Category: ICT Strategy

Disaster Recovery & Business Continuity

Business continuity and disaster recovery planning (DR/BC) is something Strategic Directions have been helping clients with for over 14 years. The importance for organisations to ensure they have appropriate recovery provisions for not only natural disasters but Power Failures, IT Software Failure, Human Error and Hardware Failure is critical – you need to have a […]

Business continuity and disaster recovery planning (DR/BC) is something Strategic Directions have been helping clients with for over 14 years.

The importance for organisations to ensure they have appropriate recovery provisions for not only natural disasters but Power Failures, IT Software Failure, Human Error and Hardware Failure is critical – you need to have a plan to deal with all levels of disruption.

In such an event, companies need to not just look at the loss of data, revenue, IT services but reputation with employees, suppliers and customers.

All organisations have experienced some form of disaster, but it is those organisations that have a current DR/BC plan in place that deal with these effectively, reducing the impact to business operations, staff and customers.

The cost to business caused by potential disasters can be devastating, but worse is having to explain how this has happened to people affected, your staff, business partners and most importantly customers.

Five Questions to Ask Yourself?

Can you locate your DR/BC Plan?
What are your aspects of critical service and how quickly must they be recovered
Customer Services (Phone, Email)
Employee Services (Distribution, File Access)
Team Responsibilities (Who is in your DR Team)
Communication Assets (What is your plan dealing with media?)
Are you certain your data is protected, recoverable, assessable and what is your data recovery time?

Vendor Independent with local skills and global knowledge Strategic Directions are happy to discuss your DR/BC plan to see if it will ensure the impact on your business is acceptable in the event of a disaster.

Continue Reading Share

Cloud Computing Challenges

Cloud Computing Challenges – the experts all agree – plan carefully and avoid unnecessary pain! A recent look at Cloud commentators around the world – confirmed what we at Strategic Directions already knew. (Eureka!!) 3 Internationally respected (but totally unrelated) Cloud Forum Organisations all agreed that one of the major concerns to customers when moving […]

Cloud Computing Challenges – the experts all agree – plan carefully and avoid unnecessary pain!

A recent look at Cloud commentators around the world – confirmed what we at Strategic Directions already knew. (Eureka!!)

3 Internationally respected (but totally unrelated) Cloud Forum Organisations all agreed that one of the major concerns to customers when moving to the cloud was:-

Lack of resources and expertise                          (Open Cirrus :-  www.opencirrus.org )

Lack of resources and expertise                         (Cloud Tweaks :- www.cloudtweaks.com )

People and Processes                                           (Forbes Technology Council :- www.forbes.com )

The internationally regarded Forbes Technology Council comments “it’s critical not to get caught up in the hype….do proper planning.” Forbes offers firsthand insights on technology and business from elite CIOs, CTOs and other executives. They asked some of their senior members to identify challenges they thought a business might have to overcome when moving its operations to the cloud. This is what the executives (all from different organisations) had to say:-

  • Getting the solution right from a myriad of options
  • People and processes
  • Having a defined Strategy and associated Business Objectives
  • Getting over the psychological barriers (trusting your decision)
  • Time, cost and security challenges
  • Not getting caught up in the hype
  • Change Management issues (as with any major IT Project)
  • Dependable technological infrastructure
  • Accurately estimating the true costs of service
  • Avoid too much modification or customisation
  • One of the biggest challenges is translating your security posture to the cloud environment
  • The financial model – plan wisely!
  • Connecting legacy systems – they are most often not “cloud ready”

 

We note a very interesting point here !  The vast majority of the concerns identified have nothing to do with the actual technology!

 

This is not to demean Cloud solutions – the benefits are well known – merely to emphasise the “associated” issues that any organisation needs to be aware of, but which are often “lost in the translation.”

