Conclusion: Being Cloud-based, Microsoft’s Office 365 includes features that would traditionally be considered backup. According to the Microsoft Office Trust Center, Microsoft establishes itself as a data processor with a primary focus on data privacy and management. It is not responsible for compliance or backup, but reliability and availability. As a result, Microsoft may not be able to provide security and protection to data in a way that meets an organisation’s compliance requirements.

Read more ...

Conclusion: Covid-19 has already had severe global impacts even though the total impact is yet to be fully dimensioned. Further restrictions are foreseen in Australia. Its implications will be long term and disrupt the way we conduct business in future and the way we interact socially and a ‘new normal’ will emerge. No business will be immune and during this dislocation both challenges and opportunities will arise.

At IBRS we believe that it is critical to take the long view on how the crisis will evolve and be prepared for the waves of change which will follow.

Download your COVID-19 Survival Kit Covid-19-Survival-Kit.pdf

Is your Working From Home Policy causing you grief?

Most organisations’ Working From Home policies are created under the assumption that people would be seeking permission to remote work. As a result, they focus on things that are simply not applicable to, or even blockers for, mandated working from home and self-isolation. 

Worse, many policies have clauses that are impossible to enforce during this pandemic, go against government recommendations and potentially open the organisation up for workplace challenges. At the very least, older WHF policies can confuse and worry staff.

To help, IBRS has created a template for a simple, practical WHF policy, written in staff-friendly language. You can quickly customise and download this policy template as a Microsoft Word file.

Click here to create your Working From Home Policy template

 

IBRS workforce transformation advisor Joseph Sweeney said many government departments had to navigate difficult IT environments that were only part-way through their digital transformations, with some systems in the cloud, and other legacy software still on premise.

Full Story.

With the outbreak and continued spread of the recent Coranavirus, or COVID-19, your business continuity plan (BCP) may need to be put in motion.

IBRS has created the Business Continuity Planning: Pandemic Scenario template to test your BCP using the potential COVID-19 pandemic.

Download and use this template to ensure your organisation is well prepared.

Read more ...

"There is more security work to go round than there are resources. So I don't think the market is that crowded. It's important to remember that security is not something you buy and then it's done; it is an ongoing evolution within any organisation and requires constant care and feeding," IBRS adviser Peter Sandilands said.

"The big four has done a lot of their security work using fresh grads. They can use the tools but don't necessarily understand the real world implications."

Full Story.

NewsIBRS advisor Dr Joseph Sweeney has been tracking the three major Cloud vendors capabilities in AI and said Google is right to believe it has an edge over AWS and Microsoft when it comes to corpus (the data that 'feeds' certain AI applications) and also in AI application infrastructure cost and performance. However, he said this advantage was not materialising into significant gains in the Australian market.

Full Story.

Conclusion: This month has seen a surge in merger and acquisition transactions, and discussions regarding the increased level of acquisitions in the past year. A growing trend of private equity firms investing in service providers was also flagged. This represents a shift in the market, as vendors become more established, profitable and more attractive to private equity investors. The opportunity to drive greater profitability, and demand for specialised technologies and services, also act as incentives for investment and provide vendors with resources to develop and offer a wide range of targeted, high-quality services to their customers.

Read more ...

Conclusion: Once a project is in trouble and the first response of escalation of commitment in terms of allocating time, budget and resources in an attempt to recover the project has not been successful, the project can be considered as not just troubled but in real crisis. Recognition of a project in crisis is the first step to recovery and often the most difficult. Next steps involve putting the project into triage and preparing the project for the detailed assessment phase which provides critical information, options and the potential important decision to kill the project or recover.

Read more ...

Conclusion: The increased proliferation of critical digital services has resulted in ransomware attacks becoming one of hackers’ means to make money. As a consequence, many organisations have become the victims of such attacks. IT organisations should implement a full recovery strategy to restore IT services in the event of ransomware attacks. The recovery strategy should become an integral part of the disaster recovery plan. This will raise business stakeholders’ trust in the service security and reduce the spread of this type of IT organised crime.

