Assessing IT risk in an uncertain economy

Organizations have been on a whirlwind of accelerated digital transformation over the past few years. New investments in IT infrastructure all came on the heels of genuine needs and solid business performance. However, when there are economic headwinds, budgets get reviewed and cut, and IT investments must be prioritized as a result. That prioritization must happen alongside a variety of competing challenges. The problem at hand for any organization is to figure out how to prioritize and assess IT risk while accomplishing their objectives and initiatives in the face of these obstacles.

Before addressing the multiple challenges organizations encounter, let’s briefly explore how IT projects typically get funded.

Any initiative—IT or otherwise—must be backed with funding from the business. Most IT projects typically get funded for three key reasons: to create revenue, enable cost savings or to reduce risk.

In a bull economy, revenue creation may be king. In a bear economy, like the one we’re likely facing in 2023, enabling cost savings may reign supreme. While the first two are fairly straightforward, every organization will have to prioritize and assess IT risk levels within the context of the specific challenges their business is facing.

With that in mind, let’s dig into the common types of challenges organizations are seeing.

The common challenges facing businesses

Rapidly changing IT environments

The environment organizations work in has drastically changed—even compared to just a few years ago—and continues to change with ongoing digital transformation initiatives and changes in best practices.

The design point for most IT architectures used to hinge on everyone being in the office with a small percentage of use cases for bring-your-own-device (BYOD) and users that work from home or remotely.  As evidenced by many of the return-to-office protocols, work-from-anywhere has become the norm and IT methodologies have been forced to evolve to follow suit.

To enable this digital transformation of daily operations, initiatives to migrate to the cloud are—and will continue to be—ongoing. This has significant implications around systems management, network topography and network architecture.

The data dilemma

On top of this digital transformation, organizations are experiencing a deluge of data. Data in modern businesses comes in from multiple sources, can be incomplete, cumbersome to access, siloed by department or team, and can pose a real challenge in leveraging it to gain truly valuable insights.

Every department is generating data that needs to be manipulated into new models, forms and visualizations for others to consume. Additional issues around data quality, access control, overall visibility and compliance weave the data dilemmas of organizations into an even more tangled web.

Gartner and several other analysts predict that 50 percent of employees and lines of business will be technology producers in 2023 and will no longer just be technology consumers. They also anticipate 75% of organizations will have deployed multiple data hubs to drive mission-critical data and analytics.

That data needs to be protected. It needs to be managed, stored, maintained, and leveraged for insights.

This data is also going to reside in multiple places. The days of a central office where team members work within a protected network is no longer a reality.

Organizations that don’t prioritize modernization or taking a proactive approach to data, analytics and data governance will struggle to leverage insights and—as a result—will struggle to scale their businesses. In short, effective metadata management is crucial for enabling organizations to do more with their actual data.

Talent shortage

Rapidly changing IT environments require talent to help maintain those changed environments. Hiring freezes, extended recruitment processes, record low unemployment rates, and competitive offers from other businesses make it incredibly challenging to backfill existing roles or fill new ones.

Great talent can be tough to find. If you already have great talent in your business, it’s beneficial to figure out ways to continue to keep those team members around.

Tool and vendor complexity

Every time there’s a new problem, there’s another tool ecosystem that’s been developed to solve it. While there are companies that have been around a while with a standard set of tools and add-ons, there’s a laundry list of new entrants aiming to solve problems faster and better in every single market.

Though organizations can get distracted with platforms that offer problem-solving functionalities, every company has their own tech stack and infrastructure that has been uniquely integrated to solve other organizational problems.

The complexity involved in bringing on new vendors not only exasperates procurement and legal teams, but also the training and operational team members charged with weaving these solutions into the current tech stack and organizational processes.

The win for IT departments is to seek out solutions that allow them to leverage existing tooling that can also work in the go-forward operating environment. These new operating environments can be on the back of digital transformation initiatives like moving to the cloud or can be rooted in cost-saving initiatives related to licensing cost reduction.

Oppressive licensing costs

The burden of licensing costs is taxing everyone’s budgets. While everyone understands the agility that cloud-based services can offer, it unfortunately often comes with a cost that many businesses can’t absorb.

Evaluate the value of the licensed software your organization is currently using. Is it worth what’s currently being spent on the solution? Is this cost a necessary expense? Are there alternatives?

