As a result of the global pandemic, organizations seemingly pivoted overnight to implement new technologies to ensure systems and processes ran smoothly and employees were empowered to be successful working from home. However, the switch to remote work also led to a growing number of concerns when it comes to risk.
The recent SolarWinds® IT Trends Report 2021: Building a Secure Future examined how technology professionals perceive their organizations’ risk management and mitigation readiness after a year of rapid transformation fueled by the global pandemic. The study analyzed the state of risk within the IT industry today and set out to identify the challenges facing tech pros when it comes to protecting their organization from risk.
The good news is 80% of tech pro respondents “agreed” or “strongly agreed” technology is the best way for organizations to manage, mitigate, and resolve issues related to risk. When pressed on what this looks like in practice, the report found IT teams prioritized investment in security and compliance (54%) and network infrastructure (52%), followed by cloud computing (35%) to accommodate the unprecedented demands of COVID-19 and supporting remote workforces.
Easier said than done
However, while it’s positive to see tech pros planning a smart comprehensive strategy to tackle the concerning state of risk in the industry, the real challenge occurs at the implementation level.
Time and time again we hear about tech pros spending a great deal of time researching solutions that could help overcome a major business gripe but then not having the suitable bandwidth or skillsets to put it in place. Business leaders frequently fail to alter priorities for tech pros, so they can effectively deal with these issues.
In fact, the top three reported challenges when it comes to using technology to mitigate and/or manage risk within organizations were a lack of budget/resources (57%), lack of training for personnel (48%), and decreased staff size (36%).
None of these three barriers are surprising. In fact, for over a decade, these three challenges have been at the top of the list of concerns for tech pros. Throughout this time span, business leaders constantly repeated the refrain “Do more with less.”
What’s more concerning is that rarely are business leaders truly aware of this issue. Yes, they’ll likely have a vague idea but not of the scale of the problem. It’s unlikely they realize this is a significant obstacle to implementation, which in turn leaves the organization open to much more risk.
However, the spotlight is now on IT. At long last business leaders have seen firsthand the value IT provides in keeping the lights on. This creates a huge opportunity for tech pros.
Making your voice heard
If you find upper management isn’t committed to making change, it’s time to make your voice heard. Take all the red and yellow flags about risk you’ve experienced over the past two years and use them to your advantage to start helpful IT conversations with management.
Start a dialogue to explain what you and your team need to be successful, so you can effectively implement the solutions you know your organization needs to mitigate against risk.
As you start to think about your argument, it’s important to avoid generic statements. You should think deeply about the recommendations you’re making. While it’s the IT team’s job to know exactly where risk management investment should go, you’ll need proof points and justifications to gather buy-in from senior leaders.
Likewise, think about budgets and bandwidth as part of the conversation—do you need to hire to implement the solution effectively? Can you and your teammates implement your proposals in a timely fashion without breaking the bank? Do you have an accurate cost for the project? Work backward from your desired state as you’re preparing your plan and think about the questions you’re most likely to get asked. Remember adding facts and figures whenever possible will always reinforce the recommendation.
One often successful tactic is to propose a “good, better, best” set of solutions emphasizing the costs and benefits of each option. The best solution, for example, might be quick to implement and very powerful, but it might also exceed budgets by a wide margin. A good or “good enough” option, might be cheap and quick to implement but have only a small set of the features and capabilities of what the business needs. Make sure to weigh each option carefully, so management is well informed to make a decision.
Likewise, it’s also very important to bring to life the consequences for choosing not to act. Typically, the decision-makers aren’t in the IT trenches. So, you need to explain how long business would be down if there was an issue without a solution in place. How long would an incident distract teams from their other work? What’s the financial impact? For that matter, how does the financial impact of an incident compare to how much it would cost to invest in a better risk strategy?
Ideally, you hold regular conversations with leadership, so issues as important as security and compliance aren’t a surprise to them. Strategic conversations between the IT teams and senior business leaders are imperative. If you haven’t discussed it before, now is the time to make a strong case for these investments. As risk concern grows throughout the industry, it’s critical to bring these issues and possible solutions to the attention of leadership. Otherwise, you might be working some very long hours in the aftermath of an incident.