Lisa Morgan's Official Site

Strategic Insights and Clickworthy Content Development

Category: IT

One Point the Equifax Breach Drives Home

oday’s developers use more third-party and open-source components, libraries and frameworks than ever to deliver and update products in ever-shrinking delivery cycles. In the race to get to market, it’s easy to overlook or ignore details that can lead to a security breach.

For example, Equifax blamed its recent security breach on an Apache Struts vulnerability (CVE-2017-9805) and later admitted it failed to install a patch. That patch had been available for six months, according to The Apache Foundation.

“The Equifax hack is so interesting, mostly because their response to the hack has been so poor. Blaming a hack on any sort of software issue – open source or proprietary – is simply part of their inadequate response. It’s a ‘the dog ate my paper’ excuse,” said James Stanger, chief technology evangelist at CompTIA. “That’s not much of an explanation, especially considering that Equifax disclosed this problem on September 7 after knowing about it since July 29. ”

What if the software you built was compromised and you discovered that the root cause was a third-party building block you used? You didn’t build that piece of software, after all, so perhaps that party should be liable for any damages that piece of software caused.

Practically speaking, good luck with that argument.

Little or No Third-Party Liability

If you’re using third-party building blocks in your software, which you likely are, the buck stops with you. Sure, someone else’s code may have caused a catastrophic failure, but did you read the fine print in the license agreement?  Third-party developers have several ways of dealing with the matter contractually.

“There may be disclaimers, especially in the open source community, that say, ‘This component is [provided] as-is’ and you as the licensee are responsible for its testing and usage in another system,” said Roy Hadley, Jr., co-chair of the Privacy & Cybersecurity team at law firm Thompson Hine “If you choose to use it in a nuclear facility or the space shuttle, that’s on you.”

“This WAS a different cybersecurity conference experience, and I really enjoyed all of the interaction and honest discussions.” (2017 Attendee) LEARN MORE

Those who use third-party software in their products are ultimately responsible because the provider can’t foresee how its software will be used or configured by others. So, the licensor protects itself using an “as-is” clause or a limitation of liability. Alternatively, the licensor may require indemnity from the licensee, which means if you use third-party software, something goes wrong and the provider of the component you use gets sued, you’re liable.

What Software Developers Should Do

Test, test, test. Ideally, developers should take the time to understand every piece of third-party software they’re using to make sure it does what it’s supposed to do and that it’s been tested for security vulnerabilities. They should also have a mechanism to ensure that the associated updates and patches are up-to-date.

“I think you have an absolute responsibility to make sure that third-party components work, work together and work the way they’re supposed to,” said Jason Wacha, an attorney and founder of  WS Law Offices which specializes in software licensing. “One of the things about the open source community is you hear [about a software vulnerability], they announce it and everybody jumps on it and tries to fix it. Certainly this was true for the Struts project. One of the things about proprietary software is if someone discovers a vulnerability, it’s not going to get out there and people aren’t going to talk about it.”

The obvious constraint is time. There just isn’t enough time to test everything.

“The issues we keep confronting or not confronting in the IT industry are ignoring or omitting key steps of the Software Development Lifecycle (SDLC) and then mismanaging how that resulting software is deployed,” said CompTIA’s Stanger. “One of the primary reasons why software issues get missed by the good guys and exploited by the bad guys is because companies, individuals and groups that develop software tend to rush software to market.”

There are also challenges with the way software is configured and deployed.

“Many IT pros and even security pros still tend to think, ‘If I obtain the code from a secure source and run the hash tag, I’ll be fine. I’ll just update the code as necessary.’ Plus, relatively few companies actually test the software properly in a production environment by “throwing rocks” at the code and doing proper threat hunting,” said CompTIA’s Stanger. “Fewer still are able to update software adequately, because updates often break custom code. Imagine how security issues can propagate when you combine installed and cloud solutions.”

While developers should verify that the third-party software they use has been adequately tested by whomever built it, they need to retest it in the context of their own product.

