Summary: As we start a new year, it helps to reflect on (and learn from) the past year. In this article, we take a look at the past year from an IT leader perspective. What are the most important lessons that IT leaders and CIOs learned (or should have learned) in 2017? What important takeaways from the last 12 months will help you succeed in the coming year? We answer those questions (and more) in this article.
Thomas Edison is famously quoted as saying, “I have not failed. I just found 10,000 ways that won’t work.”
It’s a great mentality. Instead of dwelling on mistakes, he learned from them. It’s a trait that many successful people have in common. They learn from past mistakes and improve.
So, what can you learn from the past? As we’re still in the early days of 2018, let’s take a moment to reflect on the past year. What lessons can you learn? What key takeaways from last year will help you succeed this year?
Today, let’s explore this topic from an IT leader/CIO perspective. What lessons did CIOs learn in the last year, which will help them succeed this year? We’ll cover the first 5 lessons in this article, and follow up with the remainder in a future article. Sound good? Okay, here are 5 lessons that CIOs and IT Leaders should take away from last year.
Lesson #1: Cybersecurity needs a larger portion of your IT budget (and focus)
Last year saw many high-profile breaches. From Equifax to Yahoo to the leaked NSA tools that led to the WannaCry ransomware, it seems like no one was safe.
“In 2017, the number of cyber-incidents DOUBLED,” says Robert Douglas, President of PlanetMagpie IT Consulting.
Not only are security breaches becoming more prevalent, they’re expensive. The 2017 Ponemon “Cost of Data Breach Study” found that the average cost of a data breach is $3.62 million. This accounts for all aspects of a data breach, including negative press, data recovery, fixing the problem, etc…
The problem is, most companies are woefully underprepared. An IBM study finds that 68% of companies aren’t ready for cyber attacks. Why? For some it’s ignorance. For others it’s resources. Others simply don’t think it will happen to them.
What can we learn from last year’s security incidents? Prepare for the worst. Dedicate more of your IT budget to cybersecurity.
“Going into 2018, it’s now a necessity to devote a larger portion of IT budgets to network security expenses,” explains Douglas. “At a minimum, every company needs front-end and end-point protection, timely patching, content filtering, cloud backups, employee cybersecurity training, and routine network penetration testing and analysis.”
Now, one more point that needs mentioning: While dedicating more of your budget to security is important, understanding your current security capabilities is equally important. Many businesses lack the security expertise in-house to properly protect themselves. In these cases, consider bringing in security experts to help you get set up.
“Smaller IT staffs have long done all the work on their network, sometimes putting network security at lowest priority,” explains Douglas. “In fact, most IT technicians rarely work on network gear. To protect against network penetrations, even in small environments, doing your own security work is unwise. Just like most people can’t service their own car anymore without diagnostic computers, IT Departments should employ network security experts to set up, manage and test their networks.”
Lesson #2: The best CIOs challenge the status quo
We’re living in a time of rapid technological change. New tools and technologies are constantly emerging. Entire industries are being disrupted. You don’t have to look very hard to find lists of companies that have recently disappeared.
How can your company avoid this fate. It starts with agility. This article over on Forbes sums things up nicely: “In today’s market, not only is change happening quickly, it’s forcing businesses themselves to change quickly. It’s a constant flow of innovation, disruption — and sometimes chaos — that is moving us ahead, even faster than we ever imagined. Many say agility is the key to surviving in the age of technological hairpin turns. In fact, 68% of companies identify agility as one of their most important initiatives.”
What’s one of the biggest enemies of agility? The status quo. In today’s rapidly changing world, this is one of the most dangerous places you can be. This mentality resists change. It keeps outdated processes and tools around because “We’ve always done it that way,” or “That’s just how things work around here.”
More importantly, it keeps your business stuck in the past while your competition moves forward.
The most successful CIOs are those that challenge this way of thinking. They must constantly ask “Why are we doing this?” and “Is there a better way?” They must challenge existing processes, tools, and roles.
One example: The role of the IT department. For many businesses, the IT department is still viewed as a back-office function. It’s more of a necessity to keep the business running. These days, that outdated way of thinking needs to be addressed. As explained below, the modern IT department must be viewed as a business driver.
“IT is often viewed as the framework or structure of a business,” says Matthew Anderson, IT Development and Applications Director at Pearson Frank. “For us, IT is using the latest technologies to help streamline our business processes and performance which means we can work more efficiently, more effectively, and smarter. Ultimately, this allows us to better focus on the needs of our customers.”
