- Enterprise IT As-A-Service™
- Strategic Sourcing
- Business Transformation
- Service Optimization
- Service Provider Consulting
Click image to enlarge
ADM is the most common IT function delivered through Global In-house Centers (GICs), but its share has been declining in recent years
Monday, May 2, 2016 | 2 p.m. EST
Register for the webinar
Peter Bendor-Samuel, Founder and CEO, Everest Group will be a featured panelist on this CFO-hosted webinar.
CFOs know that investing in technology is imperative to remaining competitive as a business today. Equally crucial, however, is investing in your IT department. In addition to being willing to provide your IT department with the necessary budget to run effectively, CFOs should be doing everything in their power to forge strategic partnerships with IT executives. IT leaders have valuable insights into the future of business that CFOs are wise to use. IT leaders can also help steer technology investments in the right direction to ensure their organizations employ the the best tools to foster growth.
This Webcast will discuss the benefits of forming and strengthening a strategic partnership between finance and IT, including:
CIOs need to make sure IT metrics align with business users’ expectations.
Once your IT organization aligns with business users’ needs and commits to the journey of achieving those business objectives, you can then determine how to do that. After determining your strategy, you’ll then establish metrics to measure IT’s performance. As Winston Churchill advised, “However beautiful the strategy, you should occasionally look at the results.” But if yours is like most organizations, the probability is high that your metrics will measure the wrong things.
The CIO community invented service levels to measure performance. And for the last 20 years, organizations systematically established IT metrics and implemented the disciplines that reflect the promises IT made to the organization. Good intentions, but here’s the problem: Almost all IT service levels or metrics measure the performance of functional disciplines.
With the emergence of digitization, the Internet-of-Things, cloud, and other technology disruptors, IT’s role in and value proposition for the business units it supports have become integral to how competitiveness is established and maintained. Business that are incapable or unwilling to leverage the full power of the technology advances or resist adapting to the new business models that are being enabled, will, in relatively short order, become laggards in their industry and, in some cases, cease to remain in business.
Download this Executive Point of View
In many newspapers these days, one doesn’t have to read very far without tripping over the latest sensational article on a security breach. The black hat community conducting security attacks is incredibly well funded and incredibly sophisticated and our traditional firewall security precautions are woefully inadequate. The implications of this for companies are stark and robust. I think we must start with how we approach security.
The list of attacks is long and includes, for instance, Target’s customers, Anthem’s healthcare customer records, and the U.S. federal government apparently being penetrated by the Chinese. Behind all this is the frightening prospect of a highly sophisticated black hat community potentially funded by national governments in China and Russia and increasingly being in alliance with organized crime. The black hats are conducting security threats on a scale that is both mind boggling and deeply worrying – not only right now but even more so over times as the R&D effort of this community drives increasing levels of sophistication.
To date, we have approached security as a hygiene vehicle – one and done. We think about it in terms of firewalls securing our data center or making different layers of IT or technology architecture secure. We invest once to try to imbue our technology with a level of defense, and then we seek to spread that investment over the technologies; and we expect the cost to decrease as the learning curve goes down. The problem with this is that it cannot stand against the R&D effort and the rate of improvement in the black hat community.
Therefore, we must change our expectations and how we buy security. We must have a separate security tower in which the expectation is the cost will rise over time and we will invest ever more money and time into ways to counteract the growing black hat menace. The black hats are not constrained to attacking just one functional element of an organization’s service chain; therefore, businesses need an overarching security solution that secures everything. The consequences of not countering this threat are immense.
When we approach security as a hygiene vehicle, we ask for a component of security and monitoring in each technology function. Whether it’s a data center, applications, network, or other infrastructure, we use firewalls, encryption, or other tools and techniques to harden our environment and make it less vulnerable. That’s all well and good, and this should continue. However, this is woefully inadequate on its own with the increasing sophistication and threat from the black hat community. We cannot expect to be defended or even maintain our corporate responsibility if we assume that a hygiene approach is adequate.
It’s clear that we must also procure a different kind of security that is overarching and that matches the rapidly changing security landscape vulnerabilities uncovered and exploited by extremely well-funded and incredibly gifted black hats. We must realize that a hygiene approach to security will prove to be dramatically ineffective against the black hats’ innovation. And we must expect that the cost of an overarching security function will increase because of the need to constantly invest in our capabilities to innovate – and innovate faster – to counteract their threats.
We see the changing expectations starting to happen with the chief security officer in a role outside of technology and reporting directly to the CFO, CEO or board. But we have not seen the kind of budget and capability being invested into that function that are necessary to counteract the growing threat.
Furthermore, we have yet to see service providers providing a managed service to this new entity. The managed services they offer are based on the normal managed services principle of providing a constant service that will get cheaper over time as the learning curve and technologies mature. That’s the underlying theme of all managed services. That principle gets stood on its head in the context of security when the adversaries’ sophistication keeps rising exponentially. The cost of sophistication to counteract the adversaries must rise equally – which doesn’t work in the managed services principle.
Furthermore, no one firm can have the sophistication to take on the Russians, Chinese, organized crime mob, and the black hat ecosystem. That’s not a reasonable expectation for even the largest organizations. Therefore, organizations must turn to service providers that can aggregate customers in order to match the investment of the black hat community. The services industry must get together to defeat this massive threat to businesses, but managed service offerings are not the answer. We must innovate at the same rate at the black hats; thus a provider’s expectation of cost dropping over time is false because the learning curve will not go down.
Bottom line: The cyber attacks situation will get worse. All businesses – including service providers and their customers – must expect that their investments in security will increase to match the ever-escalating threats.
Photo credit: Flickr