Risk Adjusted Strategies for Modernizing IT Operations
IT leaders will play pivotal roles in the road to recovery, “seeking the next normal” while still performing their traditional roles.
IDC predicts that, by 2023, CIO-led adversity centers will become a permanent fixture in 65% of enterprises, focused on building resilience with digital infrastructure, and flexible funding for diverse scenarios.
By 2024, IDC predicts 50% of CIOs will accelerate robotization, automation, and augmentation initiatives to support safe, distributed work environments.
Juan Orlandini, INSIGHT
As the chief owners of the digital infrastructure that underpins all aspects of modern enterprises, IT leaders will play pivotal roles in the road to recovery, “seeking the next normal” while still performing their traditional roles. In a time of turbulence and uncertainty, CIOs and senior IT leaders must discern how IT will enable the future growth and success of their enterprise while ensuring its resilience.
To this end, IDC predicts that, by 2023, CIO-led adversity centers will become a permanent fixture in 65% of enterprises, focused on building resilience with digital infrastructure, and flexible funding for diverse scenarios. By 2024, IDC predicts 50% of CIOs will accelerate robotization, automation, and augmentation initiatives to support safe, distributed work environments.
In a recent BizTechReports interview with Juan Orlandini, Chief Architect at INSIGHT, Orlandini discussed the pain points of technology leaders from around the country to explore how organizations are developing and executing risk-adjusted IT modernization strategies to support business transformation initiatives that have been accelerated as the result of the COVID-19 pandemic. Here is what he had to say:
While enterprises across vertical industries and geographies are working at a breakneck pace to execute their technology modernization and business transformation initiatives in the wake of a pandemic year, there are still concerns about whether enough executive attention is being paid to emerging security and risk management issues. The threat landscape has evolved significantly over the past year, as both bad actors and new technology-enabled business strategies create unfamiliar risks and threats. In some ways, noted one executive, security remains a bit of an afterthought.
This is especially true as new applications are pushed through the production pipeline at unprecedented speeds as the result of DevOps that are producing code for new processes in response to customer demands and competitive threats. Organizations must be careful to ensure that “minimal viable product” (MVP) value propositions are properly vetted for security.
As Juan from INSIGHT, pointed out: “If you're a development company, you want to push out your code, your application, your product as quickly as possible. In many ways the industry is playing catch up when it comes to risk, governance and compliance in this new environment.” For organizations that have not invested in DevSecOps, this represents a major gap that should be closed to ensure risk-adjusted technology modernization.
The need to embrace the concept of secure change management as a fundamental executive discipline. When it comes to DevOps environments, you have to put secure processes in front of code development so that work can be scanned accordingly. This is especially important for organizations that have embarked on building infrastructure-as-code frameworks to underpin their operations. That's where a reorganization of an IT organization has to be thought through before the deployment of technology. It requires a significant workflow change. Someone has to be the CEO of that change.
The reorganization discussion is intriguing as we explored how little many IT structures have changed over the past decades. Most still have conventional organizational charts, with VPs of applications, storage, networking, data centers, etc., reporting linearly to the CIO. Moving to new cloud-centric platforms (supporting hybrid, multi-cloud environments) will require continued cultural adjustments that mitigate the chances of siloed thinking. Siloes, we discussed, create their own very special vulnerabilities, which can only be mitigated by creating more integrated teams.
Cultural evolution extends well beyond the IT department. Several organizations have noted the challenges associated with establishing an environment that stresses ongoing training about secure, risk-adjusted behaviors across the enterprise. Efforts to inform and educate employees on this topic must be backed up by consequences -- without fear or favor, regardless of rank and grade. Many members of the workforce lack a natural inclination -- or thought process -- for understanding the new risk and threat landscape. The core challenge is not about technology skill sets. It is about establishing a basic understanding of fraud, risk and smart practices that everybody needs to have. With people working from home, several participants noted a marked degradation across a range of secure digital behavior. The intelligence of all users needs to continue to mature...even as the breadth and depth of the technical skillsets progress.
Adding to the challenges faced by today’s highly distributed endpoint environment has been the assimilation of key players who are NOT employees. Supporting the work-from-home (WFH) environment includes taking into account extended enterprise players -- including independent contractors, suppliers, as well as customers -- who are accessing critical compute resources in new ways. It is important to take into account that these players often don't have the same type of rules and policies in place for security. Understanding the changing dynamics of enterprise resource utilization -- as both the endpoint and infrastructure environments evolve -- has emerged as a critical consideration.
For more information on BizTechReport podcast interviews, please contact Melissa Fisher at MFisher@BizTechReports.com.