Strategy

IBRSiQ is a database of Client inquiries and is designed to get you talking to our advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.

Conclusion:

Part four in this series of advisories looks at how to improve the disaster recovery (DR) planning maturity of your organisation. The focus of improving maturity in DR planning is to improve your probability of successfully meeting the needs of your business in the event of a disaster. Ensuring your DR plan (DRP) and business continuity planning (BCP) are fully integrated and that all elements of the organisation have a high degree of familiarity with DR processes.

Importantly, your organisation must understand that maturity is both a journey and a target. To maintain the target maturity, your organisation must put in place a number of strategies that will be continually repeated to ensure the target is both met and maintained.

Conclusion:

Low-code is not a novel technology. Rather, it is an evolutionary technology that started as rapid application design (RAD) in the late ’80s, transitioned into business process modelling (BPM) in the 2000s, which then evolved into e-forms in 2010, before finally becoming low-code in 2020.

This evolution has been a meandering path and has spawned a broad ecosystem of solutions, each with unique traits and features that fit specific organisational structures. IBRS has listed key traits of modern low-code platforms to match your organisation’s ecosystem and help streamline the process of shortlisting a platform.

The most important trait of the new low-code platform will be how well it supports the transition from the existing ICT-centric governance model to a new model that must be defined by potential benefits and risks.

Conclusion:

Part three of this four part series looks at how the disaster recovery (DR) plan can be verified. The DR plan is in effect a contingency plan to deal with risk of a disaster. The DR test plan is a validation of the preparedness of the organisation to address these risks.

The need to have a DR plan verified is therefore essential if the contingency is to be effective. Just having a plan in place is not enough to mitigate the risk. The plan must be tested and verified as part of business as usual (BAU) to both increase familiarity with the plan, its standard operating procedures (SOPs) and processes, and most importantly, improve the likelihood of success.

Conclusion:

There is no denying that the incidence and severity of ransomware cyber attacks, both real and fake, are on the rise. Whether the attacks are State-based or purely criminal in nature, organisations need to address their ability to both defend against such attacks and respond appropriately when they occur. The impact of a successful breach can have a high cost in the areas of productivity, reputation and the potential for financial losses. A good defensive posture against cyber attacks will make your organisation a harder nut to crack for the attackers.

Conclusion: 

The need to have a disaster recovery (DR) plan that is understood, agreed, and jointly owned by all elements of the organisation is essential in preparing for a disaster event. An effective DR plan will focus on managing the risk associated with completing a successful restoration and recovery in a time, and to a level of effectiveness, acceptable to business.

To ensure the plan is effective at mitigating the risks associated with completion of restoration and resumption of services after a disaster event; the DR plan must also clearly identify how the plan is to be verified and therefore reduce the risk of not completing a successful disaster recovery.

The key focus of the DR plan must always be about the restoring delivery of business functions. The technical delivery may be from ICT services on-premise, outsourced providers, or Cloud. Regardless of technical delivery to business, the impact of an ICT disaster event needs a verified plan!

Conclusion:

Traditional development practices have been supplanted by the DevOps movement over the past decade. The next evolution is the movement towards DevSecOps where security is integrated across the development lifecycle.

DevSecOps is not just a matter of buying the latest tooling and running the developers through some training. It requires commitment, not just from the technology group as a whole but from the business leaders themselves.

It is as transformative a project for an organisation as is a move from on-premise to Cloud. Poorly managed or even unplanned DevSecOps can have a negative impact on the development capabilities within an organisation.

Conclusion: 

Project management in organisations is commonplace. Reviews are often undertaken at the end of the project to gain insights for future projects. Project reviews completed during the life of a project need to ensure that they are inclusive of appropriate stakeholder groups, and assessment is targeted at the appropriate focus areas. Active and inclusive review and assurance activities need to be well understood and supported within the organisation so that it is not viewed as an exam that needs to be prepared for and passed. Applying reviews and assurance as a process checkpoint only, is ineffective and will not ensure quality project delivery.

