18 minute read
BUNDERSTANDING WHY DIGITAL TRANSFORMATION PROJECTS FAIL
from AN OPEN APPROACH
by cxoinsightme
UNDERSTANDING WHY DIGITAL TRANSFORMATION PROJECTS FAIL
WHILE WE HEAR A LOT ABOUT ORGANISATIONS BEGINNING THEIR DIGITAL TRANSFORMATION JOURNEYS, RANJITH KAIPPADA, MANAGING DIRECTOR AT CLOUD BOX TECHNOLOGIES POINTS OUT A MYRIAD OF INTERNAL FACTORS CAN GRIND THEM TO HALT.
Advertisement
The pandemic spurred an increase of digital transformation initiatives across organisations and industries. And while this heightened awareness and roll out is meant to be appreciated, organisations still face the challenge of successfully completing such initiatives.
Global research organisations have studied completed and stalled digital transformation initiatives from many angles and concluded that the reasons for failure are often non-technical. CIOs need to be aware of the multiple non-technical reasons that can ground digital transformation initiatives, often for no fault of theirs, and plan to find ways to work around the points of failure described below.
Limited funding
Many finance heads continue to look at technology and IT spending as an operational expense rather than one driving innovation and longer-term strategic benefit. Hence, when a digital transformation initiative is proposed it may be hard for the CIO to gather the total funding to complete the project.
Inability to gather sufficient funds to drive a digital transformation project also arises when financial decision making is siloed and fails to see and apportion the benefits of digital transformation across the organisation. With such an approach, it may be difficult to justify sufficient funds and may require alternative routes for results.
The way forward is to justify expenditure for digital transformation with the business outcomes delivered. Many times, budgets are available with business heads and may require realignment and reprioritisation of the digital transformation initiative, along the business objectives related to that funding.
Delivery of timely business results and delivery of political benefits if wellarticulated, can also help to trigger sufficient levels of investment to mobilise the digital transformation initiative. Finally, CIOs need to be flexible in identifying and realigning with multiple funding opportunities that may exist across the organisation.
Breadth of skills
The successful roll out of digital transformation initiatives requires having multiple types of digital skill sets across the organisation. Some of these core skill sets include cloud migration and orchestration, digital architecture and platforms, data analytics, user experience and design, amongst others. Other than technical skills, teams also need to prepare themselves to become agile and flexible, often referred to as digital nimbleness.
The way forward is to build multiple types of digital training programs across the organisation. In addition to training employees with digital skills along their functional job roles, they can also be offered digital skills training outside their functional roles. This will help them to understand the multifunctional and cross siloed approach of digital transformation.
Another important initiative is to build skills in business areas that are the most impacted by digital transformation. Since digital transformation impacts existing job roles and helps to create new ones, communicating new career paths and skills progression based on experience, are another important part of the internal initiatives.
Technology resources
Post pandemic, all industries, and all organisations, have experienced an increase in the usage of digital technologies. On the flip side, shortage of IT and technology talent can dampen the enthusiasm of most digital transformation initiatives. The reasons for shortage of technology and business subject matter experts in an organisation can range from cultural to siloed thinking of the management.
A short-term approach of building skilled resources in low code type of digital transformation solutions can only go so far. The real benefits for an organisation are gained by developing the complete gamut of skills required to manage digital transformation initiatives of any complexity and scope.
The way forward is to build a continuous program of developing digital skills and culture across the organisation that helps in positive roll out of a digital transformation initiative. Such a continuous program of skills development and enhancement requires management support and a medium to long term vision for improvement and transformation.
Risk averse and resistance to change
In some organisations, the work culture does not reward change of routine and day to day processes and operations. Such organisation cultures are riskaverse and may believe there is no benefit in changing tried and tested work practices. In such organisations change management has to be actively and expertly managed.
There are multiple options for CIOs to manage the way forward. The first is to align with business heads and assess the possible cultural bottlenecks in the progress of digital transformation. Next is to align the progress of digital transformation with business outcomes and benefits. Managing change and the resulting business benefits from the change also needs to be clearly demonstrated and communicated across the organisation.
Siloed teams
Every organisation has its share of inherent silos that have an ongoing impact on processes and decision making. In day-to-day business, over a period of time, siloed ways of working get accepted. However, during digital transformation, teams that have been used to working within department walls and boundaries, find it difficult to change and adapt with the rest of the organisation.
This can have a negative impact on building the digital transformation strategy and its actual implementation and can be particularly destabilising when working across department siloes if there is inadequate preparation to overcome these challenges.
The way forward for CIOs is to clearly identify the roles of team members, their ownership in the success of digital transformation roll outs, and accountability and contribution towards success.
