IT Teams are Taking on More Risk. Are You Prepared?

Traditional approaches to managing IT and having the best ‘Incident Response Plan’ are no longer enough. Organizations need to proactively manage and be predictive about the constantly changing environment and evolving complexities. If they don’t, it can be too late and they will be caught off guard.

Take financial institutions, for example. A survey looked at how resilient the financial sector is and how quickly the sector recover from major operational disruptions. The finding: The heavy reliance on IT systems, networks and the cloud naturally increased the risk of disruption.

In addition, with Global Systemically Important Financial Institutions (G-SIFI) and Systemically Important Financial Institutions (SIFI), there’s an even greater need to manage the chance of large-scale disruption. Avoiding a 2008 style meltdown is at the forefront of the need for ‘Resiliency’.

Resiliency: “The ability to recover from adversity to your original state.”

Why is this?

While traditional business transformation programs by IT organizations have focused on people, process and technology,the cloud introduces new elements to control, requiring new personas and resources.  For example, organizations also have to focus on facilities and vendor partners across its supply chain, areas not traditionally part of IT’s span of control..

A ‘Must Have’ Checklist in Preparing for Resiliency in the Cloud Era

The expanded span of control for IT can be broken down more specifically to the following five areas:

  • Critical Infrastructure – Core networking and connectivity to internal and external providers, enabling the organization to function and daily activities to occur with minimal disruption. This infrastructure is often presumed to be there and working, but any disruption can cause massive problems.
  • Critical Systems – Core banking platforms, financial systems, payroll, HRIS, and so on. Identified as those systems that are required for the organization to run effectively, whilst maintaining its commitments to customers, employees, suppliers and partners. These systems must be resilient in design and operation.
  • Incident Response – The ability for an organization to respond effectively in the event of a situation occurring. Often looked at from a technology lens, communication to stakeholders is a mission critical activity within the plan.
  • Threat and Vulnerability – Cyber threat landscape poses challenges to firms’ ability to maintain resilience. The pace of change is such that prevention, detection and response arrangements can quickly become dated and insufficient.
  • IT Vendor Management – Effective relationships with partners and suppliers can be the difference in the restoration of services. Knowing and having confidence in your third party providers through regular reviews, joint planning and response plans, can significantly reduce recovery times. This will definitely improve the ability for an organization to effectively get back up and running after an incident.

As your IT organization takes more control across the enterprise, IT professionals need to ask themselves, “How prepared am I to address the new and evolving challenges of resilience and IT risk?”

This is a topic that dovetails well with the work we do in governance, risk and compliance, and one reason we acquired Intreis. See that announcement here.

mm
Chris Pope
Chris Pope is a strategy leader at ServiceNow, helping customers transform their IT with enterprise service management. With more than 15 years of experience in driving enterprise-class technologies for Global 2000 companies, Pope has a proven track record of managing large-scale process and technical projects with global reach. Prior to ServiceNow, Pope worked at leading financial institutions UBS, NYSE Euronext and Lehman Brothers. He holds a degree in electronic engineering from De Montfort University in the UK.

Leave a Reply Text

Your email address will not be published.

Shares