Conclusion

With the growth of dependence on ICT for business to perform effectively, many organisations have increased risk associated with the ability of ICT to provide service continuity. ICT downtime means business is negatively impacted. Many organisations believe the DRP is a problem that is ICTs to solve. Whilst ICT will lead the planning and do a lot of the heavy lifting when a disaster occurs, it can only be successful with the assistance and collaboration of its business partners. It will be the business that sets the priorities for restoration and accepts the risk.

Both business and ICT need to be comfortable that the disaster recovery (DR) plan has been verified to ensure a reasonable expectation that recovery will be successful.

Conclusion

Traditionally, vendor lock-in was associated with deliberate vendor-driven outcomes, where software and hardware forced the client to align their business processes to those offered by a specific software or ICT platform. Vendor lock-in often limited the flexibility of organisations to meet business needs as well as increasing costs. As a result, information and communication technology (ICT) was often seen as a limiting factor for business success when agility was needed. Historically, vendor lock-in was therefore seen as a negative. Poor timing, bad decisions and clumsy procurement practices may still see organisations fall into unwanted vendor lock-in situations. But is vendor lock-in always a negative?

The Latest

11 March 2021: Talend, a big data / data integration solutions vendor, has signed an MOU to be acquired by private equity giant Thomas Bravo for US$2.4 billion, representing a nearly 30% premium on its current share price. 

Why it’s Important

Talend has been aggressive with the development of its solutions in the last few years, in particular in the area of managing data quality. During one-on-one briefings with IBRS, the company has demonstrated considerable flexibility in its roadmap and the willingness, and agility, to take cues of the emerging needs of clients.

Conventional wisdom is that once tech firms get subsumed by private equity, innovation declines as business drive turns to ‘rent seeking’ behaviour. This is especially true for funds that have a portfolio of well-established (legacy) technologies. A review of Thomas Bravo’s current and prior investments places Talend in a fund that previously held the likes of Attachmate and Compuware. Attachmate (now owned by Micro Focus) was seen to be aggressive with audits during the period it was owned by Thomas Bravo. On the surface, this could be cause for concern about the future direction of Talend.  

However, there are significant differences. Talend has a growing user base, is positioned in a market segment that is still evolving and has at least a decade of product innovation to come.  

Who’s impacted

  • CIO
  • Business intelligence / big data teams
  • Data management leads
  • Procurement 

What’s Next?

Over the next half-decade, an acquisition of Talend by Thomas Bravo is likely to deliver a continued commitment to market-led innovation. There is enough head-room for the fifteen-year old Talend to continue deploying new capabilities at pace that keeps clients happily buying more services.  

However, as the market for big data management solutions matures - especially shared data catalogues - pressure may start to mount for Talend to refocus on extracting more revenue from clients with proportionally less investment in development. Yes, that is a worst-case scenario, and it is not unique to Talend nor its deal with Thomas Bravo.  

Even so, organisations looking to invest in big data management solutions need to be viewing their investment futures over a decade. Such solutions quickly become fundamental platforms for the business and will be difficult (and expensive) to replace as they become increasingly embedded. Keep the long-term scenario in mind. 

Related IBRS Advisory

  1. Power BI is driving data democratisation: Prepare now
  2. Why investing in data governance makes good business sense
  3. Key lessons from the executive roundtable on data, analytics and business value
  4. Machine learning will displace “extract, transform and load” in business intelligence and data integration
  5. IBRSiQ: Can IBRS provide input into suitable reporting systems using primarily in-system data, but not excluding third party?

Conclusion:

For many years Chief Information Officers (CIOs) have faced endless questions about whether Microsoft (MS) and other suppliers meet the requirements for an enterprise-grade solution. The main components of the office suite (Word, Excel and PowerPoint) and the Windows operating systems for desktops and servers, has been de facto standards for most organisations for many years.

