Story image

No place to hide from failure to manage IT risks

02 Jun 15

Are IT professionals with organisational and broader societal responsibilities doing enough to back up the need to manage risk? 

That’s the question from Alan Rodger, analyst from Ovum, who says that the world around us is ever more complex and connected at almost every level, and as result IT’s responsibilities are strongly in the spotlight. 

Rodger says that in many areas of IT, the obvious potential or actual impact of risk has brought about better focus on the important issues. “For example, cyber-security now has ubiquitous board-level attention, and has brought realignment to the IT security sector,” he says.

“In addition, business continuity is more often addressed at a high level, having matured from relying on ‘hot’ technology swaps. Project risks are also usually better recognised and managed, and the scale of historical disasters more often avoided.”

However, Rodger says there are numerous areas in which there is much more that should be done within many organisations:
•    Supply-chain risk associated with as-a-service delivery (especially where individuals are allowed to adopt software usage via shadow IT).
•    Security being built into all levels of software, and being visible, within development and other software lifecycle processes.
•    Failure to treat as strategic the use of services such payments systems, which Ovum research has identified may be chosen over integration capabilities as a result of developer choice, rather than an analysis of process-level issues and due diligence.
•    Lack of an architectural approach to IT-related change, which can lead to failure to address risks early and can drive up the resulting cost.

Rodger says IT is so central to business operations and processes that risk management in IT is a critical enterprise capability. “IT managers must honestly evaluate weaknesses in their approach to managing risk, across all their capabilities and services (home-grown and bought-in), and must focus attention and investment to make improvements first in areas that could allow any substantial damage,” he explains. 

“Unless this is done, the prospect of damage avoidance, and of success in maximising the organisation’s benefit from technology opportunities (particularly those upcoming, such as the Internet of Things), is likely to be substantially reduced.”

The reward of IT’s high profile is a place in the spotlight, but where light shines things can be seen better, Rodgers says. “Risk is also much higher profile than ever before, and there will be no place to hide if anti-risk measures that should be taken in the IT domain are left until unfortunate headlines are made and an inquest is being held.”

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
The disaster recovery-as-a-service market is on the rise
As time progresses and advanced technologies are implemented, the demand for disaster recovery-as-a-service is also expected to increase.
Apax Partners wins bidding war for Trade Me buyout
“We’re confident Trade Me would have a successful standalone future," says Trade Me chairman David Kirk
The key to financial institutions’ path to digital dominance
By 2020, about 1.7 megabytes a second of new information will be created for every human being on the planet.
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
NVIDIA sets records with their enterprise AI
The new MLPerf benchmark suite measures a wide range of deep learning workloads, aiming to serve as the industry’s first objective AI benchmark suite.
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.