The Changing Role of IT Professionals

Information Technology is a great field. With technology advancing at the speed of sound, there is never a period when IT becomes boring, or hits an intellectual wall. New devices, new software, more network bandwidth, and new opportunities to make all this technology do great things for our professional and private lives.

image  Or, it becomes a frightening professional and intellectual cyclone which threatens to make our jobs obsolete, or diluted due to business units accessing IT resources via a web page and credit card, bypassing the IT department entirely.

One of the biggest challenges IT managers have traditionally encountered is the need for providing both process, as well as utility to end users and supported departments or divisions within the organization. It is easy to get tied down in a virtual mountain of spreadsheets, trouble tickets, and unhappy users while innovation races past.

The Role of IT in Future Organizations

In reality, the technology component of IT is the easy part. If, for example, I decide that it is cost-effective to transition the entire organization to a Software as a Service (SaaS) application such as MS 365, it is a pretty easy business case to bring to management.

But more questions arise, such as does MS 365 give business users within the organization sufficient utility, and creative tools, to help solve business challenges and opportunities, or is it simply a new and cool application (in the opinion of the IT guys…) that IT guys find interesting?

Bridging the gap between old IT and the new world does not have to be too daunting. The first step is simply understanding and accepting the fact internal data center are going away in favor of virtualized cloud-enabled infrastructure. In the long term Software as a Service and Platform as a Service-enabled information, communication, and service utilities will begin to eliminate even the most compelling justifications for physical or virtual servers.

End user devices become mobile, with the only real requirement being a high definition display, input device, and high speed network connection (not this does not rely on “Internet” connections). Applications and other information and decision support resources are accessed someplace in the “cloud,” relieving the user from the burden of device applications and storage.

The IT department is no longer responsible for physical infrastructure

If we consider disciplines such as TOGAF (The open Group Architecture Framework), ITIL (Service Delivery and Management Framework), or COBIT (Governance and Holistic Organizational Enablement), a common theme emerges for IT groups.

IT organizations must become full members of an organization’s business team

If we consider the potential of systems integration, interoperability, and exploitation of large data (or “big data”) within organization’s, and externally among trading partners, governments, and others, the need for IT managers and professionals to graduate from the device world to the true information management world becomes a great career and future opportunity.

But this requires IT professionals to reconsider those skills and training needed to fully become a business team member and contributor to an organization’s strategic vision for the future.  Those skills include enterprise architecture, governance modeling, data analytics, and a view of standards and interoperability of data.  The value of a network routing certification, data center facility manager, or software installer will edge towards near zero within a few short years.

Harsh, but true.  Think of the engineers who specialized in digital telephone switches in the 1990s and early 2000s.  They are all gone.  Either retrained, repurposed, or unemployed.  The same future is hovering on the IT manager’s horizon.

So the call to action is simple.  If you are a mid-career IT professional, or new IT professional just entering the job market,  prepare yourself for a new age of IT.  Try to distance yourself from being stuck in a device-driven career path, and look at engaging and preparing yourself for contributing to the organization’s ability to fully exploit information from a business perspective, an architectural perspective, and fully indulge in a rapidly evolving and changing information services world.

Risk Management Strategies for IT Systems

Risk management has been around for a long time.  Financial managers run risk assessments for nearly all business models, and the idea of risk carries nearly as many definitions as the Internet.  However, for IT managers and IT professionals, risk management still frequently takes a far lower priority that other operations  and support activities.

For IT managers a good, simple definition for RISK may be from the Open FAIR model which states:

“Risk is defined as the probable frequency and magnitude of future loss”   (Open FAIR)

Risk management should follow a structured process acknowledging many aspects of the IT operations process, with special considerations for security and systems availability.

Risk Management Frameworks, such as Open FAIR, distill risk into a structure of probabilities, frequencies, and values.  Each critical system or process is considered independently, with a probability of disruption or loss event paired with a probable value.

It would not be uncommon for an organization to perform numerous risk assessments based on critical systems, identifying and correcting shortfalls as needed to mitigate the probability or magnitude of a potential event or loss.  Much like other frameworks used in the enterprise architecture process / framework, service delivery (such as ITIL), or governance, the objective is to produce a structured risk assessment and analysis approach, without becoming overwhelming.

IT risk management has been neglected in many organizations, possibly due to the rapid evolution of IT systems, including cloud computing and implementation of broadband networks.  When service disruptions occur, or security events occur, those organizations find themselves either unprepared for dealing with the loss magnitude of the disruptions, and a lack of preparation or mitigation for disasters may result in the organization never fully recovering from the event.

Fortunately processes and frameworks guiding a risk management process are becoming far more mature, and attainable by nearly all organizations.  The Open Group’s Open FAIR standard and taxonomy provide a very robust framework, as does ISACA’s Cobit 5 Risk guidance.

In addition, the US Government’s National Institute of Standards and Technology (NIST) provides open risk assessment and management guidance for both government and non-government users within the NIST Special Publication Series, including SP 800-30 (Risk Assessment), SP 800-37 (System Risk Management Framework), and SP 800-39 (Enterprise-Wide Risk Management).

ENISA also publishes a risk management process which is compliant with the ISO 13335 standard, and builds on ISO 27005..

What is the objective of going through the risk assessment and analysis process?  Of course it is to build mitigation controls, or build resistance to potential disruptions, threats, and events that would result in a loss to the company, or other direct and secondary stakeholders.

However, many organizations, particularly small to medium enterprises, either do not believe they have the resources to go through risk assessments, have no formal governance process, no formal security management process, or simply believe spending the time on activities which do not directly support rapid growth and development of the company continue to be at risk.

As managers, leaders, investors, and customers we have an obligation to ensure our own internal risk is assessed and understood, as well as from the viewpoint of customers or consumers that our suppliers and vendors are following formal risk management processes.  In a fast, agile, global, and unforgiving market, the alternative is not pretty.

%d bloggers like this: