the adverse impact social networking sites can have on bandwidth and productivity.

Our experience suggests that a combination of well thought-out policies underpinned by appropriate technology can safeguard the interests of employers, while providing a work environment that meets the needs of the staff themselves.

The key is to adopt a trusting approach, allowing   employees to plan their own time according to their
individual requirements. The result can be improved morale and motivation  combined with less pressure on bandwidth because staff are not accessing the   internet at the same time.

Simon Norris

This is a very good article (Lite relief for project delivery), but I believe that the author’s statement: “The fact that a project is well-managed and ticks the right boxes does not mean it will deliver a working system” is incorrect.

I think a project is well-managed when the scope verification is being done properly – and in absence of such verification nobody can guarantee a “working system”.

The point to note is the definition of a “working system”. In my view, it is a system that conforms to the requirements of the work. In fact, this is what quality management is all about. If we do not do this, the project cannot be said to be well-managed.

Tanuj Mittal

Accenture's research reinforces the fact that the retail industry is still a long way from operating on a customer-centric strategy (High street problems send shoppers to the web).

Holistic customer profiling and behavioural targeting need to become a key priority if store visitor numbers are to be improved. By having the technological capability to understand what is driving customers in terms of preferences and behaviours, retailers will be able to cater their in-store offerings a lot more effectively.

Retailers such as Waitrose are using forecasting and merchandising software to ensure quality service is being delivered to their customer base. More stores need to use this type of actionable insight to improve the in-store experience.

There is no excuse for retailers that are under-delivering in terms of customer service and stock availability. Continuing down this route will result in damaging the customer experience and destroying brand loyalty.

Jason Goodwin, SAS UK

Your reader Johnny is right when he talks about the poor pay in IT (Should have taken the bus, Letters blog). Last year I earned a little less than £30,000 for working on average three days per week. I have no academic qualifications, only a good number of years’ experience. I only have a basic knowledge of networks and earn my money looking after simple PCs and printers.

And yet I see adverts in your publication offering the same sort of salary but requiring various degrees or other qualifications and experience. They also ask that the candidate takes responsibility for this, that and the other, although the work, project or prospects are always exciting, which I suppose must count for something. And no, I don’t charge plumber’s rates.

Bob, submitted on the web

If new laws target downloaders, I think a lot of internet companies will lose a lot of custom (Government to attack download pirates). Most people have the internet so they can download whatever interests them. I know for a fact that I will cancel my broadband subscription if this is made law.

Perhaps if cinema tickets and DVD hire were cheaper, people would not download as much. Most of the films being made these days are such rubbish that I cannot see why anyone would want to pay to watch them anyway.

Tony, submitted on the web

This is a joke, right? (Law change will raise costs for local council IT). Why does Socitm think that the private sector should not absorb these costs – it should. This is about disclosing the tax burden to the taxpayer. If suppliers want local government business, they should bear these costs.

This is akin to firms telling the customer, who is ultimately the taxpayer, that they will do the work but not disclose how much it will cost. These suppliers and overpaid IT consultants will increase their costs and tie all this legislation up in as much red tape as they can to make it expensive and unfeasible to do.

Ben Rattigan

We need to attack the IT skills shortage with long-term solutions, rather than temporary measures – and this will involve a re-evaluation of our approach (IT skills shortage reaches highest level in 10 years). Both business and government tend to propose measures that have immediate effects.

But while higher levels of recruitment may look impressive, the real answer lies in employee development and retention. Too often, money invested at entry level comes at the expense of existing staff. And once through the door, employees are frequently neglected – particularly in terms of training and skills. Sadly, this means that initial potential can dwindle.

We need to realise the importance of middle-order staff. A more even distribution of resources, combined with greater recognition of roles, will improve both operational output and business performance. This may not excite the board members, but it will go a long way to relieve perennial staffing issues.

Ross Eades, InterQuest Group

Accenture's research reinforces the fact that the retail industry is still a long way from operating on a customer-centric strategy (High street problems send shoppers to the web).

Holistic customer profiling and behavioural targeting need to become a key priority if store visitor numbers are to be improved. By having the technological capability to understand what is driving customers in terms of preferences and behaviours, retailers will be able to cater their in-store offerings a lot more effectively.

