By Mary Shacklett in 10 Things, October 9, 2014,
2:
Loss of a key staff member
3: IP security and malicious attacks by
IT'ers
4: Vendor support for multinational
operations
5: Commercial bandwidth availability for
cloud
6: Acquisition of a key vendor/loss of a
key vendor account manager
7: Silos that can affect communications
and problem solving
8: Interpersonal skills
9: Black box code
10: End-user deals with IT vendors
Risk
management entails more than high-profile issues like data breaches. Smaller,
less obvious risks can be just as damaging to your organization.
CIOs
spend hours reviewing risk management. Prominent areas of concern include
disaster recovery, data breaches, and the financial viability of certain
technology strategies. But there are a number of less obvious issues that IT
typically overlooks -- and the negative consequences of doing so can be
significant. Here are some of those under-the-radar risks.
1: Storage media
A
considerable amount of IT data is stored on tape in regular backup processes
that could ultimately be needed for a disaster recovery -- but many small and
medium-size businesses don't regularly clean tape media or ensure that the
environmentals (temperature, humidity) for tape are proper. In an emergency
situation, these sites could find that their tapes are unreadable. Taking care
of your slow-moving "out of sight, out of mind" storage media is
important.
2:
Loss of a key staff member
IT leaders
understand who their key contributors are, but they still underestimate all the
"little things" these major players do day-in and day-out. It is only
when a key contributor unexpectedly leaves employment with the company that
managers see the skills they are missing and understand that they must now
manage without this critical expertise. Knowing your options in advance of
these situations better positions you to deal with them.
3: IP security and malicious attacks by
IT'ers
IT dedicates time to
implementing security for outside malicious attacks, and legions of lawyers
ensure that a company's intellectual property is protected. But attacks from the inside are usually unanticipated. A
disgruntled IT employee is in a privileged position and can severely compromise
a company's information and protected assets. Carefully screening employment
prospects before you hire them can help to avoid this. So can situations of
"dual control," where you have at least two IT staff members assigned
to high data security areas.
4: Vendor support for multinational
operations
For CIOs heading
multinational organizations, selecting an IT solution that works in every
country can be risky, even if there are no issues with how the solution itself
works. The reason? IT vendors often have inconsistent service and support
levels from one country to the next. For instance, a solution that is well
supported in Holland might have only a skeleton support staff in Italy. When
looking at a multinational IT solution, each vendor's in-country support and
service (as well as its solution) should be vetted in the process.
5: Commercial bandwidth availability for
cloud
Cloud solutions are
great. But if commercial telecommunications can't consistently deliver
bandwidth that can handle cloud access and download demands, your purpose could
be defeated. This is especially true for companies looking to run large big
data payloads through the cloud. Bandwidth should be a front-page issue with
all prospective cloud services providers.
6: Acquisition of a key vendor/loss of a
key vendor account manager
A great working
relationship with an important vendor can quickly go south when either your key
account rep at the vendor leaves or the vendor is acquired by another company
that doesn't have the same strong service culture. One way to manage risk in
this situation is to always write your vendor contracts with an "out
clause" in the event there is a change of management control with the
vendor.
7: Silos that can affect communications
and problem solving
IT is a discipline
of many different specialties. Each of these specialties requires its own
engineers and experts because the science of IT is complex and it's impossible
for an IT generalist to handle all of it. The flip side is that each specialty
can become a silo of activity, without effective communications outward to
other areas of IT. In the course of a day, IT leaders can forget this. They
shouldn't -- because missed communications heighten project risks.
8: Interpersonal skills
Since IT is a
technical discipline with specialists often conversing in acronyms, IT pros may
forget to speak in plain English when they're working with end business users.
Technical shop talk can quickly intimidate users, conveying an impression of IT
arrogance. When this happens, progress in business is set back, and that
creates risk.
9: Black box code
There are businesses
that have been running the same custom-developed code for more than 40 years.
It works flawlessly, and it's a good thing it does... because there's no one
left at the company who knows what's in the black box code or how to modify or
fix it.
10: End-user deals with IT vendors
End users continue
to make deals with IT vendors for departmental IT applications and solutions
without verifying that what they buy is compatible with other software and
hardware. It doesn't matter -- until there is a need to integrate this solution
with other systems. That's when IT gets called into a meeting. The risk of an
incompatible solution must be managed. It can best be handled with a
corporate-wide policy that gives IT an opportunity to review a proposed IT solution before a contract is inked.
No comments:
Post a Comment