 

Other challenges identified by Open Cirrus included the lack of standards, different terminologies between vendors, lack of clear guidelines regarding the operations of cloud providers. Also, they note, bringing hybrid cloud infrastructure into the mix has made it even harder for organisations to determine the best choice.

The bottom line is – get objective advice and guidance before “setting sail” upon uncharted waters!

Continue Reading Share

Data Breaches

Mandatory Disclosure and Statutory Notification a wakeup call for Business – November 2017   Recent news articles have highlighted the seriousness with which the Federal Government is treating Data Breaches affecting Australian organisations. This follows hot on the heels of the recent announcement that the Federal Government is planning to invest up to $140 m into […]

Mandatory Disclosure and Statutory Notification a wakeup call for Business – November 2017

 

Recent news articles have highlighted the seriousness with which the Federal Government is treating Data Breaches affecting Australian organisations.

This follows hot on the heels of the recent announcement that the Federal Government is planning to invest up to $140 m into an “industry led” cooperative research centre focussing on cybersecurity.  https://www.itnews.com.au/news/govt-industry-invest-140m-for-cybersecurity-crc-473948

 

The government has just released a draft of the statement it expects organisations to file if they suffer a data breach after February 2018. Under laws passed last year, organisations will have to report a data breach as soon as practicable, including its severity, the type of breach (financials, government and tax details and other “sensitive” information), and the estimated harm to those impacted.  The OAIC (Office of the Australian Information Commissioner) will collect and publish statistics in connection with the scheme, with a view to reviewing this approach 12 months after the scheme’s commencement. Comment on the draft statement is accepted until 23rd October this year. https://www.itnews.com.au/news/govt-reveals-data-breach-notification-format-474360?utm_source=mobile&utm_medium=linkedin&utm_campaign=share

 

AGC Networks Australia recently hosted a group of C-Level executives to discuss the upcoming requirements. Concerns that were identified relating to this new Legislation included:-

  1. What to do to comply with the new requirements
  2. The extent of the data they are expected to collect
  3. Defining “breach vs compromise” and what exactly constitutes “serious harm”
  4. Agreement that Cyber Security is not just an IT risk – it is a Business risk and a Board risk

In the end, the discussion group agreed that the following actions needed attention in the future:-

 

  1. While focus on the notification process is important, organisations need to focus on prevention in the first place….
  2. Contracts and Service Agreements need review in consideration of the legislation….
  3. Incident management plans are vital, but this is part of the cyber security strategy and prevention is still the first step…..

https://www.linkedin.com/pulse/data-breach-mandatory-disclosure-your-organisation-ready-heywood/?trackingId=xCohzCdujy2Fo7rBjwZaag%3D%3D

 

These recent initiatives underline the fact that cyber security is no longer associated only with military, government or large corporate targets. All organisations are at risk, and must proactively consider the security and privacy of their ICT services and the customer / supplier information they manage.

 

A crucial part of any organisation’s strategic plan MUST recognise the very real threat of cyber-attack, including prevention in the first instance, ongoing management and monitoring, and recovery once a legitimate breach has been identified.

Continue Reading Share

Three Key Components for Managing Cloud Services

The traditional train of thought to managing vendors is changing with the wider adoption of cloud services. Partnerships are key for business critical ICT services; as is transparency as to both what the organisation expects and how the vendor proposes to provide the service.   Management of cloud based services requires a change in thought […]

The traditional train of thought to managing vendors is changing with the wider adoption of cloud services. Partnerships are key for business critical ICT services; as is transparency as to both what the organisation expects and how the vendor proposes to provide the service.

 

Management of cloud based services requires a change in thought regarding the construct of three key components being; contracts, relationship and performance management.

 

Contracts:  The contract must address the relationship, based on the vendor type, required by the organisation.  Vendor’s relationships under service based contracts for ICT services require more performance based with outcomes defined rather than products specified, well defined inter-vendor dependencies and integration points, not just with the organisation but its partners also.

