People love to create new things, and that deserves to be celebrated – it’s what makes us uniquely human. Innovation in technology helps move the way we live and work forward, but as we usher in the wave of the future, we must also keep a pulse on the risk exposure of our current systems and what we may be sacrificing in the name of progress.
As someone with CIO and IT leadership experience at established financial institutions like Deutsche Bank, Fannie Mae and many others, it’s not only my job to help incubate creative technologies to advance the firm’s business objectives – it’s also a big part of my remit to make sure new ideas and technologies don’t broaden our exposure to unnecessary risk.
Business leaders must ask themselves – is the innovation we’re driving sustainable? Are we inadvertently creating more opportunities for hackers to steal data? Is the investment we’re making today going to support the needs of tomorrow, or even jeopardize the stability of our systems today?
To answer these questions and ones like them, C-suite leaders should establish and consult an IT risk scorecard for their software systems and applications.
Establishing IT Risk Management as a Core Discipline
So, what should be prioritized in the broad scope of IT risk management? Decreasing the firm’s overall risk exposure is of course the number one priority, but this also includes aspects of application security, software performance and making sure our development teams are producing quality applications that can be supported and maintained over time.
It’s easy to identify companies that don’t have a good handle on this – there are many in today’s world. In order to prevent software-related disasters, leadership must know as much as they can to safeguard as much as possible. Think of the MRI machine. We go to the doctor and get an MRI scan to understand health risks that are invisible to the naked eye, and with this valuable insight we make more informed decisions, often now in a preventive manner, about our health.
The 2017 Equifax breach is a great example. They didn’t employ a software risk scorecard, and as a result, their leadership was blind to issues in the structural quality and security of applications critical to their business operations. These unseen errors eventually reared their ugly head in the form of a breach that affected millions of U.S. consumers. And this is just one recent and well-known example amongst many.
Making IT risk management a core discipline – i.e. creating and monitoring an overall IT Risk Score – gives leadership real-time metrics to answer questions like: Where might our applications be unstable? Where are costs running off the rails, and why? Where are we vulnerable to cyberattacks?
There’s a lot to keep your eyes on when you’re large IT shop managing thousands of different systems, and Software Intelligence offers an easy, fast and automated means to keep tabs on software health, identify security violations and guarantee regulatory compliance for multi-tiered technologies.
Three Things Software Intelligence Tells You About IT Risk
With Software Intelligence, team leaders and line-of-business executives can have productive and fact-based conversations around things like software quality, application security and IT complexity. And each of these elements are important for their own reasons:
Can IT Risk Management Live in Harmony with Innovation?
Focusing on IT risk management while supporting innovative software development may seem a lot like trying to blend oil and water, but I would argue that successfully merging the two is now the key to market disruption. Effective CIOs (and business leaders) should be able to effectively:
Leaders of large enterprise institutions have one of the biggest burdens here: striking the right balance between speed and stability. Overly complex or risky systems prevent companies from realizing the benefits of modern app dev, because they are plagued by service disruption due to clunky, cobbled together legacy architectures.
As they adopt Agile methods, collaborative DevOps teams are releasing new features at speed. But the danger here, is that many teams are either not Agile enough because they can’t establish confidence in the quality of their changes on aging and complex codebases – or, they are too focused on the speed at which they’re delivering. Just like a finely engineered German car racing down the Autobahn, developer teams must be able to rely on a solid “braking system” to slow down or change course when required: not knowing about the quality of one’s braking system will surely lead to a very slow and stressful drive. The more teams can manage software complexity, the faster they will be able to deliver in reality.
Everyone wants to be a visionary within their company. But for the C-suite to prove their effectiveness in the digital age, being able to manage existing technologies while investing in the new remains a challenge. Taking a good look at IT risk management – understanding technical debt, prioritizing technology investments and improving overall software quality – is the key to successfully navigating this modern day tight rope walk.
Erik Oltmans, an Associate Partner from EY, Netherlands, spoke at the Software Intelligence Forum on how the consulting behemoth uses Software Intelligence in its Transaction Advisory services.
Erik describes the changing landscape of M & A. Besides the financial and commercial aspects, PE firms now equally value technical assessments, especially for targets with significant software assets. He goes on to detail how CAST Highlight makes these assessments possible with limited access to the targetâ€™s systems, customized quality metrics, and liability implications of open source components - all three that are critical for an M&A due diligence.