Is Information Technology an asset or liability for your business?
It could be either. You could be exposed to an IT risk that strangles your business or it could be that competitive advantage that secures your business future. But how would you know unless Information Technology IS your business. It is highly likely that in most other aspects of your business that aren’t your core functions, you seek expert advice on this. So, why wouldn’t you seek expert assessment and advice on this critical business capability? Let’s start by helping you to ask yourself some questions about your business and its relationship with IT:
Assuming for a minute, that answering some of these questions raises some red flags for you, the next obvious question, is where do you get advice? Clearly, we think it is here, at Independent IT Consulting and one of the core reasons for that is that we can offer independent, vendor agnostic advice. For those businesses that already employ the services of a Managed Services Provider for Information Technology, you already have technology expertise on hand but, do you know how their services and pricing compare to the market and (this is important), would it be wise to seek advice from somebody that is not independent and agnostic? That would be like asking your friendly Toyota dealer what you should spend your vehicle budget on… no prizes for guessing that will result in an increased spend with your Toyota Dealer. An initial consultation with Independent IT Consulting will cost you nothing, so what do you have to lose? IT, liability or Asset? Contact us to find out. Online subscription software is easy to get going and it seems to cut out the upfront cost and opex's your costs - but what are we trading for this convenience? What risks are we adopting? The olden days
Back in the dark ages of computing (1990s to earlier 2000s), choosing what software to use was an even bigger decision than it can be these days. Firstly, there was choosing the solution for your problem, a lot of reading and promises from vendors, reviews from users and the press were crucial. Gartner’s quadrants helped. Sometimes you would run a formal selection process with vendors. Maybe there was a demo disc you could trial the software with. Once you had selected the solution there was the upfront costs (often a hefty figure):
Then there was the ongoing cost of the software subscription, regular upgrades and patches that need to be put on servers and PCs. All with their own invoice cost, let alone the cost of having your IT teams or office staff stop work to do patching or learn new features. Depending on the subscription model, you may end up paying again for the latest version of the software! Nowadays These days getting started with a new piece of software is often as easy as entering an email address and sometimes a credit card number. You’re away, no installation, it works on all your computers via the web browser, no one is installing server software, upgrading computers or having to manage the software versions. All of it is taken care of! All costs with the software can be made opex so you don't need a business case and you only pay for what you use. Google and many other online providers pioneered this approach of subscription software delivery, Microsoft has done the same and continues to invest heavily in this direction, going as far as subscription for a gaming approach with Game Pass (essentially creating the Netflix of games). So, with all these advantages what on earth could the draw backs be? And why should I be worried? Here are our top five risks when using online software (or software as a service): Risk #1 - Data governance and privacy The risk: When you enter data into a website it is saved somewhere real, on a computer that is physically in a building/structure, in a country. The laws of that country now govern that data, along with any rules and agreements in place with the organisation providing the computer that the data is being saved on. It is pretty rare for a software provider to clearly outline where the data you enter is saved. In New Zealand we have privacy rules and codes of conduct about the data collected and where it can be stored, what's more consideration of Maori data governance interests might be relevant. These rules have implications for collection, storage, use and access so you will need to consider both how the software treats the data collected but also how you use it. What you can do about it? Start with what data you are storing, there may not be any expectations for the product descriptions and costs information you store on your e-commerce solution, however there might be about customer information you do collect. Check the website for any direction on where they are storing information, what security they put around it and the reliability of the security checks they have on their system. If they do not publish information regarding this, try contacting them to find out. If you don't get a timely response, or no response at all, think twice if your information is sensitive in nature. Risk #2 - Confusion - too many applications for the one type of work The risk: There are usually many, many, many software solutions to solve the same problem. Just looking at the project tracking space you have solutions like : To name a drop in the bucket! All of them are good in some way or another and offer advantages the other may not, such as feature, cost, etc We met with a client recently who used three pieces of project/task tracking software across their clients and internally and were about to add another one. None of the software talked to the other, one set of clients used one tool and another set of clients used another tool. They know they need to consolidate but in order to do so they would have to retrain one set or all of their clients in the new solution. Furthermore, all the information stored in one application would have to be moved across (more on that below). In larger organisations this can be a real problem where different groups or departments grab the software they like the best and get going. They aren't constrained by the capital expense rules that meant the decision would require greater scrutiny before being signed off. This has its pluses and minuses. What you can do about it? Keep a central software register and put someone in charge of overseeing such decisions. Do your best to configure this so that they aren't holding up decision making but are creating awareness around solutions already in use. Encourage requirements gathering and checking before signing up - perhaps there is already a solution being used that would suit their needs, perhaps the cost and benefits don't stack up. Risk #3 - Integration The risk: You've got your e-commerce solution to sell your wares and its slick and does a great job of helping customers to purchase your amazing products, however, the inventory solution isn't connected. We met with one company where one of their staff had to spend the first part of every morning manually updating quantities in the e-commerce solution with stock levels to avoid customer disappointment when they ordered. Stitching together different software products to create a coordinated solution for your business has always been a problem. This is where ERP products generally came from (like NetSuite, Microsoft Dynamics), a single integrated solution to run the whole business, however as smaller niche solutions have exploded onto the scene that solve one part of a business problem the problem of integration has gotten bigger again. There are tools that can help with integration but you are looking at configuration, running costs and making sure something doesn't change between the two integrated systems that breaks it all. What you can do about it? Choose wisely. Ask yourself some questions when making your decisions:
Risk #4 - Lock-in The risk: You've picked a solution, it becomes crucial to your businesses operation. Everything is running fine, then something changes; the prices go up, the system starts misbehaving, there aren't new features being added to help you keep up with your competition, so you are now looking at other options to move to. But wait…all your historical and current information is kept in this system and there isn't a way to get it out or transfer it over. Or worse you look closer and the contractual agreement to use the system was that they own all data you entered into it or they expressly exclude any support for taking data out. Your stuck, it’s going to hurt to move to the new solution, not just getting the new solution to work right for your business, training your staff in the new solution but all that lost information and history, or labour time and cost to manually add this history into the new solution. A software solution limiting you like this seems unlikely? Unfortunately, this is the business model for many, big and small companies. We see it across all sorts of offerings. Creating software using the Microsoft toolset for example, means you have to stay on that or recreate everything on a competitor’s toolset. What you can do about it?
