This article continues the roadmap for the IT Value Journey, navigating from the Maintain state to the Enhance state with a clear, repeatable formula to ensure a quick and safe journey.
Our June 6 article explained how to improve customer satisfaction while reducing the cost of delivering service. That was the first leg of the journey from Maintain to Enhance.
This article explores how we continuously improve the entire IT Infrastructure in a transparent, measurable way.
One of the most important IT responsibilities is to protect the security and availability of data and technology assets.
Resilience refers to your ability to defend against, identify, and recover from cyber threats. How do you know the resilience of your infrastructure? A best practice is to engage a third-party security firm to assess your risk profile, give you time to resolve any findings, and then perform a few ethical hack attempts. There are many ways to approach this, including penetration testing, red team/blue team games, and many more.
Your job is to measure how long it takes your team to identify the hack and then how long it takes them to fix the vulnerability that allowed the hackers to get in. The metrics we focus on are “time to detect” and “time to remediate”.
On average, a hacker tends to be in a target environment between 200 and 400 days before being detected.
Consider having the third party perform three different hacks. Use the worst metrics as your baseline and then set out, year after year, to continuously improve.
There is no good, bad, or indifferent here. However long it takes your team to detect and remediate the threat(s) simply becomes your baseline.
You’ll probably discover that you need better monitoring tools for the infrastructure or, as we typically see, you may need to pay more attention to the logs, review them more frequently, and apply security patches more frequently. The increased awareness, resulting from the security assessment, will likely give you ideas about email security add-ons, random, controlled phishing attempts to increase employee awareness, better employee training, and better intrusion detection and prevention tools.
Finally, regarding resilience, share your findings with the CEO. Estimate the cost of one day of downtime. That may be as simple as calculating annual revenue divided by 365. Consider the cost to your company if customer or employee data is compromised. That cost may include lawsuits, remediation efforts, and lost business when your story reaches the mass media. The cost of improved protection will look like a bargain compared to the damage that could be done to your business.
Your efforts to make your technology more resilient will improve the trust, credibility, and respect that IT earns from the rest of the business.
IT organizations like to talk about uptime, four or five nines, terabytes and other measures that really mean nothing to the rest of the business and don’t directly impact company performance. While most businesspeople don’t relate to “uptime”, they absolutely care about “availability” of the services that they each use. What good is it for a server to be up 99.999% of the time if a key service, like a home-grown software application or email or the conference room projection system, isn’t available the day of the big client meeting?
In the countless IT turnarounds that we’ve facilitated, we identified three key measures that painted the picture of continuous improvement of the infrastructure in the Maintain state. All three of these measures cross over to IT Customer Service and Software Development and Maintenance, unifying the IT team.
IT resources, today, are simply expected to be available all the time. That includes servers, routers, email systems, third party applications, home-grown applications, interfaces, and more. Start measuring downtime for every resource that experiences an outage. Track on a spreadsheet and calculate average downtime per month for each resource. The worst performing resource is then used to measure overall availability of IT resources.
For example, I once served as CIO for a company that ran a home-grown ERP system. When I arrived, we knew the system did not perform very well. Employees and customers were frustrated but, over the years, they just learned to live with it. When we finally measured that system, we documented that it was down, on average, 20 hours a month! Yes, hours.
Simply measuring, and translating those measures into business impact, completely changed the mindset of executive leadership and the IT team. Instead of finger pointing between software developers, network administrators, database analysts, and even the end users, we changed to a focus on root cause analysis and remediation. Within months we dramatically reduced downtime for that system and achieved 100% availability the following year.
Set a goal of, say, 99.999% availability for infrastructure and systems. Track downtime for anything that ever fails. Every week, review the numbers with IT, seek the root causes, and set out to fix the worst offender – whether it’s a server, database, switch, application, or whatever.
Communicate the results and watch how the rest of the business reacts.
Data is today’s gold. Data analytics can improve decision making and drive new revenue streams. But none of that can happen without great data quality. Poor data quality can cripple a business, resulting in errors that impact customers, blind decision making, employee frustration, and excessive time and cost to fix data.
Just as we discussed in the previous article on IT Customer Service, look every week at the data issues that are causing the company the most grief and consuming the most IT time to fix. These may include invalid values getting into a key system, a chronically failing interface, or reports that aren’t extracting the right data.
Find the most frequently occurring issue, or the one that causes the biggest headache for the business and set a plan in motion to fix it. It may be as simple as user training or data validation on an application front end. Or it may mean analyzing and correcting a complex interface. When that is resolved, move on to the next. You will quickly see your business colleagues treating IT differently, recognizing how hard you’re working to better serve their needs.
The first few issues may take months to resolve. Then, the issues will become more and more manageable. It’s well worth the effort because fixing data quality sets the foundation for the final leg of the IT Value Journey to the Transform state.
Set a goal to improve data quality by 10% by mid-year and another 5% by year end and reduce data maintenance costs by, say, 15% by year end. You’ll find your team spending less and less time putting out data fires, enabling them to do more of the basic enhancements that the rest of the business needs. And your business colleagues will see IT doing more of what’s important to the business and less first aid.
Measuring and Communicating
Each of the metrics discussed throughout this article are meaningful to business leaders and staff. They show how IT is improving the entire infrastructure, including hardware, software, and data. Communicate your metrics monthly and make a big deal out of your annual metrics reporting.
Show the continuous improvement. Acknowledge and embrace even the metrics that make IT look terrible. It’s not news. The rest of the business already knows.
What you’re really showing is that IT understands what’s important to the business and is taking steps to continuously improve.
The IT Value Journey starts on the road from the Maintain state to the Enhance state. Improving the resilience and reliability of the entire IT infrastructure drives trust, credibility, and respect from the rest of the business, which gives IT the opportunity to navigate further along the IT Value Journey.
Remember, you want to continuously improve IT processes and services, freeing up resources to shift to work that creates more value for the business.
How Are You Doing?
I invite you to spend two minutes to complete a brief, 3-question survey to see where organizations are on their IT Value Journey, where they need to navigate to, and how they plan to get there. We’ll publish the summary results in a future article and no individual data will be mentioned.
Click here to complete the IT Value Journey Survey and, if you would like, schedule a complimentary 30-minute consultation.
Larry Wolff is the founder & CEO of Wolff Strategy Partners, a boutique consulting firm specializing in Enterprise Strategy Management and Digital Transformation. Larry has served as CEO, COO, CIO, chief digital officer, and management consultant for public, private, international and emerging growth companies. His specialties include corporate and IT strategic planning, technology led business transformation, business and IT turnarounds, merger integration and large-scale project rescues.