Strategy

Conclusion: All organisations need to identify the value of their procurement portfolio. That is, to document and regularly review the portfolio to understand both the criticality of the contracts to business and the triggers that decide whether the technology is meeting the need and when actions need to be put in place to limit the risk to the business in the acquisition process.

With an improved situational awareness of the procurement portfolio, organisations then need to ensure alignment with the business strategy. The alignment can only be achieved with regular independent reviews, and by effective governance processes to ensure that the risk associated with procurement planning is contained.

Conclusion: In the modern world, no organisation has ICT entirely in-sourced. As a result, procurement, contract and vendor management have become strategic processes that allow organisations to align their ICT capability with the business strategy to achieve the desired outcomes, both now and into the future.

It is often the case that effective planning for the procurement of technology capability is compressed or constrained such that procurement is not able to effect ‘big step’ change. Or the commercial approach means the agreement is based on a fixed term, which results in the procurement not being a strategic exercise. More often than not, the procurement delivers constraints that limit the business’s ability to achieve the desired outcomes. These constraints limit the business’s ability to be agile in terms of elasticity, or how well it can respond to disruption in the market.

The technology options to meet business demand are not the same today as they were yesterday, and they will undoubtedly differ tomorrow. The challenge is to ensure ICT procurement is responsive to the business strategy, and that vendors share in the advantage a strategic alliance brings to the business. Procurement needs to be effectively planned and clearly aligned to the business strategy to ensure the strategy is delivered effectively.

This paper is the first in a four-part series on how to ensure procurement meets the business need, gain an understanding of strategic versus tactical procurement, and will define the steps necessary to avoid the pitfalls that cause procurements to under-deliver.

Conclusion: People are and will be using passwords for the foreseeable future despite the numerous efforts underway to dispense with them. Managing them and particularly resetting them are ongoing costs for organisations.

Passwords are also a significant contributor to breaches. They are either captured during credential-grabbing efforts, leaked in a data breach or just too easy to guess.

Yet there are excellent guidelines in existence to assist people to minimise the possibility of passwords being cracked or guessed. Some involve implementing good policies, and most involve making it easier for users to create, remember and use passwords.

Conclusion: The need to see value from an enterprise architecture (EA) framework is essential, if for no other reason than to justify the cost. However, the business benefit of EA is not just the cost. It will also provide reduced risk and improved agility for the business in its use of ICT.

Many organisations struggle with how success or failure of EA should be measured. This paper provides the reader with guidance and advice on what to measure EA against and how that measurement could be presented as a key performance indicator (KPI).

In establishing KPIs for the EA framework your organisation has adopted, both business and ICT will jointly have a better understanding of the value EA brings to the enterprise, and be able to provide governance on the continuous improvement of your EA framework to achieve even better value.

Conclusion: Many organisations have integrated enterprise architecture (EA) into the business processes, whilst many have not. To some, it is a religious argument as to why the ICT group even needs to have people with ‘architect’ in their name; for others, the EA group is the watchdog of the system, ensuring both new capabilities and changes to existing capabilities will be fit for purpose.

Like most things in business, the cost versus benefit analysis to justify why any activity is a priority is essential before committing effort and resources to it. EA should be no different. Organisations should complete a business case assessment to justify why EA is necessary for their business model, and what form it should take.

In doing so, both business and ICT will jointly have a better understanding of the value EA brings to the enterprise, be able to manage expectations on what EA can deliver and judge its effectiveness.

Conclusion: As a result of COVID-19, has the criticality of web presence for your business changed? Is your organisation now exposed to threats and risks that previously were a lower order concern? Are there advantages to be gained in the realignment of the organisation’s web strategy?

IBRS recommends organisations assess the vision statement for its web presence. Once the vision is clear, review the framework for delivery and sustainment, the processes, and the roles and responsibilities for online web services, as a result of the impact of COVID-19. The purpose of the review is to ensure your organisation leverages the strengths and opportunities of the organisation’s online presence resulting from the impact of COVID-19.

Conclusion: The phrase ‘People, Process and Technology’ describes the three key elements of a successful business. Business is the why, People the who, Process the what, and Technology the how. No single element of the trilogy can be seen as more important than the others. However, in the post-COVID-19 world, successful businesses will see that the focus of People has changed – they no longer go to work, work goes to them.

In technology terms, this effectively means that everyone is now the core of the system; the old concept of a core that is controlled from a central hub is now questionable. Post-COVID-19 technology design must allow for each worker to be able to work from any location, able to access information, services and data when necessary, and for each location to have surge capability.

Conclusion: Organisations that are nearing the end of life for their current voice platforms or have a compelling event to hinge the replacement of their voice service, need to review their use of voice before replacing the technology. IBRS recommends organisations look to leverage voice as an application to operationalise the processes within the organisation, and improve customer satisfaction.

Today the newer technology offerings allow your organisation to get a better return from voice. However, the use of these new technologies will impact business processes and offer greater innovation for your customer interaction. It will not be a simple replacement of boxes.

The key is understanding the power of voice. It is now an application driven by smart software. Businesses need to assess their use of voice to determine the cost benefit of the changes in the technology stack now on offer.

Conclusion: A Cloud strategy can take many forms. Whether you select a private Cloud, hybrid Cloud (on-premise with Cloud elements), native Cloud or a multiCloud implementation will impact the framework of your strategy. The success of your strategy will be driven by the motivation your organisation has to elect the move.

If your only motivation is the perceived cost model where you reduce capital in favour of operational expense, and potentially see savings based on usage, you are unlikely to succeed. The need to have a clear business strategy on why Cloud, what opportunities it may bring the business, and how to transition, manage and exit the Cloud is essential to see the true benefits.

Key to a successful strategy is to use an effective framework that allows your organisation to migrate to, operate and govern the engagement, and exit the engagement. A Cloud strategy is a commercial arrangement. Understanding the business benefits of entering into a Cloud contract engagement and being able to measure success factors is equally as important as the selection of providers for functionality and cost. It is important that you step into Cloud with your eyes wide open.

Conclusion: Passwords will continue to be part of the landscape for the foreseeable future. Organisations, driven by the concepts of defence in depth, must implement techniques that enhance the security of the authentication process. Both products and processes can be enabled or added to help secure the creation, use and storage of passwords.

Each of the techniques mentioned can be used on their own to enrich the security. Some or all of them can be combined to further build the security. Most of them have little associated costs apart from deployment and perhaps training, but the cumulative impact on the robustness of the authentication process is significant.