Read more ...

Conclusion: A Cloud strategy can take many forms. Whether you select a private Cloud, hybrid Cloud (on-premise with Cloud elements), native Cloud or a multiCloud implementation will impact the framework of your strategy. The success of your strategy will be driven by the motivation your organisation has to elect the move.

If your only motivation is the perceived cost model where you reduce capital in favour of operational expense, and potentially see savings based on usage, you are unlikely to succeed. The need to have a clear business strategy on why Cloud, what opportunities it may bring the business, and how to transition, manage and exit the Cloud is essential to see the true benefits.

Key to a successful strategy is to use an effective framework that allows your organisation to migrate to, operate and govern the engagement, and exit the engagement. A Cloud strategy is a commercial arrangement. Understanding the business benefits of entering into a Cloud contract engagement and being able to measure success factors is equally as important as the selection of providers for functionality and cost. It is important that you step into Cloud with your eyes wide open.

Read more ...

Conclusion: Starting as a Melbourne-based SharePoint plug-in for forms creation solution, Nintex1 has grown into a Cloud-based process and workflow automation platform. In the last 18 months, Nintex has leveraged acquisitions of process mapping and robotics automation technologies to expand its offerings. The Nintex platform can now identify, visualise, manage and automate processes, placing it in competition with traditional business process modelling vendors. The firm has reconfigured its sales and marketing to focus on the market for enterprise optimisation – a market traditionally held by the likes of Pegasystems, IBM, Appian and Oracle. IBRS believes that Nintex now has the critical components of a pragmatic, Cloud-based business automation suite. Nintex should no longer be viewed as a niche workflow vendor for Microsoft solutions but should be considered along with other competitive mainstream business process automation solutions such as Red Hat, TIBCO Software, Software AG and K2.

Read more ...

Being prepared: IBRS has created a BCP checklist to help you create and/or update your business continuity plan.

This diagram is to be used in the following ways:

  • A checklist to ensure all BCP steps have been actioned and/or updated as required
  • An easy reminder to update key supporting documents to the BCP to remain current which include:
    • Enterprise risk frameworks
    • Business impact analysis documents
    • Evacuation and lockdown procedures
    • Recovery plans and testing of these plans
    • IT disaster recovery plans
    • Communication plans
    • Regular executive reporting

Read more ...

Conclusion: Cyber security is now one of the top priorities in many organisations. With an ever-increasing number of cyber-related incidents, cyber security risk has evolved from a technical risk to being regarded as a strategic enterprise risk. The role of the Chief Information Security Officer (CISO) has traditionally required strong technology skills to protect the organisation from security incidents. With boards and executives now requiring executive-level cyber leadership and accountability, the role of the CISO must evolve beyond the traditional technology domain to also encompass strategy, stewardship and compliance as well as being a trusted business advisor.

Read more ...

Conclusion: As Australia’s use of consultancy services continues to grow, so too does the need for businesses to obtain value from these engagements quickly and effectively. Key to obtaining this value is the organisation’s ability to easily and rapidly provide consultants and contractors with the specific context of your business, your customers and your unique challenges.

By providing the organisational context quickly, you can mitigate time, scope and budget creep, improve the quality of outputs developed by consultants and ensure that consequent plans are actionable and genuinely valuable for your business.

However, the ability to provide the needed organisational context quickly and effectively to consultants remains a common organisational challenge, and therefore a pitfall for successful vendor engagement. This paper covers how you can overcome this pitfall.

Read more ...

Conclusion: While there is no perfect approach to restructuring an IT services department, there are fundamental principles (set out below) that must be followed, to get it right first time. If these principles are not followed, staff resistance to the changes proposed could impact staff morale.

Read more ...

Conclusions: Patching systems is regularly touted as the panacea for security breaches, yet many organisations continue to struggle with that seemingly simple process. There is obviously more to the problem than just buying and deploying a patch management system.

Most organisations are well-intentioned; it is not that they do not want to patch. As one delves deeper into the tasks around patching, it soon becomes clear that many unintentional, and some intentional, roadblocks exist in almost every organisation.

