Scotts Miracle-Gro Discusses Creating Products With Built-In Security and Quality
Mark Sims - Central Ohio Tech Power Player Honoree
Director of Business Intelligence and Analytics
To listen to the podcast, click here!
CIO for Scotts Miracle-Gro, Mark Sims, discusses creating products with built-in security and quality.
CM: Hello, we're here today with Mark Sims, who is the CIO at Scotts Miracle-Gro. Scotts Miracle-Gro is an organization based in Columbus, Ohio with over 5,000 employees. My name is Chris Murphy and I'm Director of Business Intelligence and analytics at RSM, and I will be your guest moderator today. Let's get started. Now, Mark, as we're thinking about technology and technology trends, there are a few areas I want to talk about today. Thinking about emerging and disruptive technology or innovation, some issues that we run into – where do you think you come up with ways to fuel innovation efforts both on your team and organizationally for Scotts?
MS: Sure. Well, good afternoon, Chris. Good speaking with you. I would say one of the things that we've done is, we actually have an emerging tech group that originally was kind of a centralized group that was focused on looking at kind of far out, emerging tech and starting to see how we can apply that into the business. As we kind of took a look at that group and what they were doing and how sustainable it was for them to just be doing pure research, we really refactored the group. We then embedded each one of those people with a one of our functional IT teams, so we put one in supply chain, one in sales, etc. We still wanted them to spend some time on the really emerging stuff, but we wanted them to focus on more applied tech, so it was emerging tech. So, for example, in our supply chain group we have a project called Hot Rod, which believe it or not – because we're a lawn and garden company, we make a lot of soil, and as soil composts it gets really hot, and if you don't turn it appropriately it will catch on fire. So, there's a whole safety issue where in some areas people have to go out multiple times a day and measure the temperature of the soil, all these different wind rows. And so, we were able to create a device that you put into the wind row and it's constantly monitoring the temperature, and then you can have it red flag and alert you.
So that's where we took what, two years ago, was an emerging technology as it related to IoT and started to look at how can we go with mesh networking, etc., to make a solution out of it that we can actually help the business with. So, it's really a health and safety risk that we mitigate with the solution, as well as now, we're seeing people are saying, “Well, once I see the temperatures of those piles start to go down, I know it's time to turn it.” And so, they actually think they can get the production cycle, or the amount of time it takes to produce a quality soil, they can get that and reduce the cycle time. So again, really, the kind of message was, we’re really, theoretically, emerging tech and we've tried to keep that but balance it with more applied emerging technology.
CM: That's a great example. And, and so using internet of things technology and the idea of IoT, but then applying it, you're able to efficiently gather that information, because I imagine it would be difficult, you know, five years ago to put all these rods within those lines and actually be able to say the temperature just went down in the last few minutes. But now, using some of that emerging tech, you're able to do it and then apply it in a way that you can actually get information from it.
MS: Right. Absolutely.
CM: Makes sense.
MS: The scale of it is one of the things to really see because there's acres of these things all around our growing facilities, and we have 40-plus facilities. So, if you said we're going to design a manual process to try to collect that data and then do something with it, it's probably just not a sustainable process. So, really leveraging technology to help the business.
CM: Right. So, that kind of leads me into another question. As you're developing something like that, right, business needs might change. That might be a risk mitigation that you have to manage now, but let's say the size of that soil area grows exponentially or there's something else that needs to get measured that you need to adjust these rods to, to accommodate for. How do you think about, alright, now we have a different need. We need to maintain the quality and the effectiveness of this solution, but also quickly get something else in place. How do you manage that balance between quality and timelines?
MS: I think it's probably something that we need to do better and we're not – I wouldn’t say we're not doing it well today, but I think there's lots of room for improvement, and it’s really in two different areas. One is, you mentioned quality, but the other one is security. And so, I know a lot of my team, one of the things that they're focused on is, how do we build both security and quality in from the start? And so, when I talk about building in from the start, as people are developing requirements and use cases and things like that, really thinking through at that point in time, how are we going to test to make sure that this works effectively? And we've got the quality built in, and that way, when we tested at the end, it's not like, yeah, well, we'll run these transactions, but because we took longer than we thought, we've now compressed the quality in a testing cycle, which inevitably happens. This way, they have a really a full set of documented processes that they want to test. And then, also the security piece is the other thing that we strive to build in from the front to make sure that we're not trying to catch it on the back end to say, “Oh, here's, we did some pen tests and here's all the open issues.” We’ll still do that, but we want to, as much as possible, try to build that security in from the outset.
CM: Got it. And so, since you mentioned security, one thing we wanted to talk about was, with a lot in the news about both privacy as well as companies being hacked, critical data being breached or stolen, what's your perspective on that, both within the applications we've been talking about and just general security? How worried should we be in the current environment about security of data and information?
MS: Yeah, I think all businesses need to be highly – I don't know if it's concerned – but they need to be vigilant as it relates to information security. So, there are lots of folks that want to steal stuff and that's kind of been the reality from the beginning of time. And so, as we continue to use IOT devices, as we continue to kind of expand our technology stack, we now open up or increase the, the landscape that people can attack. And inevitably, they may want to hack that device on the edge, but they want to get back to where the real good stuff is to steal. And so, I think everybody needs to be thinking through, “How are we making sure that we're protecting all the assets that we have?” You know, one of the things that we think about is, we try to deploy analytics to look at user behavior so that, from an identity and access perspective, what do we expect this person to be doing? You know, they logged in here from this particular location – does that seem right? And if it doesn't seem right, being able to use analytics to say, flag that to the right people. Or if they’ve logged in and then they immediately tried to log into another system that they shouldn't be trying to log into, flagging those types of things. So, there's analytics.
