Skip to main content

IT risk management fundamentals for the digital age

(Image credit: Image Credit: Geralt / Pixabay)

The digital age has ushered in an era of unprecedented commercial and societal opportunity. It’s also a time of unprecedented risk. An increasingly connected world exposes organisations to a number of hidden threats. CIOs need to take a strategic approach to IT security that identifies threats, protects sensitive information, and keeps critical systems running.

Below are five fundamentals risks to operations for enterprises and how CIOs can address them.

1. Data Security

Data breaches that expose consumer data have been the poster child for security failures. When a data breach happens, it can result in severe business consequences in the form of reputational damage, financial losses, legal liability, and unhappy customers. For example, Google shut down its Google+ social network permanently because of a data breach. Equifax lost a third of its market value following its disclosure in 2017 that hackers had accessed the personal data of 148 million Americans, and Uber was fined $150 million for a 2016 breach. External actors are not the only threat to data security. Whether it’s valuable IP, pricing information, or confidential customer and employee data, far more organizations have suffered from data theft due to the actions of their own employees than outside hackers. To mitigate this risk, enterprises can adopt software that offers the ability to carefully control access to data. Choose a software vendor that offers secure interfaces for vendors, providers, and internal staff with the ability to define precise access controls based on defined criteria such as value, workflow status, and individual assignments.

2. Scalability

As organisations shift towards a more distributed cloud-based model of IT, they don’t always have visibility to the underlying infrastructure supporting their business applications. To avoid outages, performance, and reliability issues, systems must be scalable to several times the anticipated load and be fully redundant.

A sound strategy is to ensure your applications are hosted on secure and reliable cloud servers with robust capabilities to manage rapid growth. Find a vendor that provides flexible, scalable infrastructure with uptime guarantees.

3. Survivability

Given how dependent 21st century organisations are on digital systems, ensuring systems are up and running soon after a natural or man-made disaster is critical to an organisation’s ability to survive and recover.

Identifying vulnerabilities and securing critical systems and processes beforehand assures survivability. If disaster does strike, it’s imperative that there are procedures in place to get critical systems up and running right away. For example, what would happen if an administrator accidentally deleted your database or your server was damaged in a fire? Confirm your applications are hosted on a fully redundant server that replicates your data to a slave server located at least 500 miles away. This allows you to recover to the state of the system immediately before the error.

4. Compliance

The quickening pace of commerce in the Information Age has generated all kinds of risks, which regulatory agencies have been working overtime to guard against. Whether its Sarbanes-Oxley to safeguard against financial shenanigans or GDPR to protect consumer data, the result for businesses is a plethora of regulatory requirements, which inevitably require IT systems to administer. As regulations multiply, so do the chances of a compliance failure, which can cause enterprise-threatening damage from big fines to lawsuits and even criminal prosecutions. 

Just as damaging are failures in governance, where there are no systems in place to keep track of and enforce a company’s own internal policies. A perfect example of this is the public embarrassment Facebook had to deal with during the Cambridge Analytica scandal.

Managing governance and compliance manually is impossible as a practical matter. IT must build automated compliance auditing and monitoring into business processes to mitigate regulatory and compliance risks.

5. Implementation

The Standish Group’s “Chaos Report” asserts that only 29 per cent of IT projects succeed while 19 per cent are considered utter failures. Even more alarming is a McKinsey Insights report that 17 per cent of large IT projects are executed so poorly that they threaten the very existence of the company. There are countless examples of such failures. Mckinsey’s report surveyed 5,400 IT projects which totalled $66 billion in cost overruns. The fiasco almost sunk the Affordable Care Act before it got off the ground. The enrolment portal cost $1.7 billion to build vs. an initial budget of less than $100 million. For the first few weeks after launch, users could not even sign up.

So how do you ensure a successful implementation? While it may not be possible to nail down every detail of a large deployment in advance, it is possible to structure a solid implementation plan with development and deployment milestones that assign responsibility and uncover obstacles well in advance of the point of no return.

Look for a software provider that creates a detailed implementation plan that holds the implementation team on both the customer and its own sides accountable for maintaining budget and schedule discipline. By using a provider with history of success and an unconditional satisfaction guarantee on both software and services, enterprises can avoid implementation risks.

With today’s advancing business technology, IT risk management becomes increasingly important to protect sensitive information, identify threats, and keep critical systems running. Business technology regularly exposes your business to risks that could threaten its reputation, financial position, and overall survival. Fortunately, today’s leading technology can greatly reduce and defend against the risks to operations for enterprises.

Colin Earl, founder and CEO, Agiloft (opens in new tab)

Agiloft CEO and founder, Colin Earl, is a software industry veteran with over 25 years of experience as a developer, product manager, and CIO. Colin worked at IBM, General Electric, and three start-ups before founding Agiloft in 1991. His vision was to accelerate the building and deployment of enterprise business applications by removing the need for manual coding. Under his leadership, Agiloft has achieved this goal, creating a market segment for agile business software.