With Microsoft’s success with Azure (Cloud and infrastructure), Dynamics (enterprise resource planning (ERP)), Office 365 (collaborative workplace platform) and the PowerPlatform (analytics and low-code workflow development), MS is now competitive in almost every aspect of the enterprise solution space. Your organisation’s approach to determining the value proposition for any supplier is the same as it has always been – maximum gain with minimum pain. The MS offering in both terms of capabilities, service support and security has matured significantly and now offers a much-improved value proposition that organisations should consider.

The Latest

17 February 2021: At the Learning with Google global event, the Cloud giant announced a slew of new education-oriented features for its education productivity suite. Previously called G Suite for Education, the Google Workspace for Education is now being aggressively commercialised.  

What’s included

The free tier service - now called Google Workspaces for Education Fundamentals, had found strong acceptance in Australia by providing educators and students with collaborative learning capabilities. 

This free tier now has three paid tiers, each with increasing levels of security and manageability. 

  • Standard: Adds security and analytics capabilities. The new features are aimed at improving traceability and providing more nuanced access rights to information.
  • Teaching and Learning Upgrade: Adds features to better manage the classroom experience.
  • Education Plus: Combines all the features of the previous tiers, in addition to extra management capabilities. 

In addition, Google increased the baseline storage capacity for educational institutions to a whopping 100 TB, and added online-learning features to Google Meet.

Why it’s Important

Google and Microsoft are locked in a fierce battle for ‘hearts and minds’ in education. Both vendors know that student’s experiences with their productivity platforms today, will set expectations and habits for the workforce of tomorrow. This battle extends beyond the productivity suite to device, operating systems and ultimately, the entire digital workspace.

By introducing features that have been much in demand by education (especially K12) into commercial tiers, Google is fundamentally changing its stance in this war. In most State K12 and private education systems, Principals have the final say on the extent to which Google or Microsoft is used in classrooms. Often the decision is delegated down to the teachers and often both vendor’s offerings sit side by side.

Google’s evolving commercial stance means that this can no longer be the case. Given the total national cost (as ultimate schools are funded through State and Federal funds) educational policy setters now need to consider taking a side in the battle. 

Who’s impacted

  • Educational policy makers
  • CIOs
  • Educational ICT strategy leads 
  • Principals and senior leadership of higher education institutions
  • Digital workspace teams

What’s Next?

Stakeholders within education need to immediately begin the laborious task of evaluating Google’s and Microsoft’s offerings, not just from the perspective of current offerings, but from their likely future directions. While the need to rationalise to one platform today may not be a burning priority, the need will increase over the next decade.

Stakeholders outside of education should monitor the decisions of education networks, as the platforms they select will impact new staff expectations and work habits. 

Related IBRS Advisory

  1. Dr Sweeney on the Post-COVID Lessons for Education (Video Interview)
  2. Kids, Education and The Future of Work with Dr Joseph Sweeney - Potential Psychology - 25 July 2018
  3. Higher Education Technology Future State Vision
  4. BYOD in Education: A report for Australia and New Zealand

Conclusion:

COVID-19 has presented a number of challenges for business and the underlying Information and Communication Technology (ICT) in particular. These challenges have presented both as crisis and opportunity but all have been compelling events. To paraphrase Winston Churchill, ‘never let a good crisis go to waste’. In each case, this will only be possible when the lessons learned are properly investigated and documented, allowing evidence-based decisions to ensure organisations improve the way business is done.

The COVID-19 pandemic has resulted in many changes to the way business is done, how employees contribute, and how customers interact. Taking the time to evaluate performance, document the lessons learned, and to improve your business decision processes is invaluable. Applying the technical and business lessons learned from the period of this pandemic will add value for many years to come. It will allow your organisation to reinforce successes, avoid possible errors, and potentially improve its position in the marketplace.

Conclusion: Credential theft is still one of the prime means of attacking systems. Dictionaries of passwords are readily available (many with millions of passwords). These allow attackers to perform credential stuffing attacks – often successfully.

Eliminating passwords has been difficult in the past. However, the consensus amongst vendors of both software and hardware is to bring to market methods of achieving authentication without passwords. The ubiquity of mobile devices with touch or facial authentication is one prime element.