Whether it’s licensing costs from pre-packaged software or operating costs that come with working in multiple environments, there’s so much pressure on budgets to do more with less.

Despite these challenges, organizations are doing what they can to save on costs, while pursuing business objectives with minimal sacrifices.

Addressing these challenges

It’s easy to get overwhelmed by the sheer volume of data an organization might need to handle and gain governance over within the context of the specific challenges a business is facing. The question at hand for leaders is: “How do I bucket these challenges into manageable projects with the bandwidth I have on hand?”

The easiest way to start breaking this down is by developing an IT risk heat map, and by looking at some of the key questions a risk heat map can answer.

  • What are the consequences of an adverse event happening?
  • How much risk does that event happening pose to the business?
  • How likely or unlikely is it that a particular adverse event will happen?

Assessing IT risk heatmap

Every organization’s risk tolerance is going to look different.  If an event is unlikely to happen or if it will only have a minor impact, a business may actively choose to address the issue only after more important an urgent matters have been addressed.

If the likelihood of an event occurring is rare but could be devastating to the business, an organization may want to be a bit more proactive and have some mitigations in play, but not necessarily throw a lot of budget at the issue.

On the other end of the scale, take a look at the areas where there are major problems and risks at play. These events will likely happen, and they will cause big losses—financial and otherwise—for the business.

As leaders think about the IT projects in progress, reflect on the ones that got funded and which ones didn’t. Apply these risk profiles and evaluate how it may make you look a bit differently at the problems facing your organization and the IT initiatives in place to solve them. How do those projects measure up on the risk heat map? Are you tackling the projects that can best defend the business against elevated risks and disruptions?

It is a constant balancing act for all businesses that must be weighed alongside the risk of doing nothing. If an organization can kick the can down the road or delay a project until next year, what is the risk involved with that? Where does that land on the risk matrix?

In many cases, this thought process helps teams evaluate whether to prioritize or deprioritize select projects, and helps them establish reasonable timelines around when a project should become a heightened priority. Often times the ability to significantly reduce risk can drastically accelerate the timetables for implementation.

Enabling desired outcomes through a risk lens

Every organization’s risk profile will look different. But by viewing each initiative through a risk lens, a business can truly start to understand what projects are mission-critical to move forward. Sometimes a project focused on risk reduction can also have a secondary benefit of cost-savings or revenue acceleration.

For example, optimizing the performance of your database workloads doesn’t necessarily sound mission critical. However, when database workloads are optimized, fewer computing resources are needed, which—in turn—can provide some needed cost savings.

Again, go back to that risk lens. What’s going to happen if something fails? Is it truly important to be multi-cloud or multi-platform? How important is it for my organization to develop a high-availability architecture?

When the various challenges an organization is facing is layered into that risk heat map, leaders may find their risk profile changes. If an organization is experiencing a talent shortage, how does that play into the enhanced IT infrastructure they want to bring online? If an organization is having trouble organizing, governing, or utilizing the sheer amount of data produced, what projects are slated to help teams get a handle on that either with an existing toolset or a new tool or vendor? If budgets are being eaten by licensing costs, how can the organization use their existing platforms more effectively?

In summary

Organizations on a digital transformation journey will continue to figure out how to accomplish their objectives despite economic headwinds and shifting priorities. Assessing IT risk, evaluating desired outcomes through a risk lens, and layering the context of the challenges an organization has, offers every organization the opportunity to prioritize necessary projects to maintain business resilience and continuity.

Strategies for IT resilience

IT resilience is your organization’s ability to respond to change. Learn how to protect your infrastructure, data, users, and Tier 0 assets while adapting to the ever-evolving threats in your IT ecosystem.

Learn More

About the Author

Bharath Vasudevan

Bharath Vasudevan is Vice President of Product Management and Marketing at Quest. His organization is responsible for both the product planning and go-to-market strategy for Quest’s Information and Systems Management business. Prior to Quest, Bharath held leadership roles at Alert Logic, Forcepoint, Hewlett Packard Enterprise, and Dell Technologies across engineering, product marketing, and product management. In his 20 years in the IT industry, Bharath has been very active in intellectual property programs and has received 13 patents from the USPTO covering both hardware and software designs. He holds a bachelor’s degree and a master of science in electrical and computer engineering from Carnegie Mellon University.

Related Articles