Risk #5 - Data access The risk: You have invested time and effort in curating quality data in your online system, now you want to leverage it, but how do you get suitable access to it with your cool reporting tool? Or worse, what if your data is being used by the vendor for their own data analysis! All too often the data you put in can be hard to extract. A few years ago, a health organisation invested in a shiny new software solution to be then provided as a software as service solution. Lots of great data being captured, cleaned and ready to us. However, limitations in the interface made it difficult to ask certain questions of the data. Luckily (or so we thought) the solution came with an export function. Problem solved! Not quite, the export only allowed 8000 records to be exported at a time, if you tried more it failed and produced nothing. In the end they needed to work with the vendor to create a new extract that would send each night, but they then needed to collate and prepare the data further - all adding cost and extra expertise they didn't have. In another situation we worked with a client that was looking to use an online solution to run their business, it functionally matched their needs, however tucked away in the contact was a clause that boiled down to "the vendor can use the data put into the system to create meta-analysis reports on the population entered and sell that report if they wish". What you can do about it?
Conclusion Online software is a fantastic evolution of computing and enables businesses to reduce overhead, costs and to pivot to meet or beat market expectations. However, whilst they often present as an operational cost the decision needs to be treated as an investment decision and everything that goes with that sort of decision:
Treat the decision that way, consider the risks we've outlined and you'll have the best chance of getting the value and benefit from your software selections. Well, maybe not the whole business but you're definitely going to take a hit, which could be critical if you aren’t prepared for it. All around New Zealand businesses are being affected in different ways by different threats to their IT which in turn has a direct flow on to their business.
We’ve been talking to people around the Waikato, vendors and insurance brokers and have heard some horror stories. Like the engineering firm being hit by a Cryptolocker virus demanding a ransom, locking them out of their own IT files – in the end costing close to $20,000 to get it sorted and in lost income. Or the trading website being hit by a targeted DDOS attack, crippling their site, meaning their customers could not trade. After significant effort, they were able to address it and put in measures to negate/mitigate that and future attacks. Of course only after $500,000 in lost profits and remedial costs. Going further abroad, what about the company whose failed back up that ended up costing them $5.8 million. Their core system and switched to the failover system, that’s great, however, the backup had failed too, losing them 72 hours of orders, mailings and collections. The risks around IT and the impacts continue to grow day-to-day as business become more and more reliant on technology. Every process we put into a computer system, those spreadsheets, those IT programmes become a part of our business and its ability to run. How do avoid this risk? Do we stop putting things into computer systems, stop connecting our machinery to software that makes it run more efficiently? Go back to pen and paper? Well no, the old pen and paper had its own risks (WINZ documents littering central Auckland anyone?) and definitely some problems with scale and accuracy. No, we need to look at how we are using technology, understand each use and its risk profile. What do we mean by risk profile? Well, each time you make use of a new piece of technology, that technology and the way you use it defines the risk you now have in its continued use. Let’s take an example of a smartphone. Pretty common, pretty useful too! Some would say the most significant invention of the last 18-20 years (let's not start BlackBerry vs Apple…who created the smartphone first). You give these to your staff, great, now you can talk to them when you need to. Out on the job? No problem, ring-ring! Now you think, wouldn’t it be great if I could email them? Super! Let’s turn that feature on. Oh wait, your team lead left their phone on a site or in a meeting room. Was the phone locked? Can anyone see those emails? Now, someone you don’t know, your competitor say, can now see that spreadsheet you sent to good-old-bob with the costs and margins your running! Or your employee starts using the phone for things they maybe shouldn’t. Uh-oh! A virus gets back to your email server. Your handy phone just took out your communications for the next 48 hours while the IT staff frantically clear out the trojan horse virus running around your network. Sound unlikely, not so much, Waikato DHB’s IT systems were attacked by a similar process (a USB drive with the virus on it plugged into a computer on their network), weeks later they finally evicted the virus. Or, what if it's not about a person doing something wrong or accidentally, there's just plain old wear and tear that can take out a whole hospitals system. Just recently another DHB (sounds like I’m picking on hospitals, honest I’m not, you might say it reflects the underinvestment in technology – don’t get me started on that!) had a fire in their server room. They ended up running on paper for weeks. Every time an IT risk is realised it has a financial impact on your business, sometimes small, sometimes significant! So how do you establish your IT risk profile? Here are a few questions you can ask yourself to do a self-assessment:
Call us for a free initial consultation about your business and technology or just to talk. |
Archives
June 2023
Categories |