Category Archives: BMJ

BMJ CTO: ‘Consumerisation of IT brings massive risks’

Sharon Cooper, CTO of BMJ

Sharon Cooper, CTO of BMJ

As we approach Cloud World Forum in London this June BCN had the opportunity to catch up with one of the conference speakers, Sharon Cooper, chief technology officer of BMJ to discuss her views on the risks brought about by the consumerisation of IT.

What do you see as the most disruptive trend in enterprise IT today?

For me it is the consumerisation of IT, but not because I’m worried that IT department is being put out of business, or because business users don’t know what tools they need to run their business. My concern about the disruption is that there is a hidden risk and potential massive costs and unknown danger because many of today’s applications and tools are so deceptively simple to use that business users are not aware of things that might be critical to them, in part because the IT department always controlled everything, and hid much of the complexity from them.

Tools are so easy to use, someone just sign ups with their email address, uploads a large spreadsheet full of personal customer data, and then they leave, they forget to tell anyone that they have that account, it might even be under their personal email address. So the company has no idea where its corporate assets are being stored, you have no idea where they are being stored, and when that customer asks to be removed from the company’s databases, nobody has any idea that the customers details are hidden away in locally used Google Drives, Dropboxes, or other applications.

If nobody in the company has a view over what tools are used, by whom and what’s in them, is the company even aware of the risk, or its individual employees who are using these tools? Business users are reasonably savvy people but they probably won’t check the T&Cs or remember that extremely boring information governance mandatory training module they had to complete last year.

I really encourage people in my organisation to find good tools, SaaS, cloud based, apps, but I ask them to ensure that my team knows what they are, give them a quick review to see if they are genuine and not some sort of route for activists, has checked over the T&Cs, remind them about the fact that they are now totally responsible for any personal customer data or sensitive corporate information in those applications, and they will be the ones that will be impacted if the ICO comes calling.

What do you think the industry needs to work on in terms of cloud service evolution?

Trying to get legislation to catch up with the tech, or even be in the same century.

What does BMJ’s IT estate look like? What are the major services needing support?

We have a bit of everything, like most companies, although I believe we have made fairly significant moves into cloud and SaaS/managed services.

Our desktop IT, which is provided by our parent company is very much traditional/on-premise, although we have migrated our part of the business to Google Apps for business, which has dramatically transformed staff’s ability to work anywhere. We’re migrating legacy bespoke CRM systems to cloud-based solutions, and use a number of industry specific managed services to provide the back office systems that we use directly, rather than via our parent.

Our business is in digital publishing and the tools that we use to create the IP and the products that drive our revenue are predominantly open source, cloud-based, and moving increasingly that way. Our current datacentre estate includes private cloud, with some public cloud, and we believe we will move more towards public over the next 2-3 years.

Can you describe some of the unique IT constraints or features particular to your company or the publishing sector? How are you addressing these?

Our parent company is in effect a UK trade union, its needs are very, very different from ours; we were originally their publishing department and now an international publisher with the majority of our revenues coming from outside the UK. There is some overlap but it is diminishing over time.

Our market is relatively slow to change in some ways, so our products are not always driven as fast by changes in technology or in the consumer IT markets.

Traditionally academic publishing is not seen as a huge target for attack, but the nature of what we publish, which can be considered by some to be dangerous, has the potential to increase our risks above that of some of our peers – for example, controversies over the accuracy of medical treatments, we were the Journal that produced the evidence that Andrew Wakefields research into MMR was wrong, and he has pursued us through the courts for years. If that story had broken today, would we have been a target of trolling or even hacktivists. We sell products into the Middle East that contain information on alcohol related diseases, and we’ve been asked to remove them because there is not alcoholic disease in those countries (we have not bowed to this government pressure),

As the use of knowledge at the point of care becomes ever more available via the use of devices that can be used by anyone, anywhere, so does the additional burden of medical device regulation and other challenges, which coming from a print publishing background, were never relevant before.

Are there any big IT initiatives on the horizon at BMJ? What are the main drivers of those?

We have probably under invested in many applications over the last several years, a policy to really sweat an IT asset was in place for years – and we have a range of systems we will be replacing over time, consolidating – for example we have 5 different e-commerce systems, revenue is processed in more than 3 applications.

As with most companies a focus on data and analytics in all of its guises will be critical as we move forward.

Why do you think it’s important to attend Cloud World Forum?

It’s always good to see what vendors are offering and to hear what others have done to solve problems in their industries which might have relevance to yours, quite often it means you don’t feel quite so bad about your own situation when you hear other people’s tales.