Several years ago, Allan Hackney, then CIO for John Hancock, told me that the age of IT producing things was narrowing to services that drive competitive advantage. Everything else would occur as a service broker. So how has this concept matured? How has it changed? I asked the #CIOChat for their thinking.\nWhat elements of the \u2018supply of IT\u2019 should be owned by IT?\nCIOs are not a fan of a control model. IT, they said, should understand the context of business needs and deliver solutions that exceed them. What Theodore Levitt called the augmented product. This was seen by CIOs as the internal IT differentiator.\nCIOs believe that IT service brokers should provide services to their customers regardless of how those services are sourced. Sourcing should belong to IT with appropriate help from integrated finance, the CISO, and others. One CIO said they have told their business peers that the business decides what and they decide how. Clearly, this does always occur today.\nThe problem is that in a digital world where business is increasingly IT and IT is increasingly the business things can get confused. In fact, CIOs say that today IT leaders shouldn't really care who does the work as long as architecture, security and data are conserved. Additionally, IT needs to establish mechanisms to identify unnecessary project overlaps and manage the flow of changes getting released.\nSo back to the question. CIOs say that they should be accountable for security, architecture, and technical strategy. CIOs stress that being a service broker shouldn\u2019t negate the need to be able to integrate, architect, and still in limited cases design, build, and deploy. CIOs believe that being a service broker is as much a philosophy as it is a change to the CIO role and responsibility. Having said this, CIOs suggest there are elements of supply that IT must be accountable for as a service broker assuming a cloud first model. These include the following:\n\nInfrastructure (Networks, IoT\/IIoT)\nXaaS (SaaS, IaaS, PaaS)\nData\nService\nEnterprise architecture\nProjects\nthird-party suppliers\nOperations\n\nCIOs stress the need to establish shared governance or collegial advisory relationships. CIOs say governance, risk, and compliance (GRC) can't be dispensed with, but can always be streamlined and accelerated without sacrificing security and control. CIOs do struggle with seeing cybersecurity as a 'service'. They believe it must be integrated into the overall company and culture and be part of every employees' responsibilities.\nOne CIO ended this part of the conversation by saying the key issue is that IT must compete or be subsumed into the service broker capabilities of the shared service organization. The existential question, one CIO said, is does IT wants to become the broker of business services in the organization? Or work for it?\nDoes being a service broker provide business leaders more choices?\nCIOs say that IT organizations have to offer valid choices wherever possible. Increasingly, they should exploit low code\/no code tools that allow citizen developers to flourish. Importantly, this can enable IT to maximize enterprise resources to solve new business problems. Simply put, being a service broker means that instead of being a technology supplier, you introduce complete services. Whether internally or externally developed, they should deliver business value and improved organizational capabilities.\nAs early as possible, you want to bolt-on security guarantees enabling lower or higher risk and lower and higher cost. Cybersecurity should surface in the service broker conversation through the following:\n\nIncident investigation\/response\nSecurity reviews\nEthical hacking\nSpam\/antivirus\/intrusion detection\nVendor management\n\nCIO, also, need to set standards to provide building blocks, tools, and guides for usage. They should not try control things. CIOs see the function of supplying a service as being determined by what are the unique qualities and requirements of a successful service and how is their IT organization is designed to enable them. Here, the CIO must have conviction and deliver solutions, whether internally or externally developed, that enable the business to run more efficiently and effectively.\nSome CIOs interestingly believe that IT should have always been a service broker. These CIOs suggest that the fact that we are only highlighting the opportunity recently shows IT hasn't been doing its job. These CIOs say as timesharing has been around for 40 years and for this reason, IT has never had total control of things anyway.\nImportantly, CIOs say they want to make 'doing things right' the easier choice for business units. This means increasing the number of citizen developers by providing tools and training. To do this, CIOs need to be \u2018ahead of the game\u2019 so strategy and architecture are in place which governs added services. New services, in fact, should never be provisioned before, strategy and architecture are updated. IT needs to ensure that services don't break architecture, compromise security, or create needless technical debt. One CIO said that they have setup user groups for business users to teach them IT principles and how to work in concert. If you establish guardrails, this can create free IT labor that improves user satisfaction.