Partly Cloudy: Outage Raises Resiliency Concerns

By Jeff Weber, Managing Director
Technology Strategy and Operation

 

 

 

Everyone needs a little downtime – critical IT infrastructure, not so much. Security and reliability have long been the two primary enterprise concerns when it comes to the cloud. And while security has been the dominant concern over the past couple of years, recent high-profile cloud outages have brought reliability front and center.

A recent outage affected almost 150,000 sites. In the not so distant, cloud-less past, most companies would have had in-house servers, and the disruption would have been limited and isolated. Included in the outage was an internet messaging and chat service popular among IT professionals, who were quick to notice and spread the word. More importantly, this service enables IT services and communication and impacted organizations in their ability to maintain service levels.

Even companies with on-premise enterprise systems could find themselves unexpectedly cut off from critical services, vendor portals and clients, in the event of a service interruption at a cloud-based communications provider.

Cloud functionality affects virtually everyone. These days, if any company thinks it doesn’t have significant cloud exposure, it needs to think again. Now is the time for companies to be asking themselves whether their risk management framework is robust enough to identify risk exposure they may not have thought about.

The worst time to discover a critical exposure to a cloud outage is…well, always. Protiviti recommends that companies act now to conduct a cloud risk assessment and impact analysis and develop an effective response plan. Key elements include:

  • Conducting a thorough process review to identify any hidden cloud exposures
  • Identifying and prioritizing “crown jewels” – in this case, critical functions that must be protected from disruption
  • Comparing exposures against the company’s risk appetite and establishing a remediation threshold – for example, frequency and duration of outage
  • Creating an awareness of susceptibilities and developing response procedures

Although for many companies this type of exercise is new when it comes to cloud computing, it is essentially the same process they have applied in the past to telecommunications, infrastructure and other “always-on” systems and applications. The chief information officer should lead, or at least be at the table for this discussion, and ensure that the right people are involved in the conversation. Furthermore, the discussion should be conducted in business-relevant terms (risk, effect on operations) rather than IT terms (systems downtime, for example).

Public reaction to cloud outages, to date, has been relatively muted. That is likely to change, and quickly, as connectivity increases and digitization and the Internet of Things transforms existing business models. No one is really shocked that cloud outages happen, but now that they are on the radar, it is important to plan for the occasional yet inevitable “inclement weather.”

IT Innovation: Does Your IT Budget Have Room for It?

By Ed Page, Managing Director
Technology Consulting

 

 

 

infographic-annual-technology-trends-and-benchmark-study-2016-protivitiOne of the budget struggles chief information officers are continually faced with is reducing operating costs to make room for innovation. And while several studies, including our own, show that they have succeeded in bringing down “lights on” expenditures over the past decade or so, in many cases those savings have been absorbed by urgent non-strategic needs, such as compliance and security, too often leaving innovation to languish.

The consequences of failing to innovate are hardly trivial. The emergence of technology-enabled competitors who, unfettered by legacy technology, are able to develop and deploy new products and services faster and more efficiently threatens to leave behind older, more established companies, and especially those that perennially struggle to build innovation into their IT budgets.

I’ve seen this struggle firsthand in talking to our clients, and our recent benchmarking report, based on the responses of almost 400 C-level technology leaders to Protiviti’s 2016 IT Trends Survey, confirms it.

This dichotomy between the strategic and the urgent is evident in the numbers. While more than half of respondents overall (54 percent) said their organizations were undergoing digital transformation driven by the need for new functionality and innovation, virtually all of their top-10 priorities were security or operations oriented. Only 13 percent of the IT budget, on average, was earmarked for innovation or transformation.

In my experience, companies, and IT departments, fund their most urgent needs. Which means that, even though digital transformation is talked about, most companies are still stuck, budget-wise, in a reactive mode, putting out fires — regulatory, operational, and cybersecurity. These are very real pain points, so that’s where budgets are allocated. While there is an aspiration to transform, other priorities often prevent IT departments from getting where they want or need to be.

There is one consistent differentiator between companies that actually innovate in IT versus those that merely talk about it. The difference is that serious innovators make IT transformation part of their strategic plan and rely on it for the success of other strategic goals and objectives. Very often, these firms view themselves as technology companies, even if others might see them as part of another industry. As the CEO of Capital One, Richard Fairbank, once told investors, “We’re going to need to think more like technology companies and maybe a little less like banks.”

In the absence of a clear plan and executive and board buy-in, IT transformation is just another project competing with a lot of other projects for money. Aligned with company goals and objectives, it becomes an enabling force.

Where such strategic alignment can often benefit an established company the most is in modernizing core IT infrastructure. Management of outdated systems, on which everything else depends, is increasingly becoming the dead weight preventing companies from meeting new challenges and customer demands with agility and speed. CIOs and technology leaders are faced with having to invest more time and resources into keeping these systems up, while at the same time trying to squeeze cost reductions out of them without impacting service levels. In fact, responders to our survey pointed to legacy systems and processes as the number one obstacle impeding IT transformation.

The good news is that a small but growing number of organizations are taking the strategic decision to modernize their aging cores to achieve both increased agility and sustained long-term savings in costs and resources. Among respondents from financial services companies, 70 percent said their companies are undergoing digital transformation (16 percent more than the general population) — perhaps because the field, eagerly entered by emerging fintech companies, is even less forgiving, and because innovative IT structures, once implemented, can create significant opportunities where none existed before.

To be sure, transformation is disruptive, and replacing or modernizing core technology can be very expensive. Both of these barriers can be mitigated, however, through careful planning and a phased approach incorporating newer technologies, more modern architecture approaches and more nimble delivery methods, such as cloud technology, microservices, application program interfaces (APIs), and agile product development and software delivery methodologies.

Once again, real priorities are reflected in the budget, and innovation is unlikely to receive a bigger slice of the pie unless it is seen as a strategic, business project first. While cybersecurity, a key expenditure, will continue to command its share of IT resources, there is a case to be made that these resources can also be used more strategically, efficiently and effectively. We will focus on cybersecurity spend and priorities in a follow-up post. Subscribe to our blog to follow the discussion.