Rob Rosenzweig, Risk Strategies Co.

Rob Rosenzweig, Risk Strategies Co.

“The reality of the current world we live in is that any business must undertake extreme caution and implement a thorough due diligence process when vetting any vendor that impacts their supply chain or is processing or storing any information on its behalf,” said Rob Rosenzweig, vice president and national cyber practice leader for insurance brokerage Risk Strategies Company. “While there is significant upside to the utilization of outsourced vendors in managing expense, obtaining a higher level of security and realizing operational efficiencies; the flipside is that organizations lose control and still retain all of the risk.”

Lesson Learned

The Equifax breach underscores the need for vigilance because hackers are constantly experimenting to find and exploit vulnerabilities, particularly when sensitive information is involved. When a vulnerability is found, it needs to be addressed in a timely fashion, unlike the Equifax breach. Due to the confluence of events, the Federal Trade Commission (FTC) is now investigating Equifax.

As is evident, the failure to implement one patch can have devastating consequences.

5 Things to Know About IT Candidates

Hiring and retaining IT talent is difficult. Part of the problem is that some companies don’t understand what IT professionals want and why they want it.

Manpower Solutions Group recently published a survey-based report that sheds some light on the matter. More than 14,000 currently-employed individuals between the ages of 18 and 65 participated, across industries. Some of the results are specific to IT professionals and they may surprise you.

#1: Expect turnover

IT professionals who change jobs frequently do it for two reasons: to increase their compensation (43%) and to advance their careers (60%). Employers should appeal to those desires.

“Candidates within the IT space shouldn’t be measured solely on their time spent within a specific role,” said Stephen Rees, Director of Program Delivery at Manpower Group Solutions, in an interview. “A review of a project’s purpose, the candidate’s role and [her] accomplishments within the timeframe of the project should be the key areas of focus. Seasoned recruiters and hiring managers will need to account for the time needed to ramp up performance in order to understand the value of work delivered.”

Technology is constantly changing which impacts what IT does and what IT professionals must know. Those who learn the newest must-have skills, whether it’s DevOps or virtualized IT infrastructures, tend to be in high demand. When skills are in high demand and there’s a “skills shortage,” companies will pay handsomely for the right talent.

IT professionals have to acquire those new skills somewhere, however. If they can’t learn those skills at their present companies or their present company doesn’t invest education or training, they may seek opportunities at a company that provides such benefits.

#2:  Monetary compensation isn’t everything

IT professionals weigh several factors before making a decision. The top three of seven options are compensation (23%) opportunity for advancement (22%) and benefits (21%). Schedule flexibility, type of work, geography and the company’s brand reputation rank lower. Of those, schedule flexibility ranks the highest.

Nsecurity is a 2-day conference for learning, skill building and networking. It allows IT and security pros to share information about what works-and what doesn’t-in cybersecurity defense. LEARN MORE

Interestingly, opportunity for advancement is almost twice as important to IT professionals than individuals who work in financial services, healthcare/pharmaceuticals and retail. Benefits are more important to IT individuals than others too and not just traditional benefits, such as a 401K program or health and dental insurance. They tend to value non-traditional benefits such as game areas, rest areas and perhaps a healthy drink on tap. Although benefits hold some value in themselves, more importantly, they tend reflect a company’s culture.

“Today’s benefits are becoming more lifestyle/non-work specific,” said Rees. “The emphasis is shifting from the immediate short-term benefits that tie employees to the office and are instead focusing on the broader impact on an individual’s life such as PTO, sabbaticals, learning and development, diversity and inclusion, etc. While the specific role, project or product is still important, the company the work is being done for is increasing in importance as candidates increasingly want to align themselves with an organization that shares their values.”

#3: Your digital presence and industry associations matter

Most survey respondents, including IT professionals, use company websites and search engines to research career opportunities. However, IT professionals are more likely to rely on social media (55%) and industry associations (33%) than the U.S. average of 38% and 18%, respectively.