Retailers such as Waitrose are using forecasting and merchandising software to ensure quality service is being delivered to their customer base. More stores need to use this type of actionable insight to improve the in-store experience. There is no excuse for retailers that are under-delivering in terms of customer service and stock availability. Continuing down this route will result in damaging the customer experience and destroying brand loyalty.

Jason Goodwin, SAS UK

Tom Young's article (Managers' IT key to effectiveness) is highly relevant to a core problem in business IT, and it is in contrast to Computing's 24 January editorial (Business must see IT as everyday task).

We must first structure the problem, and I see it as being all about people and IT. The initial problem is that people lack relevant information, have limited opportunity for information and knowledge sharing, are kept in pigeonholes, are penalised for initiative, and are greatly underused.

Second, IT itself is greatly under-used. Consequently, there is limited synergy between people and IT in business organisations. So, what to do about it? Be pessimistic and cynical, or optimistic and positive?

The place to start could well be to follow the philosophy presented in your editorial: start with appropriate education for senior people and management.

Dr C James Bacon

I would put a pre-condition on "IT as an everyday task"  by saying that every single manager and executive needs to become business-IT savvy (Business must see IT as everyday task).

I am not talking about point-and-click skills, which Bill Gates says everyone should have, but the kind of wisdom that comes from a big-picture, integrated view of business and IT.

What would follow from being business-IT savvy would be the ability and confidence to see IT as an everyday task. It is hard to have a situation where "there are no IT decisions, only business decisions" when executives may not have the necessary confidence to embrace the IT content, because of an absence of IT knowledge.

A second pre-condition to seeing IT as an everyday task is the need for new mental models. For example, information resources (IR) instead of information technology.

The IT paradigm leaves us with the historical non-business or even anti-business view. It should be obvious instead that the result of everything we do is information, and not only that, but information which gives net value to/for the client/user and the business, especially with information overload becoming an increasing issue.

Surely this is something that business managers and IT could agree on - seeing IR as an everyday task.

Dr C James Bacon

It would seem to me that according to Accenture and your article (Rise in consumer technology creates tough choice for CIOs), the chief information officer (CIO) has morphed into the chief technology officer (CTO), thereby taking us back a good few years.

As this is in par with my role in the organisation for which I work, for me the distinction is clear. The CIO ought not to be involved with technology or customers' desires. Any CIO worth their salt is not interested in which technology is being used.

It is the confidentiality, integrity and availability that should be of concern to a CIO. In the past, before information theft was such a big concern and therefore did not require excessive attention, the IT director would call the shots over information security.

Because of the extent to which criminals will now go to steal information, the legislation that has grown as a consequence, and the impact of a major breach, it requires the full attention of a specialist, not a jack of all trades.

I hope that what is being promoted in your article is limited to a handful of organisations and does not become the norm.

It is a difficult enough task as it is; add the IT manager's role into it and surely the job will be too big to handle.

David McAdam

A few years ago I ran a project to assess the leading edge of share trading. One supplier had "seen the future", having some of the best minds working on an impressive trading system. It was all very clever stuff and promised to save institutions millions of pounds in trading. But it failed to get off the ground because they failed to bring together enough parties and transactions to form a viable, liquid market. Hence, whatever savings arose because of the whizz-bang system were obliterated by the poor prices.

Rumour had it that this venture cost its investors upwards of $90m (£46m). This does not mean Project Turquoise will go the same way (Turquoise takes on the City), but it is a salutary reminder that putting in the IT system is the easy bit.

Rob Sucher

Why is it that when a new process is examined to make things more beneficial to the consumer there is a delay? (Faster payment scheme slows down)

It is absolute nonsense in this day and age that I have recently had to make a payment six days before the monies are due in the receiver's account.

The banking system needs an overhaul in this area, and the Northern Rock fiasco is a reflection of the banks' greed and that they have got their just desserts. It is our money anyway, isn't it?

Dave Murray

Peter Wheatcroft's article is a good pragmatic view on how service management - please note "IT" has been dropped from that title -  should be approached, and the more guidance available to organisations the better the results will be (Crack the code to providing good customer service).

However, I must disagree with his statement that ITIL "promises a much richer set of standards". ITIL is not and never has been a standard in the same way as we recognise the term, for example, ISO standards.