This note attempts to sort through some of those roadblocks and offer some approaches to diminish their impact. Some resources are identified to help with the design and build of a patch service. There is a real dearth of well-structured information around the patching process overall.

Read more ...

Conclusion: Choosing to simplify the SAP migration project by removing irrelevant KPIs could increase adoption. This is the common thread for organisations that have successfully undertaken the SAP migration from on-premise to the Cloud.

Choosing an SAP certified practitioner with S/4HANA migration expertise helps reduce migration risk and enables a simpler migration strategy. SAP design for the S/4HANA suite replaces the extensive tables structures of the ECC series with a new digital core, in memory processing and reduces data storage costs.

Project risk can be minimised by considering these during the planning stage:

  1. An experienced SAP S/4HANA project team.
  2. Fully engaged executive sponsors and users.
  3. Early user engagement and user training.
  4. Allow testing to increase user confidence and reduce fear of data loss.
  5. Not underestimating the impact organisational issues will have on the project timeline.

Read more ...

Conclusion: Pandemic planning is a strategic approach to business continuity that anticipates and prepares for a widespread outbreak of an infectious disease.

Business continuity planning can have an over-emphasis on short-term technology platforms failing, but as part of business continuity planning consideration needs to be given to the potential risk of an outbreak of a disease that could spread and may not be resolved quickly. The time of risk may go over several months or longer. Some forecasts for the coronavirus speculate it could take 12 to 18 months to come up with a vaccine.

The impact and planning needs to consider both internal and external factors; that is, how the pandemic event may impact employees and the organisation’s ability to keep its business operating. External factors will include the impact of the pandemic event on external service providers, suppliers and customers.

Read more ...

IBRSiQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.

Read more ...

Peter Sandilands, an advisor at analyst firm IBRS, called the discussion paper “a pre-judged survey” that is mostly looking for answers. He also questioned if the resulting recommendations would be published for review and commentary: “Is this window dressing, or are they going to do something out of this?”

The Australian government is charting its next cyber security strategy following an earlier A$230m blueprint laid out in 2016 to foster a safer cyber space for Australians.

In a discussion paper on Australia’s 2020 cyber security strategy, which is being led by an industry panel, minister for home affairs Peter Dutton said despite making strong progress against the goals set in 2016, the threat environment has changed significantly.

Full Story

 

IBRSiQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.

Read more ...

IBRSiQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.

Read more ...

Conclusion: This month, security issues that concern businesses have been prominent. In particular, high profile security incidents in 2019 have resulted in a greater awareness of challenges faced by vendors and businesses when preparing for and responding to security concerns. One particular vulnerability flagged is that security initiatives and responses have trouble keeping step with new threats, technologies and security frameworks. It is necessary for both vendors and customers to view security as part of a framework that can adapt to change quickly, and accommodate challenges that arise with highly unexpected variables. Security specialists and frameworks can provide a good basis for strategies and response measures, but the capacity to recognise and respond to unforeseen incidents and threats is also critical.

Read more ...

Conclusion: Australian organisations must have strong disaster recovery plans, be it for natural disasters or man-made disasters. The plans need to deal with the protection and recovery of facilities, IT systems and equipment. It is also critical that the plan deals with the human side of the impact of a disaster on the workforce. What planning needs to be done, what testing will be done, what will happen during a disaster and what needs to be done after a disaster?

This planning can be complex and confronting. Whilst testing the failover of IT systems can be relatively straightforward, testing the effectiveness of the workforce side of a plan will be difficult, and may even disturb employees who may prefer to think “surely it will never happen to us”.

Read more ...

Conclusion: As detailed in part one of this pair of notes, the Australian Signals Directorate’s Essential Eight (E8) are detailed technical recommendations for securing an information infrastructure. Implementing them has been touted as being effective against over 85 % of potential attacks. It is hard to ignore that benefit to an organisation’s security stance.