In the IT world, associations are where standards are defined. Defining standards involves a lot of intellectual banter and collaboration among individuals who work at competing companies. The comradery can result in very compelling career opportunities that don’t appear on a job site or a company’s website.

Manpower notes that some of these IT associations have emerged around certification, training programs and hacking events. Within those groups knowledge exchange and mentoring happen.

“Networking has always been a core component of the IT space. For IT professionals, their work is typically their passion,” said Rees. “This participation is also seen as a way of giving back and helping others develop – there is a true desire to share experiences and knowledge, helping others to learn instead of keeping information to themselves.”

Companies can create their own hubs for interaction, whether that’s offering training or certification at an event or hosting informational sessions that enable IT professionals to meet with some of the company’s engineers.

#4:  They want you to reach out to them

More than half (55%) of IT professionals said they prefer weekly emails from potential employers of interest, which is considerably more than retail (37%), financial services (37%) and healthcare/pharmaceuticals (33%). Manpower equates this finding with the fact that 65% of IT professionals are always looking for the next job opportunity.

If you’re going to reach out to IT professionals and you’re truly interested in maintaining a dialog, don’t send out a general email blast. Instead, engage in a meaningful conversation.

#5: They’re more willing to relocate than others

IT professionals are more likely to relocate to a new city (38%) or a new state (40%) than the U.S. average of 30% and 29%, respectively, but less willing to move to a different country (8%) than the U.S. average (10%). Manpower attributes the greater degree of mobility to the lure of California locations.

While Skype interviews are common, be ready and willing to reimburse top candidates for their travel to and from an on-site interview. It demonstrates a willingness to invest in your employees.

Conclusion

Companies should avoid cookie-cutter approaches to IT recruitment because they tend to overlook some of the important things andidates value. What they value changes with time.

Manpower’s report can provide more insight into what IT professionals really want. It also includes some great advice. Happy reading.

DevOps Not Working? Here’s Why.

DevOps can help organizations get better software to market faster, when it’s working. When it’s not working, development and operations teams aren’t working as a cohesive unit.  They’re operating as distinct phases of a software development lifecycle.

Part of the problem may involve tools. Either the tools still operate as silos or they don’t provide the kind of cross-functional visibility that DevOps teams require. However, a bigger task may be getting development and operations working together.

What makes DevOps even more challenging is that there’s no one right way to do it.  Of course, there are better and worse ways to approach it, so here are a few suggestions to consider.

Think before automating. Automation is part of DevOps, but it’s not synonymous with DevOps. While it’s true that automating tasks saves time, automation also accelerates the rate at which mistakes can be propagated.

“If you just automate things and you haven’t built the skills to handle high speed, you’re putting yourself in a place where friction and accidents can happen,” said Sean Regan, head of growth, software teams at software development tool provider www.atlassian.com. “Before you automate everything, start with a culture. You’ll have happier developers, happier customers, and better software.”

Test automation is essential for DevOps, and to do that well, developers need to test their software in a production environment.

“DevOps is founded in automation. One of the first things organizations recognize is they need a dynamic infrastructure which most people think is cloud,” said Nathen Harvey, vice president, Community Development at DevOps workflow platform provider www.chef.io Chef Software. “It doesn’t have to be cloud, it means you have compute resources available to developers and the people who are running your production organization.”

With the help of automation and developer access to production environments, DevOps teams are delivering software in days or weeks instead of months.

Cultivate a DevOps culture. Software teams that have gone through an Agile transformation remember they had to change their culture for it to succeed. The same is true for DevOps.

“You need to get your teams collaborating in a way they haven’t done before,” said Harvey. “It becomes much less about a hand-off and more about understanding the common goals we’re working towards.”

One indication of DevOps maturity is whether the shipment of software is considered an end or a beginning. Atlassian used to celebrate after a product shipped, which used to be common for software companies. Now Atlassian celebrates milestones hit after the release, such as the number of customers using a new feature within a given time frame.