 

Relationships: The more strategic the partner (ie. the greater reliance the customer has on it), the greater the risk to the organisation of things were to go wrong. It is important to categorise your vendors and manage each category accordingly e.g. a Legacy or commodity cloud service could be deemed as low risk whereby a new or strategic partner should have a higher focus from the outset of the vendor management function as it will deliver the highest return in terms of strategic business outcomes but also introduce higher risks that require mitigation.

 

Performance: The cloud vendor must be accountable for the delivery of services in a similar manner to the organisations IT manager being accountable for the delivery for an on premise service. Vendors must be performance managed over the life of the services contract against agreed criteria to ensure the organisation is achieving optimal performance from their cloud services.  As important as it is to agree performance criteria during the establishment of a contract it is of utmost importance that the organisation understands the criteria and has the ability measure it.  Performance must be measured and reported against agreed KPI’s – and the services contract should include penalties on the service provider commensurate with the lost value or productivity to the organisation noting that incentives and rewards should be considered for the vendor exceeding the KPI’s and increasing organisation value or productivity (e.g. positive media releases regarding the success of the service).

 

Organisations must understand the varying levels of control they will have across public, private and hybrid cloud solutions for managing their cloud service contracts, relationships and performance. Understanding this in advance will significantly increase the likelihood that an organisation will select the correct cloud service model to support their business needs whilst aligning to their business risk appetite.

 

The traditional models of vendor management have changed. Three key components can ensure successful cloud deployments, reduce the risk of excess costs and ensure the organisations data integrity is maintained and is accessible through all stages of the cloud service agreement.

Continue Reading Share

ICT Governance In The Cloud – What Has Changed?

With the increasing adoption and confidence in Cloud Computing Services, the new customer/vendor relationship impacts are changing significantly from how things have been done in the past. Organisations will buy services not products, will rely on vendors to deliver ICT services not hardware and software to support in-house service delivery and vendors become more entrenched […]

With the increasing adoption and confidence in Cloud Computing Services, the new customer/vendor relationship impacts are changing significantly from how things have been done in the past. Organisations will buy services not products, will rely on vendors to deliver ICT services not hardware and software to support in-house service delivery and vendors become more entrenched in the relationships with the organisation without being a part of the organisation.

 

With change; comes inherent risks which if not effectively managed may significantly impact to your organisation later. The importance of ICT Governance within organisations should be at the forefront of any manager’s strategic planning as you prepare to transition to cloud computing services.

 

Two key components that organisations need to consider are an ICT Governance Framework and a Vendor Management Plan.

 

A robust ICT Governance Framework will assist those charged with the governance of ICT to understand and fulfil their legal, regulatory and ethical obligations in respect of the organisations use of ICT services. The Framework will also inform strategic decision making by enabling those charged with the governance of ICT to focus on the strategic use and business value of technology, rather than on the specifics of individual technologies.

 

For many organisations, vendor management commences as a key function following the signing of a contract. However industry best practice suggest vendor management is a strategic function that must be applied well before a business engages the market. Organisations must ensure they categorise their vendors and apply the correct evaluation and negotiation focus from the beginning.  The Vendor Management Plan should break down how differing vendor categories should be managed, provide guidance on contractual arrangements for cloud services and determine how performance will be measured and reported.

 

The traditional train of thought to managing application services must change for cloud based services to cater for service termination and transition provisions – once a cloud service contract expires or is terminated due to performance issues customers are challenged with ensuring the integrity of their data is maintained whilst maintaining continuity to the business functions during the transition to a new service provider. In the past a breakdown in the vendor relationship or the expiry of the contract allowed the customer to maintain the application on premise without ongoing support.

 

Governance for cloud based ICT services must consider the entire service lifecycle from service selection, through entry and ongoing operations to service exit provisions. At the end of the day, you remain responsible for the provision of effective services to your customers, regardless of the cost and quality of the cloud based ICT services you choose to enable your business.

Continue Reading Share