The first note went on to highlight the real-world implications of attempting to implement the E8; in particular, listing the prerequisites for the implementation. Each of the E8 assumes that an organisation has in place the underlying capabilities and information that provide the supporting base for each element of the E8.

While at first glance that appears to put a negative connotation on deploying the E8, in many ways it points to some basic processes and capabilities that any organisation should have in place to use its information infrastructure effectively. This note will explore those implications. It will help any organisation build the basics of an effective security regime.

Read more ...

Conclusion: Two key supporting artefacts in the creation of pragmatic incident response plans are the incident response action flow chart and the severity assessment table. Take time to develop, verify and test these artefacts and they will be greatly appreciated in aiding an orderly and efficient invoking of the DRP/BCP and restoration activities.

Read more ...

Conclusion: Cyber security and data privacy are currently hot topics at both executive and board levels and security incidents feature in the media on an almost weekly basis. CIOs and executive teams will face increasing scrutiny from their boards with a focus on accountability, risk assessment, reporting and organisational resilience to cyber incidents. Boards are genuinely grappling with how to assess risks and how to ensure that the organisation is sufficiently well prepared to protect and respond appropriately to security incidents, within budget and resource constraints. CIOs and CISOs have a unique opportunity to engage with boards and provide the leadership that is expected, as the move to digital accelerates. In this note we highlight the recent trends and outline some of the key recommendations to practical steps to strengthen your organisation’s ability to protect itself holistically from cyber and data loss risks.

Read more ...

Conclusion: The entering of a strategic partnership with a client or prospect by a major vendor, e. g. more than $50k paid p. a., is aimed at convincing them that mutual benefits such as helping them gain a competitive advantage or achieving major cost reductions, will accrue. When pressed on the likely benefits to the vendor, and assuming no financial equity is involved, one tactic some vendors use is to propose participation in a prestigious early software support program to jointly enhance their market image.

Read more ...

Conclusion: Many organisations are interested in next-generation office space designs that leverage technology to promote collaboration and workforce transformation. Leaders in this field incorporate a human-centric approach. However, environmental factors in designing next-generation workspaces are also considered. Workplaces are the intersection between people and place, and both must be considered to enhance productivity.

In 2019, IBRS conducted an extensive study into transformative workplace designs and interviewed Australian organisations that have been successful when implementing next-generation workspaces. IBRS identified common traits for success. This paper details the environmental (built space) aspects of designing a next-generation workplace.

Read more ...

Conclusion: Digital transformation is more than another software development stream to replace legacy systems by mobile applications. Digital transformation includes building a new IT capability that can improve the business bottom line. It requires increasing business performance, reducing the cost of doing business and mitigating business risks in a cost-effective manner. To support digital transformation, IT value management capabilities should be established on the following building blocks:

  • Value creation – Define and create the desired IT value needed by business lines. The IT value is a combination of services and technologies capabilities.
  • Value measurement – Measure the IT value contribution to digital transformation.
  • Value communication – Communicate the IT value contribution to business stakeholders, ensure that their expectations are met and re-adjusted (if needed) to address the business and market emerging imperatives.

Read more ...

Conclusion: A digital strategy and the need for organisations to undertake numerous projects to achieve digital transformation have become the new norm. Digital strategies often require organisations to complete major transformation projects to deliver the outcomes required of the strategy. However, a digital strategy is not just about technology, it is a holistic strategy that involves change across the business processes, to improve both the organisation’s bottom line and the customer experience.

The considerations you must address in development of your digital strategy are much broader than just technology, or indeed just internal business processes or people skills. A digital strategy is about running the business in a smarter, more efficient and effective way, which allows customers improved and faster access to products and services.

For a digital strategy to deliver the best outcomes for the organisation, the customer experience must be the key consideration. Only from the customer’s perspective can the considerations of people, process and technology be best achieved.

Read more ...

Conclusion: When projects start to show early signs that they may be in trouble, it is easy to have a knee-jerk reaction and address the most visible symptom. However, it is critical that CIOs and business executives (project board chairs and project sponsors) understand that early recognition and intervention is often less painful, less costly and less damaging for the organisation.