Take a hint from web giants. A decade ago, web companies were embracing DevOps and figuring out how infrastructure could be managed as code.  Meanwhile, other companies were operating in business-as-usual mode.

“If you’re coming from a more traditional organization, the idea of managing infrastructure as code may still be new,” said Chef Software’s Harvey. “I think the best way to achieve success is to pull together a cross-functional team that cares about driving a particular business outcome, such as how to deliver this one change out to our customer.”

 Cheat. Companies spend lots of time reinventing what works at other companies. Atlassian memorialized a lot of what it has learned in self-assessments and playbooks, so DevOps teams can identify and address the challenges they face.

“Customers are coming to us saying, ‘Give us playbooks, give us patterns, give us specific actionable ways to move toward DevOps,” said Regan.  “If you’re moving to DevOps, there’s usually an early stage where you wonder if you’re doing it right.”

Why IT is in Jeopardy

ome IT departments are struggling to prove their relevance as the pace of change continues to accelerate. On one hand, they’re responsible for their own predicament and on the other hand they’re not.

IT has been the master of change. On the other hand, what department wants to be responsible for its own its own demise?  IT as a function isn’t dead and it’s not going to be dead any time soon. However, IT is changing for good. Here’s why:

IT overpromised and under-delivered

Lines of business no longer want to wait for IT. They can’t. The competitive pressures are just too great to ignore. But, when something goes wrong with their tech purchases, who do they call?  IT.

“IT is in jeopardy because of the agreements or promises they’ve made to the business,” said David Caldwell, senior IT solutions consultant at Kaiser Permanente. “You can’t deliver on time, you can’t deliver what you promised and you can’t deliver reliable systems.”

What the business really wants is a dependable, enabling service that delivers what it promises.

Business expectations are too high

IT can’t be successful if the business leadership is viewing IT as a cost rather than an investment, which seems a bit strange, given the fact that today’s companies depend on technology for survival. Nevertheless, some businesses still have legacy cultural issues to overcome, one of which is realizing how value in their company is actually produced in this day and age.

Learn how to fine tune your security initiatives to effectively cover your most important assets without compromising data or your budget. Put your existing security processes to work and protect your data. LEARN MORE

Worse, even C-level information and technology executives may not be viewed as equals among business leaders, so they’re left out of important meetings. Rather than having a partnership between IT and the business, the business may tell IT what it wants when without understanding the entire scope of the problem and how difficult or complex the solution to the problem may be.

“They don’t consider that IT leadership can help you decide how you’re going to strategically differentiate your business,” said Caldwell. “If you don’t let them in, you’re missing out on a lot of valuable input.”

A related issue is budget. If IT isn’t given enough budget to be successful, who can pin failures on IT?  Yet, over the past couple of decades IT has been told to do more with less to the point where the model itself breaks down.

IT has enabled its own demise

IT had a specific role to play before the cloud, SaaS and Shadow IT were fashionable. They were the keepers of hardware, software and networks.

“IT brought the wave of innovation in, [and yet,] IT is under the same assault of things they were the perpetrators of,” said Greg Arnette, CTO at cloud information archiving company, Sonian. “IT is going through a metamorphosis that reduces the need to have as many in IT as in previous history.”

The adoption of cloud architectures and SaaS were fueled by the economic downturn of 2008 and 2009 which forced companies to view IT in terms of operating expenses rather than capital expenses.

“It was a perfect storm,” said Arnette. “Shadow IT was driven by business unit managers frustrated with their IT departments [so they] used their credit cards to sign up for Salesforce.com or go buy ZenDesk or any of these popular SaaS apps that have become the new back office systems for most companies.”

Never mind who purchased what with which purchasing method — purchase order or credit card — when things go wrong, it’s IT’s job is to fix it. That’s one way to provide the business with services, but probably not the model IT had in mind.

The CIO/CTO role is changing

There are plenty of CIOs and CTOs, but some of them are being moved into new roles such as Chief Data Officer, Chief Analytics Officer or Chief Innovation Officer. Whether these roles are a reflection of The Brave New World or whether they’re ultimately too narrow is a debatable point.