Awareness is another piece that we talk about, which is, you know, all the stats you read, the weakest link is really the humans, right? The end users. And so, making sure that you've got high-quality cyber awareness solutions or communications that go out, really helps to reinforce with the end users that they need to be vigilant about any links they're clicking on, anything they're sharing, etc. And then the last piece that we try to focus on is alignment. And so, this gets to be making sure that we're not inadvertently adding new solutions and/or sending our data somewhere else. It may not be IT, it may be somebody in the marketing group that needs some analytics done and they want to send it out to a third party. Well, have we vetted that the third party is going to take care of our information? And so, you know, the analytics, the awareness and the alignment are three areas that we focus on just to make sure that we're doing everything we can to make sure that we protect all the assets of the company.
CM: Makes sense. So, you know, as we've talked about a couple of things, we've talked about security, we talked about internet of things. And when you're speaking especially about the analytics. there's a lot of data that is being stored, like I said, within your grid technology, within probably an IOT layer. And there's some cloud technology that really comes into that. Both maybe running some in memory analytics or real time analytics or even storing some of this data. How in the last few years has the availability and security of cloud technology changed the way you think about infrastructure between on premise and in the cloud?
MS: Sure. So, one of the things that we did two and a half years ago, we took a look at our current data center and application portfolio, and our data center is outsourced and has been for the last 10 years-plus. And we really took a look at, what are the gaps with our current setup? And so, we went through our application portfolio and we looked and said, “How many of these things should we be looking to move to a SaaS solution because they could do it better and it's going to give us more capability? Should some of these solutions move to more of a Platform as a Service capability where we refactor it on a new platform? And then there's some things that we just need to know. They did a run and we just need to lift and shift into the public cloud. So, we are actually already on a journey and have been, where we're targeting to move everything – 90 percent of all of our workloads – to the public cloud by 2020, and we're probably about 50 percent of the way there. Part of our challenge is, we keep buying other companies, so that adds to the list of things we need to migrate. So, we'll be about 75 percent between SaaS, PaaS, and IaaS in January of 2018-19. And then because of the additional acquisitions we've made, we will be moving those over the following year. So again, within about 18 months, our goal is to be 90 percent in the cloud, so we're kind of really embracing it as next generation infrastructure for us. And then that allows us to focus on doing a lot of the other things we talked about related to using technology to solve problems for the business.
CM: Right. That makes sense. And then, you know, following up on that, in addition to being able to solve other things, what do you think that is done from an overhead to your reduction of cost or efficiency, if you had to throw a percentage of either efficiency or time or money savings – what do you think that ability to get you to that 90 percent has done for you as an organization?
MS: So, we’re still on the journey obviously, but I think, you know, the three reasons we looked at moving to cloud – one was flexibility, one was speed and the other one was cost. So again, I think we see great things in the flexibility and speed aspect in terms of being able to stand up infrastructure quickly. On the cost side, when we did the analysis two and a half years ago, our infrastructure spend was about 24 percent of our overall IT budget. Our goal is to reduce that to 16 percent. And I think we're pretty well on our way. So, it's about a reduction of about a third.
CM: Great. Great. So, kind of shifting a little bit more…you know, we've talked a lot about technology, we've talked a lot about developing and the infrastructure side of things. But there are still – you know, as you get more systems in place, you get more acquisitions in place, you've got internal customers, external customers; is there a shift within the service desk approach both internally, externally, based on new technology, based on cloud solutions, based on acquisitions, that you have changed your end user support? Or is it really the same adapting to the technology that exists?
MS: So, I'd say our level-one end user support, we actually leverage our managed service provider. They provide the help desk support. But one of the things that we've done internally – so thinking of it as level-two support and up – we've actually renamed that “group associate productivity.” So, we've tasked that team out with helping the end user but not just solving that one incident, but really thinking through how do we make the workforce more productive? And so, that team is focusing on things liken leveraging robotic process automation. So, we use a solution called UI Path that people can start to automate particular steps of their job, so that we can actually make the workforce more productive. We're actually turning another focus back to instructor-led training. So, how do we make sure that we leverage Gmail and the Google Suite for productivity? So, people might say, “Well everybody knows how to use Gmail.” OK, but does everyone know how to use it efficiently, and does everybody know how to organize and use Google Sheets and Google Docs effectively to collaborate? So, we’re really putting a focus on that team saying, “How do you work with the end users to actually make them more productive?” Not just say, “Oh, you didn't have any problems, you should be good.” So again, that's an ongoing problem to have, but I think it's a righteous one to actually help the end users to be as productive as possible with the technology we give them.
CM: Right. And then utilizing some of the other ways you're approaching things, like analytics, to determine how to answer their questions.
MS: 100 percent.
CM: Great. Well, we appreciate your time, Mark. This was a good discussion and I think we went through a lot of the things we wanted to cover. So, for everyone listening in, thank you for your time. This is Chris Murphy with RSM, and Mark Sims with Scotts Miracle-Gro. To learn more about us, visit comspark.tech. Goodbye, until next time.
To learn more about sponsorship opportunities for 2019, contact Michelle Ziegler at email@example.com