This is a necessary evolution of authentication.

Conclusion: It is no longer viable for telecommunication providers to simply offer Session Initiation Protocol (SIP) trunks for voice connectivity or Multi-Protocol Label Switching (MPLS) links to connect office and data centre locations. Nor does it make good business sense for the telco or for the customer.

The modern architectures of Cloud and Software-as-a-Service (SaaS), mixed with the need to maintain on-premise for critical elements are key components that support most digital strategies. Using older telecommunications architectures with fixed connections and physical infrastructure for routing and switching can be costly, and can stifle agility and therefore productivity.

However, modern telecommunication architectures bring an ability to virtualise connections and network switching. The abstraction of these capabilities allows dynamic management of the services providing substantial agility, as well as potential productivity gains and cost savings to the customer.

Conclusion: In today’s marketplace, a successful business needs to position itself strategically to be a leader in the market by either delivering services better and cheaper than the competition, or by disrupting the status quo to deliver services in a different way that empowers the consumer. To achieve this, organisations need to ensure their procurement plans are aligned with the business strategy and, where appropriate, identify in the ICT sphere where procurement is important strategically.

Organisations therefore need to identify the value a supply chain delivers to the business strategy. In doing so, the executive needs to understand the procurement activities that provide an advantage to the business in the marketplace, and which procurements may lead to a broader alliance with the supplier where mutual gain is possible to all parties involved.

Conclusion: All organisations need to identify the value of their procurement portfolio. That is, to document and regularly review the portfolio to understand both the criticality of the contracts to business and the triggers that decide whether the technology is meeting the need and when actions need to be put in place to limit the risk to the business in the acquisition process.

With an improved situational awareness of the procurement portfolio, organisations then need to ensure alignment with the business strategy. The alignment can only be achieved with regular independent reviews, and by effective governance processes to ensure that the risk associated with procurement planning is contained.

Conclusion: Passwords will continue to be part of the landscape for the foreseeable future. Organisations, driven by the concepts of defence in depth, must implement techniques that enhance the security of the authentication process. Both products and processes can be enabled or added to help secure the creation, use and storage of passwords.

Each of the techniques mentioned can be used on their own to enrich the security. Some or all of them can be combined to further build the security. Most of them have little associated costs apart from deployment and perhaps training, but the cumulative impact on the robustness of the authentication process is significant.

Conclusion: People are and will be using passwords for the foreseeable future despite the numerous efforts underway to dispense with them. Managing them and particularly resetting them are ongoing costs for organisations.

Passwords are also a significant contributor to breaches. They are either captured during credential-grabbing efforts, leaked in a data breach or just too easy to guess.

Yet there are excellent guidelines in existence to assist people to minimise the possibility of passwords being cracked or guessed. Some involve implementing good policies, and most involve making it easier for users to create, remember and use passwords.

Conclusion: In the modern world, no organisation has ICT entirely in-sourced. As a result, procurement, contract and vendor management have become strategic processes that allow organisations to align their ICT capability with the business strategy to achieve the desired outcomes, both now and into the future.

It is often the case that effective planning for the procurement of technology capability is compressed or constrained such that procurement is not able to effect ‘big step’ change. Or the commercial approach means the agreement is based on a fixed term, which results in the procurement not being a strategic exercise. More often than not, the procurement delivers constraints that limit the business’s ability to achieve the desired outcomes. These constraints limit the business’s ability to be agile in terms of elasticity, or how well it can respond to disruption in the market.

The technology options to meet business demand are not the same today as they were yesterday, and they will undoubtedly differ tomorrow. The challenge is to ensure ICT procurement is responsive to the business strategy, and that vendors share in the advantage a strategic alliance brings to the business. Procurement needs to be effectively planned and clearly aligned to the business strategy to ensure the strategy is delivered effectively.

This paper is the first in a four-part series on how to ensure procurement meets the business need, gain an understanding of strategic versus tactical procurement, and will define the steps necessary to avoid the pitfalls that cause procurements to under-deliver.

