To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/applications/0,39024653,39126584,00.htm

Q&A: Microsoft's CIO on Linux, security and offshoring
The word from Redmond...

By Ina Fried

Published: Wednesday 15 December 2004

If anyone has a right to complain about buggy Microsoft products, it's Ron Markezich, the software maker's chief information officer.

In addition to managing the company's tech gear, Markezich and his department function as a test bed for new Microsoft products. So since taking over as CIO last spring, Markezich has had a busy time of it. First, he moved Microsoft's entire network to Windows XP Service Pack 2. Nowadays, he's in the midst of testing out new versions of SQL Server and Visual Studio.

In a recent interview with silicon.com sister site CNET News.com in San Francisco, Markezich spoke about what's new in Microsoft's data centre, how offshoring won't grow significantly, and why you won't find a Linux or Oracle application in his data centre. We didn't ask him his least favourite question, "What keeps you up at night?" as Markezich told a panel of Silicon Valley techies recently that he sleeps just fine, thank you very much.

Q: What are the benefits and challenges of being basically a test bed for Microsoft's products?
A: There's huge benefit for me, because I get the products well before anyone else. I get to start using them and get benefits out of the technology very early.

If I were to leave Microsoft, the first thing I would do is go to Microsoft and say, "I want to be your first and best customer. How do I get all of the products early?"

The drawbacks? You do find issues. We're testing at alpha stage and beta stage, so you are going to find issues. We manage that fairly well. We won't put all 90,000 mailboxes on Exchange beta. We'll phase the deployment. We start with the product group that developed the product, so they feel the pain first.

What are some of the Microsoft products that you are in the process of adopting?
Last year, with Exchange, Windows, and SMS - that really dealt with the IT infrastructure side. We got huge benefits. We talked about taking $100 million out of the cost of the infrastructure. What we are doing right now is focused on the application side, so SQL Server 2005 and Visual Studio System 2005 are the big ones.

How much of your job do you see as business process transformation versus pure technology?
More and more of it is business process transformation. If you look at my job and a lot of CIOs' jobs, they are some of the only functions that span the entire company. Most companies are aligned by business divisions. They have CEOs, and then there are leaders of the business organisations that are "siloed".

Do you use any Linux?
As a policy, I don't run anything that competes with Microsoft. My goal is to make sure Microsoft products are the best products in the world. It's an easy choice for me, in that sense - to run Microsoft technology. We don't run Unix. We don't run Linux. We don't run Oracle. We're 100 per cent Windows, SQL Server.

We do, in areas on the client, have an open source client running - just for competitive analysis. As an IT organisation, I have no skills and no ability and no purchasing of those products. We don't even run J2EE. Everything is .NET.

How much of your department's time, as an IT organisation, is spent on security? We've heard the figure 10 per cent thrown around.
It's hard to capture the overall time spent on security, but 10 per cent is probably about right.

It seems as if companies are shifting their attention from broad threats (mass-mailing viruses, distributed denial-of-service attacks) to specific threats - that is, those targeted at a particular company.
In the past, it's always been the DDoS attacks bringing down the network. In a way, those are not as harmful as the malicious attacks.

The bigger concern I have is the malicious attacks; the bad people on the outside - or the inside - that want to get at something and do some damage to the company. So we do quite a bit to protect on that.

The other thing on the security side is governance: Sarbanes-Oxley and regulatory compliance. I think a lot more time right now is being spent on compliance and the regulation. It probably is competing with the amount of time spent on traditional security.

How about the things we are hearing a lot about - spam and spyware?
We get a lot of spam. We get ten million emails a day coming into Microsoft. We delete more than nine million of those as spam. Spyware, malware - you continue to have to scan the network and protect against it. Our users are the admins of their machines. They can load whatever software they want on their machines, but we do audit the network continuously. I am continuously scanning the 300,000 machines on my network and assuring that they adhere to the security policy. If they don't, we address that remotely or we disconnect them from the network.

You have said that you don't see offshoring growing significantly. That struck me.
I don't think it's growing significantly. It's definitely here to stay. It's not going to go away. My biggest issue is finding enough good people in the United States.

I've got a couple hundred open positions that I want to find people - primarily in Redmond - to fill. It's one of the things that come up when I talk to college students and they ask, "Is IT a good career?" It's a wonderful career for someone in the United States coming out of college. The whole feeling that offshoring is going to kill the IT industry in the US and that there are no IT jobs is way overblown. In my career in IT, other than the bubble, I've never seen a greater demand for IT skills other than right now.

That might explain why IT continues to be strong in the United States. Why doesn't it still grow offshore?
I think it will grow. The question is whether it grows significantly. I don't know. It will grow outside the US, just like it will grow inside the US

Is that because there are only so many functions that can be physically distant?
Many functions can be distant. There just are efficiencies of having the functions next to the business and in the hub of the corporate centre. Those organisations that move corporate centres offshore will have an easier time moving IT functions offshore. With Microsoft, the bulk of what we do is in Redmond.

Microsoft is fairly unique in that regard. If there is a spectrum of how much of a company's value is being geographically central, then Microsoft is definitely at one end.
To build products, you need to have people talking to make sure you have integration, so proximity helps. I don't know that it grows significantly from here. We have great partners in India; we have great partners in China. We have great products around the world. We will continue to use them.

What kind of stuff does Microsoft IT have others do?
We outsource our tier-one call centre to HP. Our desk-side support is outsourced, depending on the region, to either Fujitsu-Siemens or to HP. We do outsource some applications development and maintenance to a variety of vendors - Accenture, Electronic Data Systems, Infosys Technologies, BearingPoint. Typically, what we don't outsource are those areas directly tied to our products. We never want to outsource all of our applications development, because we want to be driving improvements in BizTalk and SQL Server and Visual Studio.

It sounds like you have outsourced where you can already.
I don't know that I will grow the way in which I use vendors. I don't look at the whole offshoring thing as a cost deal. The cost savings honestly aren't that significant, and there is additional risk. To me, it's a talent base. It's another pool of talent, and that's the biggest advantage.

So if there were enough talent here, it probably isn't something you would be looking at?
It's an alternative for me when I can't find the talent in the United States.

People make the argument that Microsoft is in a different position than others when it comes to that, because other organisations are more cost-sensitive.
We're very cost-sensitive. I think that is a misconception about Microsoft. What Wall Street measures you on is your earnings growth every quarter. Your expenses need to go slower than your revenue, so we've got to be cost-conscious. When I look at my IT spend as a per cent of revenue, it's decreased every year over the last five years for the IT organisation - even though head count has grown every year for the company.