2020 has been a year of change and challenge. A year of firsts and in many cases ‘making do’s’ just to manage the day to day and cope. A fundamental shift in work practices coupled with significant business transformation agendas and a pace of technology change that is not abating, has made for an often less than perfect balancing act and one that has tested the resilience of every organisation.
Moving forward it will be critical that organisations’ arrive at a sustainable business model – operationally, commercially and technologically. Addressing IT risk in the new normal alongside managing sizeable IT transformation agendas and balancing commercial recovery and growth will not be easy.
Strategic resilience should take precedence over all else, that said the pressure to adopt emerging technologies and automation in an attempt to reduce costs and improve profitability continues. Cloud deployments have increased dramatically, most especially in light of the pandemic and with that brings yet another fundamental shift in how organisations function and how IT risk needs to be actively managed and addressed.
Establishing a robust cloud strategy that outlines a framework and roadmap for deploying organisational plans and related cloud architecture is essential. This strategy should be underlined by a comprehensive risk assessment that informs security, availability and confidentiality priorities. Deploying strong governance, risk and control protocols to enable the business is also key and ensuring accountabilities are transparent and understood between the organisation and its cloud outsourced provider again should not be assumed or taken for granted.
In recent years the exponential growth in the amount of data being captured, processed and stored by organisations has driven the need for timely and accurate analysis of vast amounts of data to drive tangible business value. Most, if not all businesses are investing in technologies such as robotic process automation, big data, predictive analytics, machine learning, and artificial intelligence (AI) to automate workloads and interrogate and analyse data at scale. Managing the risks associated with these deployments is challenging and something that requires subject matter expertise to best inform the governance, risk and control considerations that need to underlie an automation program lifecycle. Traditional IT risks that centre around access management, change management, incident management and business continuity all need to be viewed through a different lens when it comes to the automation journey, from inception and ‘go live’ to de-commissioning.
The ever increasing complexity of business models, their jurisdictional footprints, disparate work forces and volume of data that they handle and process, gives risk to sizeable cyber and data protection risks. New and inventive ways to undermine a business by way of a cyber-attack are manifesting daily. Organisations already struggle to keep pace with what they are faced with from a cyber-threat perspective.
As businesses lift, shift and change at pace the whole area of cybersecurity and data protection is hard to keep on top of. An intimate knowledge of business IT infrastructure, business processes and data classification capabilities will be core in tackling this risk universe as it continues morph. Cyber skillsets and subject matter expertise are at a premium. Getting the right advice when it comes to arriving at a best fit IT strategy that will enable your business to grow and develop will be essential. Cyber and data management will play a larger and larger role in an organisations over - arching IT strategy as we move forward.
Organisations are increasingly reliant on third-party technology suppliers to deliver business-critical products and services to their clients and customers. Businesses need a defined strategy for the selection, approval, and management of third parties. Technology will continue to drive the large extent of business transformation and change agendas and so will the use of third parties and the need to better manage the outsourcing life cycle.
Organisations must decide how they are going to best identify, monitor, and manage their third-party risks, for both remote workers and third-party service providers in the new normal. It is clear based on recent scandals concerning the availability, security and confidentiality of data that third party risk management needs to be done better. Robust vendor risk assessment, vendor cyber resiliency reviews and assessing vendor contract compliance are all ways a business can tool itself in addressing the plethora of risks involved in the management of IT operations and infrastructure both currently and in the future.
As part of an organisational transformation agenda the need for high quality, timely and secure code is critical. IT teams will need to arrive at the optimum risk reward model from a DevOps and SDLC perspective and will need to be forever vigilant in managing access controls and segregation of duty concerns, as again greater levels of agility are being forced upon them by the business.
Finding the balance between remote working and return to office business dynamics will create a need to review the capacity of IT service management to address end-user issues in both respects and most especially related to a continuing “at home” IT environment.
Furthermore, balancing the risk reward considerations of a best fit target operating model and changes needed to business continuity and disaster recovery plans will also require attention given the greater level of agility now expected and inherent within same.
Operational resiliency is fundamental to meet the expectations of customers, business partners, customers, and investors. Whether on premises or in the cloud, IT resiliency is the ability to adapt to planned or unplanned events whilst ensuring continuous service and operations. Businesses can only best enable their operational resiliency via preparedness. A comprehensive review of dependencies on cloud providers, third parties, legacy systems, recovery capabilities and ransomware resiliency will best inform up to date business impact assessments and communication plans that wholly align to a new target operating model underpinned by real change, transformation and agility.
See our Business Risk Services offering