“It’s not such a focus on information. It’s now analytics, data wrangling and a focus on innovation as a key way IT can help customers do more,” said Arnette. “I think that’s where IT will come back, but it won’t be the same type of IT department.”

Indeed. Traditional hardware and enterprise software management are being usurped by IaaS and SaaS alternatives. It’s true that a lot of companies have hybrid strategies that combine their own systems with virtualized equivalents and that some companies are managing all of their own technology, but the economics of the virtual world (when managed responsibly) are too attractive to ignore over the long term.

Why Collaboration is Critical in Technology Acquisition

Technology teams and lines of business are often seduced by cool new technologies, products, and services. The business is drawn to promises of better insights, higher productivity, improved economics, and ease of use. IT is drawn to increasingly powerful technologies that enable the team to more effectively implement and manage an increasingly complex ecosystem.

However, the art of the possible often overshadows what’s practical or what the business is trying to achieve.

Solutions architects can help better align technology acquisition with business goals, albeit not single-handedly. They need to collaborate with the business, IT, and vendors to orchestrate it all.

“A solutions architect has a foot in enterprise architecture, a foot in business program management, and a foot in vendor product management,” said Dirk Garner, principal consultant at Garner Software.
“We help determine what the business needs are and align the right technologies and products. Solutions architecture is really at the center of those things.”

Architecting the right solutions

Sound technology acquisition starts with a business problem or goal. Then, it’s a matter of selecting “the right” technologies and products that will most effectively solve the business problem or help the business achieve its goal.

“So often we do it backwards, we say we have this technology so let’s do this,” said Garner. “Once you understand the business environment, it’s assessing the current state of technology and then taking a look at what you actually need to pursue opportunities and survive in the business environment.”

Given the fast pace of business today, there’s an inclination to just acquire technology now. However, there are often trade-offs between short-term pain relief and a longer term benefit to the business. A sounder approach is to compare current capabilities with the capabilities required and then define a roadmap for getting there.

“The number one challenge is that people are myopic,” said Garner. “Vendors focus on how great their product is [rather than] what the customer needs. The business always comes to the table with unrealistic expectations – how little money they want to spend and how fast they want things delivered.”

Since IT can’t meet those expectations, lines of business purchase their own technology, not realizing that they’ll probably need IT’s help to implement it.

“You hear a lot about collaboration today but when you talk to these people, they’re still siloed,” said Curt Cornum, VP and chief solution architect at global technology provider Insight Enterprises. “Even within the IT department, when you get into those types of conversations they’re not talking to each other as much as they should.”

The persistent silos are keeping businesses from meeting their goals and staying competitive. Meanwhile, their agile counterparts are pulling ahead because their business and IT functions are working in unison. Collaboration is critical.

Rapid Tech Change Challenges IT Leaders

Faster technology innovation and competitive pressures are taking their toll on IT. Gone are the days when IT procured and managed all of an organization’s technology. The reason: IT can’t deliver fast enough on what individual operating units need.

To help keep their companies stay competitive, IT departments are evolving from centralized organizations to hub-and-spoke organizations that serve individual operating units and the enterprise simultaneously. But even then, keeping up with the latest technologies is challenging.

“Things are progressing at such an exponential rate, that it’s tough to keep up and you’re a little more uneasy about the decisions you make,” said Steve Devine, director of IT at international law firm O’Melveny. “Solutions are being developed so quickly and hitting the so market quickly, that it’s much harder to differentiate between the solutions that are coming out.”

Part of the problem is the technology landscape itself. Everything runs on software today, including businesses and hardware. Much of that software is developed in an Agile fashion so it can be delivered faster, in weeks or months verses years. The result is often a minimally viable product that is continually enhanced over time versus a traditional product that includes more features out of the gate, albeit at a much slower pace.

The cloud has also helped accelerate the pace of software innovation and the economics of software innovation because software developers no longer have to build and maintain their own infrastructure. They can buy whatever they need on demand which speeds software testing and DevOps, further accelerating software delivery.