Read more ...

Conclusion: This month, regulatory frameworks for the ICT industry and their interaction with IT businesses and customers have been prominent. The private sector has been more vocal about the need for government involvement and the government has been searching for industry input in areas of interest. Areas that are vulnerable and require government protocols and standards, as well as regulations, must be flagged. In addition, frameworks that may have negative impacts on local industry or global trade efforts if other market standards conflict must also be considered. It is critical that vendors, agencies and advocacy groups work together when setting frameworks in order to produce new and better business outcomes, as well as support government regulatory functions.

Read more ...

Conclusion: Not knowing where an organisation’s business-critical data is located, and its quality, can lead to many frustrating efforts to respond to management queries. When the converse is true and IT management can respond quickly to queries, say, at a board meeting or in an FOI (freedom of information) request, it enhances confidence in the quality of management of IT generally.

Read more ...

Conclusion: Recognition of revenue and recording of objectively verifiable historical costs are the foundation of globally accepted accounting practices. These practices in turn provide transparency and consistency of reporting to improve the confidence with which enterprises conduct business and undertake trade, nationally as well as internationally.

Unfortunately, many enterprise architectures lack models that address this most critical of elements within an organisation. This absence of cost analysis means the recommendations from enterprise architects (EAs) can lack business credibility, rely on subjective assessments or are stymied by biases, cultural drag and ignorance of the true cost of the technology portfolio. Therefore, EAs must present business leaders with analysis from enterprise architecture (EA) that not only contains cost based on basic accounting practices, but also employs other important economic models, analysis and reporting techniques such as total cost of ownership, activity-based costing and technical debt.

Read more ...

Conclusion: To support the changing workforce, businesses should look at adapting transformative workplace designs to maximise productivity and collaborative efforts. Early adopters of modern workplace designs have tried a variety of approaches in an effort to provide tangible improvements to staff productivity. Unfortunately, in many cases, the high hopes for innovative office designs resulted in the opposite – workplaces that confused, frustrated and distracted staff. IBRS conducted an extensive study into transformative workplace designs and interviewed Australian organisations that have been successful when implementing next-generation workplaces. IBRS identified common traits for success. In this paper, we detail the human aspects of designing a next-generation workplace.

Read more ...

Conclusion: The Essential Eight from the Australian Signals Directorate constitutes a recommended set of strategies to reduce the risk of cyber intrusion. They are said to prevent up to 85% of potential attacks. They are certainly worth assessing as a strategy to apply as an organisation plans out its security strategy.

However, while they may seem simple at first glance, the prerequisites for their implementation are far reaching. These add significant cost and effort to any attempt to take advantage of the E8. In fact, the effort and planning can easily exceed the effort in seemingly just doing the E8.

This will be a two-part article. The first part will explain the question at hand and describe the premise being explored. The second part will work through the implications for an organisation and list the strategies to deal with them.

Read more ...

Conclusion: Most organisations across Australia have implemented project management methodologies to support successful project outcomes in a consistent manner. Project boards exist to provide support for project managers and advocate the business change that is being created by the project. An important role of the project board is to have oversight of progress and to ensure execution is advancing as expected. However, many project boards accept project status updates that include only lagging indicators and play a passive role in project oversight. Project indicators should include both lagging and leading indicators and project boards need to actively review and probe these areas to assess progress and identify early indicators that issues are emerging. Project difficulties often start in the blind spots and can be avoided.

Read more ...

Conclusion: There are many benefits in taking a break during the holidays that go beyond just recharging the batteries. However, along with the seemingly obvious benefits, there are also some traps for the unwary. On the flip side, there are some benefits to working in the office during the quieter periods, so take time to prepare and plan for the holiday period: develop sound strategies for all staff and above all, be authentic with setting expectations.

Read more ...

Subscribe

Want to get the latest papers from all our advisors? Subscribe, and we'll send you the information you need.

Invalid Input
Please enter a valid email address
Invalid Input
Please enter your mobile phone number
Invalid Input