ITIL is "best practice guidance", "a framework", meant to be "adopted and adapted". This in essence is the inherent strength of ITIL - that it is not prescriptive and that it supports and is supported by the other recognised quality management standards and initiatives.

It allows organisations to adopt best practice, and by adapting it to meet their requirements turn it into "a service that is a means of delivering value to customers by facilitating outcomes the customer wants to achieve" - a straight quote from ITIL V3 guidance.

David Jones

Mark Samuels makes a good case for IT leaders fighting for good projects (Forget the downturn and fight for innovation, Knowledge blog, knowledge.computing.co.uk).

However, creating a general contingency budget of 10 per cent might not be the most effective strategy. IT projects are often complex, and 10 per cent might be too little or too much, depending on the project.

Targeted risk management places contingent spending exactly where it needs to be.

For example, a current project is certain to run into a political debate about the hosting of a new knowledge base. If it goes one way, we face a certain cost increase of eight per cent. As the decision is on a knife edge, we should revise the budget upwards for that deliverable. If common sense prevails, we are under budget.

On the positive side, there is an opportunity that development of some new classification processes will cut the development and testing cost by 25 per cent. Do we declare that to be the case? Not until we are certain.

So let’s be pinpointed and targeted with our projects, and defend our corner with justifiable pride.

Andrew Vermes

Spot on (Taking a bite out of IT development, Editor’s diary, editor.computing.co.uk).

We keep saying this to our customers – and it applies to small businesses even more than larger organisations.

Everyone wants to have a single solution for everything. We try to convince customers to keep their existing systems once ours are installed and migrate services slowly, but it is a struggle every time – everybody wants to clear the floor first.

It is probably the vendor’s fault – it is easiest to promise to solve all the problems on the condition that no one else is involved. The result: you buy an elephant and it breaks all your china.

Richard Zybert

I worry when my customers talk about defining enterprise architectures or business capabilities (Taking a bite out of IT development, Editor’s diary, editor.computing.co.uk). The deployment of an SOA has to have some sort of frame of reference, but take one bite at a time. Think big, start small and scale out.

Clive Keyte

IT spending has always been under constant review in the financial services sector (Credit crisis to hit IT industry, www.computing.co.uk/2203450). In light of the turbulence in the market it is unlikely we will see an increase in budgets. We will see a focus on areas of IT that can deliver demonstrative value to the business.

Improvements in processes can significantly affect the all-important cost/income ratio, and those efficiencies are facilitated by IT. For example, it is anticipated by the Council of Mortgage Lenders that repossessions will increase in 2008, and this will be preceded by an increase in debt recovery.

Although there might have been investment in debt management capabilities, firms will seek to optimise existing processes through IT. In capital markets, for example, firms will try to stress test their product portfolios to comply with Pillar II and establish their position under a number of potential scenarios.

IT departments will come under pressure but where there is a tangible business value in investment, where the ROI of such an investment delivers a compelling fiscal argument, budget may be found. It will be about priorities, and risk/reward.

Mark Elkins, SAS UK

Consumerisation is raining down on us from all angles (The children of the revolution, www.computing.co.uk/2172862)

The next step always seems to be to buy in and integrate more counter measures. But at what cost of time and effort, not to mention capital?

The result is that the network becomes more complex, firewalls more porous, and system interrelations more fragile.

And what policies do we implement? Who do we apply them to? Who is going to pull rank to be an exception?

It would be nice not to burden ourselves and our stretched IT resources with any remote access device that connects to the corporate network, to give users freedom to have computers exactly how they want them, and for us not to have to worry.

How much more secure would a network be if no users logged in there?

Ron Wilkins

I believe bridging the gap between the business and IT is not just an IT problem - it requires those on either side of the gap to reach out (Poor change and project management skills are hindering business transformation, Sandra Smith's blog, sandrasmith.computing.co.uk).

Too often, the IT community takes it on itself to tackle this issue without carrying its business colleagues on the journey. IT is an essential function of any major modern business and collectively we - the business and IT - have to harness processes, people and technology for mutual benefit. It is a team effort.

Why do IT-centric projects fail? My experience is that it is rarely because of the technology. Board-level misconceptions or ignorance play a major role in driving failure.

Senior IT decision-makers have a key part to play here in educating their colleagues. Methodologies, correct project setup and so on are not "comfort zones", they are engineering foundations, and it is essential for good business to administer them professionally.

