How to ensure your IT strategy is strategic, not reactive -TEISS® : Cracking Cyber Security

Technology

How to ensure your IT strategy is strategic, not reactive

Julian Box, CEO at data privacy specialist Calligo, discusses how companies can ensure that their outsourced IT partners deliver value for their business.

Growth-focused businesses all have a common goal; to expand and provide their product or service to an ever-larger group of people. Yet with globalisation and technology lowering the barriers to entry all the time and across almost every industry, companies must constantly find new ways to stay ahead of competitors.

One of the ways that many businesses are doing this is by investing in digital innovation; digitising internal processes to help the business deliver faster, cheaper and better products or services. However, transforming one’s operations through technology is not an isolated event, but rather an ongoing process that needs to be reviewed regularly to maintain a competitive edge.

There are two primary ways to invest in digital innovation. Firstly, through hiring full-time IT employees who can drive technological advancements from the inside. Strategists, developers, cloud engineers, network administrators and support teams are the typical roles that may be recruited for. But most businesses, particularly SMEs, do not have the resources to develop and maintain an in-house IT environment.

For instance, IT recruitment is becoming an increasingly costly enterprise. Companies’ digital innovation ambitions and rapidly-evolving technologies mean the demand for specialist IT professionals is increasing at a dramatic rate, making the salaries these professionals can now demand too high for many.

The second solution is to hire an IT Managed Services Provider (MSP). Outsourcing a company’s IT services is often the best way of accessing the necessary talent and skills who can ensure that your business’ processes remain efficient and at the cutting-edge without breaking the bank.

However this is not all there is to it. Many SMEs unadvisedly focus on the resource and expertise deficit that an MSP can fix, leaving the strategic oversight requirement unaddressed. But innovation is only valuable if it well-directed.

Adding tools and platforms without ensuring they actively and measurably support the business’ operations, employee productivity or customer experience is essentially worthless. Strategy has to come first, else any IT initiative - however well-meaning - risks not delivering benefit, costing more than planned, or even compromising compliance.

A business must therefore seek out an MSP that puts as much effort into strategy as routine maintenance and the delivery of IT projects. However, during the selection process for an MSP, it can often be difficult to identify such a partner. To help, here are the three key considerations that will lead you to the provider that will genuinely impact your business.

Also of interest: Data security: how to keep the investors happy

1. Ensure the MSP understands your business and IT needs

A common mistake that businesses make is not ensuring that their MSP truly understands their industry, its individual goals and how to translate those goals into IT policies. Without this understanding, the MSP is destined to treat your business the same as any other on their client roster, without regard to how better-considered technology, SLAs or processes could support the business better.

A valuable service provider will be able to take your corporate strategy and identify how and where technology can help. They will optimise your existing resources and tools, while also constantly looking for ways to improve your operations, whether through new introductions or changes to the status quo.

For example, a good IT provider may recommend a cloud migration to facilitate collaboration across departments and provide greater cyber security. Likewise, a good IT provider will remain realistic with their recommendations.

Technical limitations, such as connectivity, may constrain the potential value of some proposals, while nuances of an industry’s regulations may mean that certain approaches are impossible - such as data residency requirements dictating where data must be held and therefore making cloud strategies more complex.

Businesses should therefore look for clear evidence that their MSP not only understands their industry and objectives, but also treats every customer individually.

Also of interest: 86% of EU businesses feel vulnerable to data threats

2. Ensure they constantly improve your ‘Business as usual’ policies

While a strategic MSP will know when and how to incorporate new technologies into a business, time should also be spent on making sure their day-to-day activities are of a high standard.

How rigorous are their inspection routines? How automated are their patching processes? What benchmarks do they hold their support teams to? And how reliably will they solve your employees’ IT issues at the first time of asking? And once again, business owners must be sure to check that the metrics and processes - no matter how impressive they may seem - match their own specific requirements.

For example, different businesses require different speed or availability of help desk support. An ecommerce business operating across multiple time zones at all hours of the day, seven days a week, will need their MSP to ensure continuous uptime and rapid out of hours issue resolution.

On the other hand, some businesses mialy operate within normal business hours, but have predictable peaks of activity during the year, for instance accountancy firms during tax season, and will need increased hours support and high priority service during this time.

A strategic IT managed services provider will be flexible enough to adapt their standard services according to your needs, and ideally experienced enough in your vertical to make constant prudent recommendations for improvement.

Also of interest: Cyber security trends – what’s on the horizon?

3. Ensure that your MSP ‘future-proofs’ your business

A good strategy in any field is to plan for the long-term. The same applies to IT and your choice of MSP. Many MSPs will recommend and successfully deploy new, sensible technologies into your business, yet undermine it all by not ensuring that the short-term actions also supported the long-term goals, and that the current innovation did not hinder any digital innovation or wider business activity in the future.

A classic example is where an MSP recommends new approaches without considering data privacy laws, and how they may change. Privacy regulations now impact very interaction with data, with some geographies and verticals particularly affected, and some that are not yet affected but whose regulators and lawmakers are working on new requirements.

Any MSP that is not sufficiently skilled to make recommendations in the context of those current and future regulations could create risk for your business, especially with cloud-based technologies that need to be carefully assessed in terms of the data they process, how it is processed and where the data is ultimately held.

Also of interest: “As a CISO, you want to be part of the communication mechanism” – Bridget Kenyon, Global CISO, Thales eSecurity

Key Takeaways

Ensuring that an IT Managed Services plan is strategic rather than reactive is crucial for digital innovation, and ultimately for the business to meets its ambitions. Furthermore, standard IT services, such as support desks and network monitoring, should be set only in the context of the industry you operate, and your operational needs, not so-called “best practice”.

Outsourcing any function to a reliable and value-adding service provider is one of the hardest undertakings for a business, especially those looking to grow quickly. Ultimately, it comes down to whether they can align to and support your strategy. If so, the result will be an immediate and continued acceleration. If not, it could mean irretrievable lost opportunity.

Comments

Get the latest cyber news in your inbox

Join our community of cyber professionals today!