INTERVIEW OF MICROSOFT's CIO (RON MARKEZICH)

Has the I.T. environment changed from five years ago?

Markezich: Five years ago was kind of the tail-end of the bubble. Money was spent on I.T. just for the sake of spending it -- just not much thought was given to the outcome. After the bubble burst, budgets were slashed just as recklessly. Now we are in the healthiest state I.T. has ever been in. For the first time, I.T. is in a state of balance.

What was promised by the Internet five to seven years ago is finally coming true: the landscape becoming a reality through the low cost of bandwidth, connectivity, and a great deal of innovation. So, I think there is a big change in opportunity and how we think about I.T. overall.

And everything is much more complex than five years ago. The environments were built without a lot of thought around the architecture during the bubble, and now all I.T. departments have to work through that.

Elevating the level of technology to make it more easily searchable and accessible also makes it more complex for a CIO to manage. It used to be you could just lock down the network, but now it is hard to control the network because you want to use it with partners, customers, suppliers, and others. It is a much more complex trend and difficult to manage.

CIO Today: How have new legislative demands affected the I.T. department and the CIO in particular?

Markezich: That is another category of things that have radically changed. I think Sarbanes-Oxley regulation has been great for the industry and for us but it does require a huge time commitment. Even so, I am probably at an advantage because I have the resources to readily comply. It does give us internal controls and great feedback, but the actual scope of the requirement is difficult to nail down.

The biggest challenge is in handling all the different laws in different countries, and even in different regions of the same country. Many of those laws dictate where you can store company data or even employee information. That makes it hard. I.T. loves to standardize, but such a scattering of requirements makes it hard to standardize compliance. Plus, the rules are constantly changing.

At some point, many of us in I.T. would like to see some consistency for managing controls and privacy, like a standards board that sets the bar across industries -- something along the lines of what accounting has in the GAAP, or generally accepted accounting principles.