Conclusion: The need to see value from an enterprise architecture (EA) framework is essential, if for no other reason than to justify the cost. However, the business benefit of EA is not just the cost. It will also provide reduced risk and improved agility for the business in its use of ICT.

Many organisations struggle with how success or failure of EA should be measured. This paper provides the reader with guidance and advice on what to measure EA against and how that measurement could be presented as a key performance indicator (KPI).

In establishing KPIs for the EA framework your organisation has adopted, both business and ICT will jointly have a better understanding of the value EA brings to the enterprise, and be able to provide governance on the continuous improvement of your EA framework to achieve even better value.

Conclusion: Many organisations have integrated enterprise architecture (EA) into the business processes, whilst many have not. To some, it is a religious argument as to why the ICT group even needs to have people with ‘architect’ in their name; for others, the EA group is the watchdog of the system, ensuring both new capabilities and changes to existing capabilities will be fit for purpose.

Like most things in business, the cost versus benefit analysis to justify why any activity is a priority is essential before committing effort and resources to it. EA should be no different. Organisations should complete a business case assessment to justify why EA is necessary for their business model, and what form it should take.

In doing so, both business and ICT will jointly have a better understanding of the value EA brings to the enterprise, be able to manage expectations on what EA can deliver and judge its effectiveness.

Conclusion: As a result of COVID-19, has the criticality of web presence for your business changed? Is your organisation now exposed to threats and risks that previously were a lower order concern? Are there advantages to be gained in the realignment of the organisation’s web strategy?

IBRS recommends organisations assess the vision statement for its web presence. Once the vision is clear, review the framework for delivery and sustainment, the processes, and the roles and responsibilities for online web services, as a result of the impact of COVID-19. The purpose of the review is to ensure your organisation leverages the strengths and opportunities of the organisation’s online presence resulting from the impact of COVID-19.

Conclusion: The phrase ‘People, Process and Technology’ describes the three key elements of a successful business. Business is the why, People the who, Process the what, and Technology the how. No single element of the trilogy can be seen as more important than the others. However, in the post-COVID-19 world, successful businesses will see that the focus of People has changed – they no longer go to work, work goes to them.

In technology terms, this effectively means that everyone is now the core of the system; the old concept of a core that is controlled from a central hub is now questionable. Post-COVID-19 technology design must allow for each worker to be able to work from any location, able to access information, services and data when necessary, and for each location to have surge capability.

Conclusion: Organisations that are nearing the end of life for their current voice platforms or have a compelling event to hinge the replacement of their voice service, need to review their use of voice before replacing the technology. IBRS recommends organisations look to leverage voice as an application to operationalise the processes within the organisation, and improve customer satisfaction.

Today the newer technology offerings allow your organisation to get a better return from voice. However, the use of these new technologies will impact business processes and offer greater innovation for your customer interaction. It will not be a simple replacement of boxes.

The key is understanding the power of voice. It is now an application driven by smart software. Businesses need to assess their use of voice to determine the cost benefit of the changes in the technology stack now on offer.

Conclusion: A Cloud strategy can take many forms. Whether you select a private Cloud, hybrid Cloud (on-premise with Cloud elements), native Cloud or a multiCloud implementation will impact the framework of your strategy. The success of your strategy will be driven by the motivation your organisation has to elect the move.

If your only motivation is the perceived cost model where you reduce capital in favour of operational expense, and potentially see savings based on usage, you are unlikely to succeed. The need to have a clear business strategy on why Cloud, what opportunities it may bring the business, and how to transition, manage and exit the Cloud is essential to see the true benefits.

Key to a successful strategy is to use an effective framework that allows your organisation to migrate to, operate and govern the engagement, and exit the engagement. A Cloud strategy is a commercial arrangement. Understanding the business benefits of entering into a Cloud contract engagement and being able to measure success factors is equally as important as the selection of providers for functionality and cost. It is important that you step into Cloud with your eyes wide open.