The on-demand nature of the cloud and shift to minimally viable products lowers the barrier to market entry, which means the number of vendors in virtually every product area has exploded, and so have the number of products hitting the market.

Keeping up with all of that challenges even large IT departments.

Security is front and center

IT departments have always had some security element, but with the growing number and types of threats, they are necessarily expanding their capabilities. That means changes such as adopting more types of security products and services, and having talent on hand that understands all the details.

“With so many outsiders trying to hack into systems, even if you understand security systems, the technology is always changing,” said Jermaine Dykes, senior IT project manager Wi-Fi Strategy & Operations at telecommunications infrastructure company Mobilitie.

O’Melveny’s Devine said his company’s IT department has evolved from a “keeping-the-lights-on” type of shop to a security-focused organization in which members maintain expertise in their specific areas.

“Retaining talent is really key with all the emphasis on security, machine learning and AI,” said Devine. “People in that world are very hard to find and very hard to keep.”

Enabling analytics is critical

As more businesses become insight-driven, IT organizations need to provide a solid, governed foundation for data usage that can be leveraged by different parts of the organization as necessary. That way, departments and lines of business can access the data they need without exposing the enterprise to unnecessary risks.

“Big data is huge. Gone are the days when we used a huge server and IT was considered overhead,” said Mobilities’ Dykes. “Today’s IT leaders need to have a vision about how they can incorporate data analytics to propel their organizations into the 21st century.”

More analytics solutions use machine learning and AI to improve the quality of insights they deliver, but quite often the hype about the solutions outpaces their actual abilities.

“The healthcare industry uses machine learning for diseases and things of that nature, but if you look at other industries, it’s basically nowhere,” said O’Melveny’s Devine. “The early adopters pay a price because you spend a lot of cycles getting something like that implemented and a lot of times it’s just a non-starter once you’ve gone through all that.”

Six Ways to Master the Data-Driven Enterprise

As seen in InformationWeek.

StatisticsBig data is changing the way companies and industries operate. Although virtually all businesses acknowledge the trend, not all of them are equally prepared to meet the challenge. The companies in the best position to compete have transformed themselves into “data-driven” organizations.

Data-driven organizations routinely use data to inform strategy and decision-making. Although other businesses share the same goal, many of them are still struggling to build the necessary technological capabilities, or otherwise their culture is interfering with their ability to use data, or both.

Becoming a data-driven organization isn’t easy, however. In fact, it’s very difficult. While all organizations have a glut of data, their abilities to collect it, cleanse it, integrate it, manage it, access it, secure it, govern it, and analyze it vary significantly from company to company. Even though each of these factors helps ensure that data can be used with higher levels of confidence, it’s difficult for a business to realize the value of its data if its corporate culture lags behind its technological capabilities.

Data-driven organizations have extended the use of data across everyday business functions, from the C-suite to the front lines. Rather than hoping that executives, managers, and employees will use business intelligence (BI) and other analytical tools, companies that are serious about the use of data are training employees, making the systems easier to use, making it mandatory to use the systems, and monitoring the use of the systems. Because their ability to compete effectively depends on their ability to leverage data, such data-driven organizations make a point of aligning their values, goals, and strategies with their ability to execute.

On the following pages we reveal the six traits common to data-driven organizations that make them stand out from their competitors.

Forward Thinkers

Data-driven enterprises consider where they are, where they want to go, and how they want to get there. To ensure progress, they establish KPIs to monitor the success of business operations, departments, projects, employees, and initiatives. Quite often, these organizations have also established one or more cross-functional committees of decision-makers who collectively ensure that business goals, company practices, and technology implementations are in sync.

“The companies that have integrated data into their business strategies see it as a means of growing their businesses. They use it to differentiate themselves by providing customers with better service, quicker turnaround, and other things that the competition can’t meet,” said Ken Gilbert, director of business analytics at the University of Tennessee’s Office of Research and Economic Development, in an interview with InformationWeek. “They’re focused on the long-term and big-picture objectives, rather than tactical objectives.”