Board members no doubt can read a balance sheet. I would suggest they should be equally familiar with the basics of process diagrams or purposes of different stages of software deployment.

I am all for recognising weaknesses and developing skills at all levels. Experience has taught me that those blessed with strong technology skills are often not similarly blessed with the strong soft skills essential for good project management and change management.

What to do then? Yes, do provide stretching roles but remember that dropping people in at the deep end is a high-risk strategy.

Any role that represents high challenge requires commensurate support to ensure the stretch is beneficial. I favour stretch roles that are supported with appropriate training, and subsequent workplace coaching support is highly recommended.

And please can we stop sending staff on Prince training courses and expecting them to be rounded project managers when they return.

Jon Dakin

The idea of giving IT users more control is coming from a lot of think tanks right now (IT autonomy will attract talent). Like the saying goes, "You can't please all the people all the time" and I think IT departments are getting sick of trying too.

Consumerisation is driving ever more applications and devices into the corporate arena and IT must double and redouble its efforts, not to keep up with technology but to try to integrate it within a safe, secure working environment.

There is a new principle coming out of Denmark called network consolidation. Basically, shrink the firewall to only cover your server farm and kick all users to a peripheral local area network with a basic firewall and proxy if needed.

Only the pre-secured applications can talk to the services on encrypted application-only tunnels; everything else is blocked. The PC does not know or see the server network so what the user has on their machine is immaterial.

Ron Wilkins

You are wrong to describe the GSM-R system as obsolete (Rail system will be obsolete).

It may no longer be state-of-the-art or leading edge, but a system is not obsolete until it is no longer capable of doing the job for which it was designed Ð which you do not suggest it is - or it can no longer be maintained because of a shortage of parts, which your article explicitly denies.

The question is not whether it is the latest available technology, but whether it will do the job it was designed to do economically and reliably.

Industries with large capital investments and stringent safety requirements will always lag the technology curve, and rail is not alone in this.

The airline industry continues to operate 30-year-old aircraft, and even the newest aircraft are using technologies that are five or eight years behind the trend.

Time and again it has been found that attempts to leapfrog such industries to the bleeding edge of technology get bogged in delays and consequent cost overruns. From your article, this seems already to have happened with GSM-R.

Far better to pick up tested and mature mainstream components and implement cheaply and quickly whatever this technology has proved it can do, than attempt to do that which has not been done before and fail.

Alec Cawley

The West Yorkshire branch of the BCS is celebrating its golden jubilee this year. We are organising a gala celebration dinner in Leeds on 7 September, and would like to invite as many committee members as practicable who have been involved in the branch organisation over the past 50 years.
We would like to hear from former members or anyone who knows the whereabouts of former committee members who may not see this article. Please contact me on (01904) 721517 (work hours) or at margaret.moore@bcs.org.uk.

Margaret Moore

Data protection and regulatory compliance are major issues that concern IT departments, but these problems extend to others in the organisation and could have an impact on IT budgets
(Saving for the long term).

As technologies improve the collection, storage and retrieval of data, IT and other marketers are becoming increasingly apprehensive about how they can use the information accumulated.

In a recent survey from The Chartered Institute of Marketing, conducted on our behalf by Ipsos Mori, 68 per cent of respondents were concerned that technologies for obtaining and storing data are moving ahead of the understanding of the ethical and moral dilemma they create ­ up five per cent from the previous survey just six months earlier.

Or, to put it another way, technology is moving so quickly that marketers are not confident about using the information. So it could be argued that there is a real danger of significant amounts of IT budget being spent on the storage and retrieval of data that cannot be used to increase an organisation’s profitability or profile.

Complying with regulations and storing data in an optimal format is essential. But decisions should also be made based on how the data can be used to improve a firm’s financial bottom line or achieve its objectives.

Ray Jones
The Chartered Institute of Marketing

You mistakenly conflate two separate streams of work undertaken at the British Library (Lack of funding threatens British Library project).

The first stream is the digitisation of content and the second is the preservation and management of that content once digitised. The British Library has never clearly articulated a digitisation strategy, nor has it previously expended grant in aid on such initiatives.