SECURING DATA FROM BREACHES
KHALED ALSHAMI, VICE PRESIDENT SOLUTION CONSULTING, MEA, INFOR, INVESTIGATES THE CURRENT THREATS AROUND DATA SECURITY AND HOW REGIONAL ORGANISATIONS CAN EFFECTIVELY DEFEND AGAINST ANY BREACHES.
The urgency of data security and privacy can’t be overstated. In 2021, the global average cost of a data breach was $4.24 million, representing a 9.8% increase over 2020. Yet the immediate costs are a trifle when compared to the incalculable, lasting brand, reputation, and business damage that a data security incident causes.
Risks associated with information security threats increase minute by minute. Bad actors with malicious intent are continuously evolving their strategies and attempting increasingly creative and sophisticated security breaches. The constant potential threat of cyberattacks and security breaches can be taxing on IT teams and organisations that need vigilance, resources, talent, and educational resources just to stay ahead.
The number of potential attackers is also expanding to include not only independent attackers and small groups, but also state-sponsored hacking organisations that are much better organised and funded. These larger groups can afford to devote multiple resources to breaching the defenses of small and large organisations over a long period of time—a level of commitment attackers once reserved only for the most strategic targets.
Unless your organisation maintains an environment that prohibits any external Internet access, odds are your corporation has already suffered a successful attack of some type, even if it’s something as simple as the unauthorised release of some personal data. As former Cisco CEO John Chambers once put it, “There are only two kinds of companies: Those that were hacked and those that don’t yet know they were hacked.”
This isn’t your internal IT organisation’s fault. Today’s business environment demands a level of agility and efficiency that requires organisations to open their networks in ways that would have been unimaginable until recently. That openness, while essential for keeping a business competitive, has made the job of maintaining a secure network even more difficult.
Defend your company against security breaches and malicious attacks
SaaS solutions offer a safe, secure environment to protect an organisation’s digital resources. In a SaaS solution environment, infrastructure and application security are managed by the service provider, whose dedicated resources can continuously monitor systems for security breaches and threats. This, in turn, enables a faster response to any potential problem or identified security risk.
Industry-leading cloud service providers invest millions of dollars every year on their internal security measures, including: • Training and tools to analyze existing services • Constant updates to multiple levels of protection (including network- and host-based detection and protection)
The ability of industry-leading cloud providers to safeguard their customers’ valuable data requires investments and available resources that most organisations cannot afford. Moving to a cloud service can allow an organisation to isolate and protect its internal networks and the valuable data it stores on internal systems.
In the current era of end-to-end value chain collaboration, third-party vendors and suppliers often require integration with an organisation’s enterprise resource planning (ERP) system. If that ERP system is hosted in a cloud service, vendors and suppliers will never need to connect to the organisation’s internal network. As a result, multi-tenant cloud customers enjoy less risk because security and uptime are dramatically better when managed by world-class experts.
A cloud environment is only as secure as the weakest link in its security chain. Infor Cloud employs a “defense-in-depth” strategy. Multiple layers of overlapping security safeguard customer data through each link of the chain. These security controls are enforced by a team of specialists who continuously monitor and improve Infor Cloud security posture to stay ahead of threats and vulnerabilities.
BUILDING A RESILIENT SECURITY STRATEGY
ENTERPRISES TODAY ARE GRAPPLING WITH A HOST OF SECURITY CHALLENGES, BUT ACCORDING TO DAVID BROWN, SECURITY OPERATIONS DIRECTOR, AT AXON TECHNOLOGIES, BY FOCUSING ON BUILDING CYBER HYGIENE AND RESILIENCE, MANY OF THE THREAT CHALLENGES CAN BE OVERCOME.
Organisations create security policies and security frameworks to help reduce vulnerabilities and to build a culture of security efficiencies both internally and externally. However, once built the challenge is also to revisit them and update them in areas that help to build resilience and reduce vulnerabilities.
Policies and configurations
For example, security controls and configurations go through changes throughout their life; sometimes functionality requirements change; there are unpredictable needs; and sometimes there are unauthorised changes.
In other words, the need for continuous assessment and review of policies and configurations cannot be overlooked.
Whatever the reasons, changes to an organisation’s security policies must follow a systematic change request process. On a planned basis this can include regular quarterly assessments; mapping all valid change requests; changes required in a fixed window pattern of 30, 90, 180 days with auto-expire or auto revalidation.
Any changes made to security policies and configurations, that have not been mapped would then trigger an internal security event.
Continuous review of security policies and configurations should not be confused with operational patching cycles. Roundthe-clock, patching routines, and cycles are determined by vendor releases and other threat vulnerability intelligence. Priority for patching routines is based on risk levels as well as those with the shortest time to apply.