\nIt is time for CIOs to get behind the fact that the future of IT is as a service broker for all IT-related resources: internal, public cloud, and 3rd parties. This includes shadow IT and the harnessing of change agents (inside or outside of IT) to provide on-demand solutions via low code, APIs, etc. In accepting this mantra, it important that IT not become:\n\nAn order taker\nA cowpath paver\nAn infrastructure operator\nAn operations function\nA cost center\n\nInstead, IT needs to become an innovative and integral business partner for growth. CIOs should recommend options that create business value to relevant customers and the consumers of the services. CIO today must, also, be a good and swift at sorting, defining, and assessing. Cloud and low code\/no code and RPA can make IT easier and more visible than even a few years ago.\nThe CIO\u2019s value should come from being the trusted advisor, hyper-aware of internal data connection points, and able to explain how every opportunity will mesh with the overall ecosystem and benefit business goals.\nCan a service broker mentality shift IT toward business innovation?\nCIOs said that regardless of the IT mentality, driving business innovation is a leadership issue. You have it or you don't have it. CIOs believe that a service broker mentality is a good start to helping IT travel down the road away from a cost center. But they stress that it is only part of this journey. The act of articulating and driving the digital transformation journey will force the rest of the process.\nOne CIO suggested the transition occurring as a Venn Diagram between a service broker and service provider. CIOs, in general, say that the critical mindset change now is that the CIO is in full-on competition with the world (SaaS, cloud, application marketplaces, service providers, vendors, etc.) for internal market share.\nA parochial service catalog is seen as negatively impact the CIO. Brokering to the world is the key to success. Smart CIOs expand their catalog of innovative services to other enterprises in some sort of alliance. CIOs suggest that business folks have no shortage of innovative ideas for improving processes. Sometimes the best thing IT can do is engage deeply with their customers instead of building elaborate program\/demand management processes that stifles collaboration.\nCIOs, also, think that tech debt should be avoided. One CIO said that not everyone can pay cash for a house, so they take on debt with a plan to pay it down and a governance model that ensures they will. Past debt needs to be addressed but a goal of transformation should be to make sure future technical debt is minimized through using LEGO types of solutions including micro services, IOT, no code\/low code, etc.\nCIOs say that IT resources are often not the most interesting part of the service broker story. New means\/methods like just in time, risk management, alternate sourcing models (3rd party development, hackathons.) Yet, this is often where IT is weakest and has the least experience or muscle. However, CIOs say in insurance and healthcare, some alliances have resulted in a service having a faster time to market.\nHow important is a service catalog?\nCIOs suggest that it's paramount to provide a service catalog. It is important that the catalog allow self-service consumption. One of the reasons enterprise IT is often behind is because they\u2019re too busy trying to count the chickens they have and don\u2019t look at the ones that are hatching soon.\nCIOs, however, say that they rarely have seen a service catalog that offers sufficient choice or a good customer experience. CIOs believe that there is a long way to go before software can act as a service broker front-end. That said app stores and marketplaces are increasingly showing the way forward. In today's fast changing tech world, a service catalog that inherently understands its own inadequacy and allows the customer and service broker to easily teach, extend, and otherwise keep things relevant is essential. CIOs stressed here that it is still day one of the "consumerization of IT".\nMany organizations, however, have no clue how to build and support a true service catalog. Let alone build the marketing strategy around it. With this said, service catalogs are a way to highlight commodity services that might be variable across lines of businesses.\nIn service broker approach where does internal IT have an advantage?\nCIOs say that IT has been into vendor management business since the age of punch cards and dumb terminals. For this reason, it has always been critical to have talent that understands the vendor\/service landscape and how to get best deal.\nCIOs stress that the legacy provider mentality makes the typical IT department do the vendor process by hand each time. This is no longer workable. IT must be elevated into a competent service broker. In a perfect world, IT needs to be the brains behind architecture and strategy and perform service governance. Where commoditized, IT should provide service via outside vendors. Those CIOs who can shift to these new models will thrive and survive. Those who can't, won't.\nWith this said, good CIOs understand the internal customer better than anyone else. Ultimately, IT should have the best shot at the business and be the best conduit to the outside. But as IT shifts away from being a doer of all things, it needs to be a gateway, enabler, and a trusted business partner. It\u2019s other key role should include putting guardrails on the service provided\u2014i.e. enterprise architecture, security, governance, and cost control.\nIT is clearly in transition from a builder to a broker. In this transition the job is to manage enterprise architecture, security, governance, and cost control. Given this, the focus moves to buying services that lack business differentiation to only building things that instantiate core business capabilities and differentiate the business.