Tony Scott, GM's CTO, is today's second keynote.
SInce 1996 GM has made significant progress toward common processes. They've reduced their legacy systems from 7000 to 3500. They have built a common email systems, created a global employee portal, created a single global CAD/CAM system (down from 23), and gone from having the highest IT cost as a percentage of sales to the lowest IT cost in the industry. That is impressive.
They've achieved this by taking a "one-company" approach to IT. They still have regional CIO's responsible for systems, but overlay that with cross regional "process information officers" that worry about supply chain, network, etc. Tony's one of those cross-regional offices. GM is 100% outsourced. There's no one in GM who's writing code, running data centers, administering networks, etc. GM manages IT by contract. What GM does internally is the "value innovation" function (see Modular IT Organization) that decides how IT can be used to help the business.
GM has been working on IdM since the current management team arrived in 1996. They started by working on the fragmented directories and worked toward a common directory infrastructure. They've been active in Liberty from its start because they saw the need to federate inside and outside GM. They've used Liberty to provide SSO in the employee portal (Socrates). They did this with an external benefits provider. Some lessons learned:
- Trust is important: organization to organization, audit, and security.
- Liability and support issues: costs and escalation process for problems.
- User issues: users thought it was broken and called the help desk because it didn't continually ask them for a password.
- Spend time on the use cases: work through all the specific cases like new employees, status changes, session time-outs, logging out of one site, but not another, and so on.
- Obtain business buy-in: why is this important? What are the risks and benefits?
GM has built a global employee phonebook. It took a year to get regulatory approval in Europe. Europe has defined privacy as a human right while in the US data protection laws quickly run afoul of free speech issues. This means that location of data is important (in what country). Are you going to move that data outside the territorial boundary of the country. Data center consolidation turned from technology issue to a regulatory issue. One big lesson was that their data access and retention policies had to be harmonized globally.
Digital ID in Auto Manufacturing: Every vehicle has a unique ID that has not traditionally been leveraged very well. They're starting to change that. GM build about 250 test fleet vehicles of each type and subjects them to various conditions. There are 55 microprocessors on board for diagnostic purposes. In the old process, GM collected data in the test fleet on an ad hoc basis, there was significant lag time, and the data was only available to a few. It could take 180 days to get data from the test fleet into the engineering process and affect manufacturing. Today they collect data daily through OnStar, the results are available in real time on the internal network. Some problems can be corrected in real time. The benefit is a shortened engineering to production cycle. They are at 18 months now (down from 5 years). This also removes significant warranty costs by decreasing false positives, for example.
The long term implications:
- DIgital IDs for many things, not just people.
- Management tools will be necessary for commercial and personal applications
- Rules for access and privacy are unclear
- Still room for technology innovation in this space