Attack surfaces
Managing the attack surface of an organisation is an important part of its resilience security strategy. An immediate implication of the lack of understanding of an organisation’s attack surface is poor cyber hygiene. Poor cyber hygiene creates doors for initial access and lateral movement of threat actors. On the other hand, a well-understood and managed attack surface helps the organisation to build layered defenses that are proactive and reactive.
Baselining
Another important activity to build a resilient security strategy is to baseline an organisation’s network and host layers. Information system types can also be used as a baseline and can track growth in capability and capacity.
While monitoring baseline activity is often talked about, in practice it is seldom rolled out and maintained, if initiated. From an organisation’s point of view, baselines are very effective to flag, through automation or human monitoring, when something is not normal.
An organisation’s resilient security strategy will be incomplete without an attack surface management program and monitoring of baseline of activity.
Continuous improvement
A policy of continuously improving the levels of cyber hygiene in an organisation leads to an enhanced level of situational awareness. This enhanced level of situational awareness helps the enterprise to mitigate threats early in the attack lifecycle.
For enterprises that build an enhanced level of situational awareness, they are able to reduce the meantime for vulnerabilities appearing on its attack surface. They are also able to prioritise which vulnerabilities to remediate, with well-defined clear actions and controls.
Enhanced level of situational awareness also helps to create proactive plans such as incident response and preparedness plans. This plan provides clear actions and remediation paths in a simplified format for non-technical stakeholders and a fully detailed structure for technical stakeholders.
Continuous improvement in cyber hygiene helps to build practices for network and system hardening, information assurance, and vulnerability management processes. It also helps to support data classification systems, all of which are secured with a 3-2-1 back schema as a critical component.
On the flip side, an enterprise that lacks an understanding of its cyber hygiene practices can only open itself to adversary actions who can finally only achieve their objectives.
THE CHANGING FACE OF TELECOMS
ALIX LECONTE, VP FOR SERVICE PROVIDERS (EMEA), F5, ON KEY TRENDS TRANSFORMING THE TELECOMS INDUSTRY.
New technologies, COVID-19, regulations, and politics are all changing the telecoms industry faster than ever.
It can be hard to know where things are headed at times, but here are five major trends that should be on everyone’s radar in 2022.
1 Data Sovereignty Takes Centre Stage
Data sovereignty is an increasingly hot topic in the Middle East, and the subject has come to the fore as hyperscalers move into the region. It’s clear that data is fast becoming a sovereign asset that must be carefully protected. Any telco delivering on this front will surely stand out from the crowd.
If we look to Europe, we can see that policymakers are doubling down on data sovereignty, which creates a raft of new opportunities. As the continent looks to regain control of its digital destiny, policymakers are turning to telcos for trusted services and infrastructure that reduce hyperscaler dependency.
In France, Orange has teamed up with Capgemini to set up Bleu, a new company that will provide “Cloud de Confiance” solutions certified to comply with the French state’s privacy, security, and resiliency requirements.
Then there’s Telecom Italia, which is currently bidding for a contract to build a €900 million national cloud hub to upgrade the country’s data storage facilities.
These examples are just the tip of the iceberg. There is also a push for data sovereignty beyond Europe’s borders. While acknowledging the need to work with US-based hyperscalers, many governments now want more control over how to secure and manage data from key sectors such as healthcare and public services.
2 Making Multi-Cloud Networking Work Multi-cloud networking is the logical next step for enterprise IT.
Across the world, we’re seeing rising demands for cloud-native technologies that can enhance agility, efficiency, and scalability. At the same time, apps are increasingly composed of micro-services spread across different environments.
Implementation is key here. To connect applications in different environments, you need much more than just networking. You also need security and load-balancing to ensure apps are always available and protected.
This year, we expect that telcos, and their enterprise customers, will put a premium on solutions that reduce multi-cloud complexity.
3 Major Momentum in Mobile Financial Services
Already major providers of money transfers, telcos are also going all in on financial services like micro-credit, insurance, and savings.
For example, some telcos are accumulating data to determine credit scores and offer personalized loans with minimal risk. Meanwhile, the burgeoning mobile money ecosystem is empowering hundreds of millions of previously unbanked people to access financial products for the first time.
The expansion of the digital financial services sector makes it a compelling and obvious target for cybercriminals. This means telcos need to markedly improve their security game, including providing advanced protection against DDoS attacks, credential stuffing, and other threats.
4 Keeping Tabs on Cloud-Native Network Functions
Telcos are gradually going cloud-native in pursuit of rapid scalability.
A traditional mobile core network used to be composed of different functions running on purpose-built hardware. That code is now distributed over a set of virtual network functions (VNFs) or cloud-native network functions (CNFs) with separate and distributed control and data plane functions. As they move to standalone 5G networks, telcos will look to interconnect VNFs and CNFs deployed in different environments and locations. Naturally, this increases the attack surface.