Uncovering Opportunities

Enterprises have been embracing BI and big data analytics with the goal of making better decisions faster. While that goal remains important to data-driven enterprises, they also are trying to uncover risks and opportunities that may not have been discoverable previously, either because they didn’t know what questions to ask or because previously used technology lacked the capability.

According to Gartner research VP Frank Buytendijk, fewer than half of big data projects focus on direct decision-making. Other objectives include marketing and sales growth, operational and financial performance improvement, risk and compliance management, new product and service innovation, and direct or indirect data monetization.

Hypothesis Trumps Assumption

People have been querying databases for decades to get answers to known questions. The shortcoming of that approach is assuming that the question asked is the optimal question to ask.

Data-driven businesses aim to continuously improve the quality of the questions they ask. Some of them also try to discover, through machine learning or other means, what questions they should be asking that they have not yet asked.

The desire to explore data is also reflected in the high demand for interactive self-service capabilities that enable users to adjust their thinking and their approaches in an iterative fashion.

Pervasive Analytics

Data analytics has completely transformed the way marketing departments operate. More departments than ever are using BI and other forms of analytics to improve business process efficiencies, reduce costs, improve operational performance, and increase customer satisfaction. A person’s role in the company influences how the data is used.

Big data and analytics are now on the agendas of boards of directors, which means that executives not only have to accept and support the use of the technologies, they also have to use them — meaning they have to lead by example. Aberdeen’s 2014 Business Analytics survey indicated that data-driven organizations are 63% more likely than the average organization to have “strong” or “highly pervasive” adoption of advanced analytical capabilities among corporate management.

Failure Is Acceptable

Some companies encourage employees to experiment because they want to fuel innovation. With experimentation comes some level of failure, which progressive companies are willing to accept within a given range.

Encouraging exploration and accepting the risk of failure that accompanies it can be difficult cultural adjustments, since failure is generally considered the opposite of success. Many organizations have made significant investments in big data, analytics, and BI solutions. Yet, some hesitate to encourage data experimentation among those who are not data scientists or business analysts. This is often because, historically, the company’s culture has encouraged conformity rather than original thinking. Such a mindset not only discourages innovation, it fails to acknowledge that the failure to take risks may be more dangerous than risking failure.

Data Scientists And Machine Learning

Data-driven companies often hire data scientists and use machine learning so they can continuously improve their ability to compete. Microsoft, IBM, Accenture, Google, and Amazon ranked first through fifth, respectively, in a recent list of 7,500 companies hiring data scientists. Google, Netflix, Amazon, Pandora, and PayPal are a few examples of companies using machine learning with the goal of developing deeper, longer-lasting, and more profitable relationships with their customers than previously possible.

Tech Buying: 6 Reasons Why IT Still Matters

ErrorOriginally published in InformationWeek, and available as a slideshow here.

Making major tech purchases, especially big data analytics and business intelligence tools, without consulting IT may cause major problems. Here’s why.

Although shadow IT is not new, the percentage of business tech purchases made outside IT is significant and growing. When Bain & Company conducted in-depth interviews with 67 marketing, customer service, and supply chain professionals in February 2014, it found that nearly one-third of technology purchasing power had moved to executives outside of IT. Similarly, member-based advisory firm CEB has estimated that non-IT departments control 30% of enterprise IT spend. By 2020, Gartner estimates, 90% of tech spending will occur outside IT.

There are many justifications for leaving IT in the dark about departmental tech purchases. For one thing, departmental technology budgets seem to point to departmental decision making. Meanwhile, cloud-based solutions, including analytics services, have become more popular with business users because they are easy to set up. In addition, their relatively low subscription rates or pay-per-use models may be more attractive from a budgetary standpoint than their traditional on-premises counterparts, which require significant upfront investments and IT consideration. Since the cost and onboarding barriers to cloud service adoption are generally lower than for on-premises products, IT’s involvement may seem to be unnecessary.

