A trio of keynote speakers finished up the second day of the sixth edition of the global user conference at Salt Lake City’s Salt Palace. Mark Sunday, recently retired as Oracle’s CIO, headlined and talked about having spent his career feeling that “my entire job was balancing priorities.”

The primary balance that had to be struck, he said, was among adding capabilities, ensuring security, and managing cost. “On one side, we [IT professionals] really are core to providing compelling capabilities for our customers. This is in terms of what the systems do, how they perform, their ease of use, and how fast they respond to the needs of the business. The bottom line is that we want to add as much value as we possibly can.

“At the same time, we’ve got to reduce risk. Including ensuring that [the systems] are available, even with disasters.” The bottom line, he said, was that IT teams have to be able “to protect all the data,  protect all of our assets, and make sure the stuff’s available.”

But there’s a third component to be balanced, Mark Sunday told the SaltConf19 audience: “There’s not a technology in the world that doesn’t have some level of cost pressure put on it.” He cited communications costs as an example, saying that “at Oracle I was spending a few hundred million dollars a year on telecommunications. I could have cut that in half, but what would that do? Well, it would impact performance, and getting rid of redundancy would impact availability.”

The Trifecta

And so, Sunday said, you’re typically trying to balance the delivery of new capability with keeping a solid risk profile, all the while being cost effective at the same time. “And this is hard, this is really hard because of the incredible complexity we now have.

“The world is changing so dramatically that everyone has to be fast. So that’s hard on the businesses. But then for the technology organization within that business it’s equally hard. The key thing is being able to have your technology morph at the speed of opportunity, at the speed of business.”

Normally, Sunday said, one element is emphasized at the cost of one of the other key concerns. Performance might be traded for cost, for example.  

“But the space in which you’re working is what I call ‘the trifecta,’” Sunday said. “Where investments not only improve your ability to deliver capability to your stakeholders, but they allow you to be faster, able to make changes, able to keep pace at the speed of business. And at the same time you’re able to reduce your risk by ensuring availability, ensuring security, improving your privacy, improving your compliance. And at the same time, it actually costs less.”

Automation and security are the trifecta, he said. In a separate interview later that day he noted that DevOps can enjoy trifecta status as well, with SecOps being an important component within an overall DevOps framework: “I think security operations need to be integral to DevOps. That’s what we wound up doing at Oracle.”

Prior to that, he noted, “My risk team was largely the architects and those from the compliance perspective, whereas really all the engineering and operations things were consolidated with DevOps teams.” Not having everyone on the same operational page had its costs, he said, noting that “I had years of teams being at odds, so it slows you down and there are conflicting priorities. Integrating together has been important and I think we’ll see that more and more.”

Keynote conclusions

Sunday was emphatic that keeping things balanced was no longer something that could be handled manually: “Infrastructure has never been more complex. To manage it effectively in these bigger, faster networks, you’ve got to automate. Not only does automation make it faster, it lowers the cost, but also reduces the error.”

Keeping an eye on security controls is also an arena where automation presents opportunities, he said, saying “Compliance is getting harder and harder and harder. Well, why not, like we did with infrastructure or with networking, automate the heck out of it. It’s that kind of trifecta thing that allows you to be faster, allows you to be more secure, and allows you to do it at a lower cost.

“But to make all this happen, another thing we have to tackle is the organization. Get rid of those silos and make sure everyone is rowing in the same direction.” His conclusion: “You are all in a space where you can go to the executives in your companies, to somebody like myself, and say, ‘Guess what, I’m not only going to improve the capability for our business, for our organization, for our constituents, I’m going to reduce the risk, and at the same time I’m going to save money.’”

Mark Sunday recently retired from his position as chief information officer and senior vice president at Oracle. There, he was responsible for providing the global communications, computing, and security infrastructure that enables Oracle’s internal business operations as well as a variety of hosting and education services for Oracle customers.

Prior to joining Oracle in 2006, Sunday was senior vice president and chief information officer of Siebel Systems. With more than 30 years in the high tech industry, he has also served in various IT leadership positions at Motorola, ST Microelectronics, and Texas Instruments. Sunday holds a BSE from the University of Michigan and an MBA from Southern Methodist University.