Unfortunately, telcos are still figuring out the best way to make their CNFs—and their infrastructure as a whole—fully secured, automated and observable. Against this backdrop, operational simplicity becomes a critical concern.
5 Telecoms in the Public Cloud – Proceed with Caution
Cloud-native will be a big buzzword in 2022 (as it was in 2021). And telcos across the world will continue to talk about which workloads they will move into the public cloud. This includes both applications (IT workloads), as well as network functions for specific use cases.
Nevertheless, support for core network functions with stateful protocols and large-scale subscriber sessions can prove challenging and present financial obstacles.
Although deployment costs for some specific use-cases will continue to fall, a more fundamental question in 2022 is how to manage and secure the flow of the sensitive data. Data sovereignty momentum will certainly require many telcos to use the public cloud judiciously, as policymakers increasingly demand that sensitive datasets remain in country and under strict local control (with clear rules on who can and cannot access it). Ultimately, telcos’ transition to the public cloud could still turn into a rather protracted affair.
PREPARE FOR THE UNEXPECTED
GREGG PETERSEN, REGIONAL DIRECTOR - MEA AT COHESITY, ON THE IMPORTANCE OF TESTING YOUR DISASTER RECOVERY PLAN.
Data is today’s currency and is a critical component of success in business. However unplanned events (disasters) can put data, processes and operations at risk and might even threaten business continuity.
It is imperative that if a disaster strikes, the organisation and its employees still have access to their systems, data and applications. Having a disaster recovery plan is important, but isn’t enough. You can’t rely on a plan if you don’t test it — disaster recovery testing makes all the difference.
Disaster recovery (DR) plans – which is an organisation’s methods for responding to and recovering from a major event – play a critical role in helping businesses to cope in a crisis. From natural disasters and human errors, to hardware failures and cyberattacks, a thorough and well-tested
DR plan can ensure your organisation is up and running quickly, keeping customers served and revenues flowing.
However, while every IT and business leader should now recognise the importance of these plans, research suggests that some are slower on the uptake than others.
What’s more, having a DR plan in place is just the starting point. Unless your process is tested regularly and thoroughly, how can you be sure it will work? With increasing numbers of stories about services falling over and not getting back online quickly, the question we ask is simple: is anyone still testing their DR plans?
Unfortunately, the answer to that question is ‘nowhere near enough’.
IT and business leaders must do better.
To ensure their organisations have a trusted route back to recovery, organisations must test the robustness of their DR plans.
Regular, full-scale testing is crucial to the success of a DR plan, especially in today’s hybrid and multi-cloud environment.
From sandbox testing to data classification and simulation, here are three ways to help ensure you have a DR plan that works.
Testing your DR plans shouldn’t be a crisis in itself – your vendor should offer non-disruptive DR testing. Third-party DR services should be able to draw on a range of virtual equipment to test your plan.
Often known as a sandbox test, this procedure makes it possible for your business to undertake full testing without affecting any production servers. That means that even while the test takes place, your operational activities continue as normal.
Also make sure your thirty-party tester can give you detailed results from your sandbox. Any tech-based solution for DR planning should use audit trails to reduce operational complexity and streamline compliance requirements.
Businesses are under increasing threat from ransomware and other vulnerability exploitations. IBM Security, in its recent annual X-Force Threat Intelligence Index, shows that the Middle East and Africa region was the fourth-most attacked region worldwide, while the most attacked countries in the Middle East and Africa were the United Arab Emirates, Saudi Arabia and South Africa.
Data is commonly viewed as the crown jewels of the organisation, but some information is more valuable than other knowledge – and unless you have an effective data-classification strategy, you won’t know which data must be protected at all costs.
Organising data into classes is the cornerstone of effective data management. If you know what use cases your data supports – from security and compliance to customer service and cost optimisation – you’ll know how valuable your information is and the lengths to which you should go to protect it.
Your DR plan should take this data classification into account. Your tierbased approach should help ensure business-critical data is not just backed up, but always available. If the worst happens, and your network is down, your DR plan should be designed so that renewed access to this data is prioritised.
Reviews of DR plans and tabletop exercises, where people across the business get together to analyse your strategy, will only take you so far. If you really want to know how effective your DR strategy is, then you’re going to have to run a simulation exercise.
Rather than simply talking, this simulation creates a worst-case scenario and then role-plays the plan with your IT team. The exercise should also bring in other business stakeholders and thirdparty vendors to create a full view of dependencies and requirements.
With the increased frequency and cost of cyberattacks, a robust set of disaster recovery processes combined with proven technology have never been more essential. Organisations should look for ease of use, automation, and the ability to truly control their data recovery and application availability servicelevel agreements. This next-gen data management also offers organisations an essential set of capabilities to take on the disaster recovery challenges businesses are facing today.