It has relied on serendipity and the generosity of external funding bodies. Following the failed Digital Library System partnership with IBM, which was abandoned without fanfare in 2001, the Library has attempted to develop its own in-house developed software - the Digital Object Management system.
This was first scheduled to go live in November 2004. A functioning system still has not been delivered. Unlike similar public bodies, the British Library has not seen fit to expose a project of such magnitude to external scrutiny such as the OGC Gateway process.

An investigation of the abortive attempts to date should be investigated by the Public Accounts Committee before even more public money is wasted.

Hans Sloane

You ask whether the government should use more open source software (computing.co.uk/2185470, Letters, 22 March). That is the wrong question.
You should really be asking whether the government knows enough about open source to make the right deployment decisions. Open source should be treated like any other potential solution. Define your needs, clarify your requirements, then measure all the alternatives against your requirements and budget.
To do this, you have to have enough knowledge of open source solutions to make sure that they match your requirements. Get the right tool for the right job.
Jason Simmonds

I am not convinced that the era of huge outsourcing deals is over (Is the outsourcing mega-deal dead? computing.co.uk/2184760). You say £7bn of outsourcing deals is up for renewal this year, but we should remember that this is spread over a number of contracts, which means that probably none of them is really that mega.
When customers multi-source they are pushing contract governance responsibility back in-house. A better, hybrid approach would be consortium contracting, which is common in the public sector. This places the governance risk on the prime contractor. Customers are still not geared up to manage a multitude of suppliers.
David Meredith SJ Berwin LLP

I fail to see the problem with sharing clinical information between suitably identified and authorised individuals using the NHS Spine (GP trial passes test, 22 March).
If I suffer a compound fracture of my leg in Devon and live in Cumbria I absolutely want the A&E staff treating me to know that I have an important pre-existing condition - allergy to penicillin, for example.
Are the people who instruct their GP not to release their details to other staff (Letters, 11, 18, 25 January) aware of the implications for future treatment?
People do not complain that staff at various branches of the same bank – and other undisclosed associated companies - may see credit history and payment details.
If I tried to prevent my bank doing this I would undoubtedly be asked to take my custom elsewhere. What would be the reaction of the public if the NHS adopted the same attitude I wonder?
Andrew Turner

A security accreditation scheme such as Crest is definitely a good idea (Ethical hackers face new test, 22 March). But it needs to go further than Check, the public sector equivalent.
The Check system was not especially relevant to non-government organisations, apart from giving them a general sense of trustworthiness. Even that had little practical effect because most clients would want contracts or non-disclosure agreements signed regardless.
It would be good if Crest could provide more specific certification. For example, someone who is a great web application tester could be certified specifically in that area and would not necessarily be certified for database security or firewall security testing.
This would give clients the reassurance that the people doing the work have the right level of specialist knowledge.
Rory McCune

In your report on skills shortages (IT recruitment companies feel skills pinch, computing.co.uk/2185325), you quote Jane Binner of recruitment agency Computer People saying companies need to look at cross-training people, accepting compromised skillsets and offering incentives to retain people longer.
Thank you, Jane Binner. Employers are saving money by not training and seem reluctant even to redeploy existing staff to new projects. There is no mystery about the skills shortage - just bad leadership at the top.
Mark Brady

Surely the London Underground is just about the capital’s only refuge from annoying and pervasive mobile technology (Mobile phone services to be tested on Tube, 15 March).
Like Tony Wood (Letters, 22 March), I think encouraging people to use mobiles on the London Underground is unacceptable in the social sense. Although I am a mobile user - for convenience rather than just because I can – I always think twice before I make or take calls.
Does this development not also present other security issues yet to emerge? Of course, mobile technology could have helped greatly with some of the tragic events on the underground in recent years, but this could be achieved using private networks instead.
Gordon Dale

I run the risk of being branded a Luddite, but the Tube has for me always been a sanctuary from mobiles - certainly in central London (Mobile phone services to be tested on Tube, 15 March).
But do we know the true cost of enabling this technology for the general public in the confines of the underground? It occurs to me that all these radio frequency signals are going to be absorbed by flesh and bone - and the reflected signals too.
Will London underground be insuring itself for the future in decades to come when millions of passengers - some no doubt considering themselves high net worth - for claims that manifest themselves in the same way that smoking, asbestosis and silicosis have?
By all means test and implement a system for use by railway staff, emergency services and contractors, wh