Lesson #3: The line of business can take on some work
In 2017, we saw an increased need for speed. As technology plays a larger role in organizations, business users demand solutions faster than ever. They expect new applications–from reports, to mobile apps, to portals, and everything in between–right away.
The problem: IT departments are already overworked and understaffed. They’re struggling to meet the growing demand.
At a recent Application Strategies & Solutions Summit, Gartner shared a surprising statistic: “Through 2021 market demand for app development will grow at least 5x faster that IT capacity to deliver it.”
How are CIO’s and IT Leaders dealing with this increased demand? Over the past year, we’ve seen self-service platforms really take hold in the enterprise. More and more, IT departments supply end users with controlled, self-service platforms. These tools give IT control data and user access, while giving end users the ability to create their own solutions.
Gartner sums up the trend nicely in this report: “Today, the trend toward citizen development is accelerating in organizations of all types and sizes. Most are finding that citizen development projects can reduce IT workloads when managed appropriately; for example, citizen development projects that meet a ‘sweet spot’ for deployments can streamline the IT effort and enable corporate IT resources to focus on critical success factors rather than on small, and less business-critical, projects. Citizen development also enables IT to focus on moving ‘big rocks,’ rather than juggling ‘small pebbles.’”
Going forward, the lesson is clear: If IT departments are going to play an increased role in the business, they must move some development tasks over to the end users. With the growing demand and rise of simple, self-service platforms, this is a trend of the future.
“Given the rapid adoption of “no-code” development tools, we saw many IT leaders “hand off” mobile app development to the line of business,” says Patricia Oswalt, SVP, MobileFrame. “Seeing as how they’re driving the requirements and often want bespoke solutions that preclude the use of off-the-shelf-software, the line of business “wants what they want”. No-code tools let them build accordingly, without the need for inefficient back and forths with internal dev shops. Many of these tools are powerful enough, that if/when IT is asked to assume ownership, they can easily pick it up and continue to evolve the applications. This “citizen developer” approach is helping to alleviate the burden on technical staff to meet aggressive timelines and large project volume, while simultaneously fulfilling the demands of the LOB.”
Lesson #4: Faster patching can keep you out of the headlines
They say any press is good press, but I’ll bet companies that experienced a data breach last year would beg to differ. No CIO or IT Leader wants their business in the news for a data breach.
What can you learn from some of the biggest security incidents last year? Faster patching can keep you out of the news.
Some of the biggest breaches last year came as a result of unpatched software. For instance, a failure to install current network security patches opened the door for Equifax security breach. As another example, the WannaCry ransomware targeted unpatched Windows PCs.
The lesson here is obvious. The modern business can’t afford slow patching processes.
“Based on numerous events in 2017, it is clear that organizations need to stay on top of their patching schedules,” says Erik Gerard, Principal Advisor at Impact Advisors. “If they had, they would not have been breached and would have avoided technical, legal and PR difficulties. In order to mitigate these challenges, organizations need to develop a monthly standard operating procedure (SOP) that incorporates downloading, testing and distributing patches to the vast majority of their PCs within 48 hours of their release. Some will say they can’t do that, but these days, they can’t afford not to! I’ve worked at organizations that do this monthly and will have 95% of their 160,000 PCs patched in the first 24 hours.”
Lesson #5: Don’t put all your eggs into one cloud basket
Early last year, Amazon AWS experienced an outage, which brought down a good chunk of the internet for a few hours. It wasn’t the first time this has happened, and it probably won’t be the last.
Now, I’m not trying to single out Amazon, or even tell you to avoid AWS. I only bring this up to highlight the importance of redundant solutions. Do you really want your entire business to grind to a halt when one service fails? Of course not!
The big lesson we can take away from this: You need a multi-cloud strategy. Not only does this provide redundancy, it lets you capitalize on the best tools from each vendor.
“CIOs need to develop a multi-cloud strategy,” says Nic Grange, CTO of Retriever Communications. “While AWS has been ahead of the game for a while in many areas, Microsoft Azure and Google Cloud have come a long way in the last few years and in some areas are starting to be a much better choice. That doesn’t mean you need to migrate everything to the new cloud. You just need to develop a strategy and capabilities that allow your teams to leverage the best tools for the task at hand. Otherwise your innovations are going to be limited by the capabilities of one vendor and what they charge.”
These are just 5 lessons that CIOs learned in 2017. We’ll cover more in a future article. Would you like to add to this list? Feel free to comment below!