IT Risks Are Manageable

Jan 4, 2012

CIOUpdate Contributor

by Ed Airey of Micro Focus

The enterprise ecosystem is changing at an unprecedented rate and though helpful in adapting to this change, technology is also making it difficult to keep up with the myriad threats to your IT organization.

So where do you begin?

Try looking at the areas of IT that are at the highest risk: your application code, IT processes, cloud security and rogue users.

Application code Code code may not be considered the most glamorous part of IT, but it’s at the heart of every process, every application and every business critical function. It is the lifeblood that keeps the heart of your organization beating. COBOL code, for example, is rarely talked about because it’s been an organizational staple for over 50 years. Yet, COBOL supports over 80 percent of the world’s business functions.  The average person interacts with COBOL six times per day.   Bottom line: Your application code is incredibly valuable to your organization.  Do you have the right protections in place to secure this asset?

Succession planning - Application code, however, is certainly not the only IT risk that exists.  Equally important are the quality of IT process and practices.  Does your IT organization have a succession plan in place?  What will happen to your critical IT functions if key individuals are not present?  Are these IT practices and processes repeatable, insured for disaster, and validated through continual improvement mechanisms?  Ensuring that IT succession planning occurs will mitigate risk should such compromising events occur.  Building repeatable practice and process ensures success during the occurrence of such untimely events.

Cloud - The growing trend of cloud computing represents not only an opportunity for businesses, but also a great risk.  If cloud is a strategy for your business, what is the plan for its security and risk mitigation?  Will your application code and business data be secure or are you at risk?  Understanding not only the full opportunity, but also the impact to your business will ensure IT compromise does not occur.  Applying real-world security practice to such trends reduces the impact of such IT risks and protects your critical business assets.

Underground IT - Another example of IT risk is that of underground or shawdow IT.  Does your organization have such a group or groups?  In some organizations, these groups push the mainstream adoption of cutting edge or fringe technologies within the business.  Early adopters here could include mobile solutions, cloud computing, and the like.  These technologies alone are not risky, but their implementation without sound repeatable practice and process can create havoc to a business and its IT investment. 

Planning, preparation, and proper tooling in support of these technologies can deliver incredible value to the business.  Without that sound practice, the results could be scary.

What to do

IT professionals won’t knowingly sabotage their company’s applications, of course but that doesn’t mean IT departments can simply ignore the risk of poor code quality or sound practice. Thankfully, there are certain measures that companies can take to prevent the introduction of such risks into their critical business assets. Like most things in life, nothing is without flaw, so the solution here lies in the continual improvement of such mechanisms to ensure that vulnerabilities are discovered early, mitigated, and resolved.

Avoid being impacted by risks to critical IT practices by following these simple steps:

  1. Use state of the art tooling to allow developers to build great apps quickly and iron out problems simply.
  2. Automate your testing processes to ensure that they can be implemented easily, effectively and regularly.
  3. Store all testing processes, activities and measurement into one central repository to provide instant visibility for management teams to evaluate.
  4. Develop a Plan B to ensure that operations will continue to run and customers will continue to receive support if enterprise data or applications are compromised.
  5. Establish an IT succession plan.  Develop, practice, and improve that plan.
  6. Create and apply sound IT practice, process, and discipline throughout your organization.  Evaluate and Improve that practice regularly.

With proper awareness, preparation, and practice in place, IT risks will no longer impact your business applications. Instead, IT can fulfill its ideal role delivering value through innovation.

Ed Airey is a product marketing director for Micro Focus, a provider of enterprise application development, testing and management. Ed is currently responsible for the global Product Marketing program for the Micro Focus COBOL and Micro Focus RUMBA product portfolios. Ed is responsible for the product strategy planning, development, and execution for each of these product brands within their application development and modernization markets.

Tags: IT security, value, risk management, Micro Focus,

0 Comments (click to add your comment)
Comment and Contribute

Your comment has been submitted and is pending approval.



 (click to add your comment)

Comment and Contribute

Your name/nickname

Your email


(Maximum characters: 1200). You have characters left.