Besides, IT is busy. Enterprise environments are increasingly complex, and IT budgets are not growing proportionally, so the IT department is resource-constrained. Rather than waiting for IT — or complicating decision-making by getting others involved — non-IT tech buyers anxious to deploy a solution may be tempted to act first and answer questions later.

However, making tech purchase without IT’s involvement may result in unforeseen problems. On the following pages, we reveal six risks associated with making business tech purchases without involving IT.

1. Tech Purchases Affect Everybody
Tech purchases made without IT’s involvement may affect IT and the IT ecosystem in ways that someone outside IT couldn’t anticipate. You might be introducing technical risk factors or tapping IT resources IT will have to troubleshoot after the fact. To minimize the potential of unforeseen risks, IT can perform an in-depth assessment of your department’s requirements, the technology options, their trade-offs, and the potential ripple effect that your tech purchase might have across the organization. This kind of risk/benefit analysis is important. Even if it seems like a barrier for your department to get what it wants, it’s better for the entire organization in the long run.
Also, you may need help connecting to data sources, integrating data sources, and ensuring the quality of data, all of which require specific expertise. IT can help you understand the scope of an implementation in greater detail than you might readily see.

2. Sensitive Information May Be Compromised
Information security policies need to be defined, monitored, and enforced. While it’s common for businesses to have security policies in place, education about those policies, and the enforcement of those policies, sometimes fall short. Without appropriate precautions, security leaks can happen innocently, or you could be opening the door to intentional bad actors.
Cloud-based services can expose organizations to risks that users haven’t considered, especially when the service’s terms of use are not understood. Asurvey of 4,140 business and IT managers, conducted in July 2012 by The Ponemon Institute and sponsored by Thales e-Security, revealed that 63% of respondents did not know what cloud providers are doing to protect their sensitive or confidential data.

3. Faulty Data = Erroneous Conclusions
There is no shortage of data to analyze. However, inadequate data quality and access to only a subset of information can negatively impact the accuracy of analytics and, ultimately, decision making.
In an interview with InformationWeek, Jim Sterne, founder of the eMetrics Summit and the Digital Analytics Association, warned that the relative reliability of sources needs to be considered since CRM system data, onsite user behavior data, and social media sentiment analysis data are not equally trustworthy.
“If I’m looking at a dashboard as a senior executive and I know where the data came from and how it was cleansed and blended, I’m looking at the numbers as if they have equal weight,” he said. “It’s like opening up a spice cabinet and assuming each spice is as spicy as any other. I will make bad decisions because I don’t know how the information was derived.”

4. Not Getting What You Bought
Similar products often sound alike, but their actual capabilities can vary greatly. IT can help identify important differences.
While it may be tempting to purchase a product based on its exhaustive feature set or its latest enhancements, feature-based buying often proves to be a mistake because it omits or minimizes strategic thinking. To reduce the risk of buyer’s remorse, consulting with IT can help you assess your current and future requirements and help you choose a solution that aligns with your needs.

5. Scope Creep
Business users typically want immediate benefits from big data, analytics packages, and BI systems. But, if the project has a lot of technological complexity — and particularly if it involves tech dependencies that are outside the control of your department — it’s often best to implement in phases. Approaching large initiatives as one big project may prove to be more complicated, time-consuming, and costly than anticipated.
IT can help you break a large, difficult-to-manage project into several smaller projects, each of which has its own timeline and goals. That way, you can set realistic end-user and C-suite expectations and effectively control risks. Phasing large projects can also provide you with the flexibility you need to adjust your implementation as business requires.

6. Missing Out On Prior Experience
IT professionals and outsourced IT resources often have prior experience with BI and analytics implementations that are specific or relevant to your department. Some of them have implemented solutions in other companies, departments, or industries and have gained valuable insight from those experiences. When armed with such knowledge, they can help you understand potential opportunities, challenges, and pitfalls you may not have considered which can affect planning, implementation, and the choice of solutions.