Latest Advisories

Musings from our experts regarding IT strategy, governance, innovation and best practice
Oct 28 2020
0

Technology Lessons from 2020

By | Value Realisation, Predictions | No Comments

As the weather warms up across Australia, summer starts to remind us of simpler time in a pre-COVID era when we were only worried about the massive bushfires. Although some are still looking forward to life getting back to normal, within the technology industry we are keenly aware and familiar with the “new normal”. Most medical experts are agreed that the great hope of an effective COVID-19 vaccine is a multi-year process and that prudence and logistics mean it will be distributed slowly. While we hope a vaccine will provide a significant reduction in the risks posed by the virus, it will not be a panacea that eliminates COVID-19 from our lives overnight. So the many work place changes that have been facilitated by digital transformations and technologies will remain part of our world and people will not be falling straight back into old habits and practices.

As we focus on revising our technology strategies and roadmaps, it is useful to understand the lessons from the crisis and adjust our approach to support the future.

An Unplanned Environment

Most organisations had only considered the local implications of the “Pandemic Response” heading in their DR template and typically assumed they needed to cover only a short period. Although it seems obvious today, the idea that a pandemic by definition is global, and would last for an extended period was difficult to fully appreciate. Mandatory nationwide stay at home lockdowns, enforced quarantine, state boarder closures, international supply chain problems, curfews and even the concept of stopping international travel were difficult to consider in scenario planning prior to 2020 but will obviously feature heavily in the future.

Many carefully developed security plans and policies were not ready for the CEO to say “just open it up, we have no option other than make it work”. It is no real secret that tens of thousands of businesses all around Australia threw the rule book out the window to make things work during lockdown. The major concern is how few have effectively remediated those security holes since then. It often seems that the past lessons, such as from NAB have not been internalised well enough across all levels of IT departments. The Board and CEO “need to know” about cybersecurity issues and risks must be explicitly catalogued and reported. IT leaders also need to make sure that they are actively identifying and raising risks even when they don’t have a solution or the resources to comprehensively deal with them.

Information Security is rapidly becoming the number one avoidable cause of business ending events. Cyber-criminal syndicates have proved again how digitally agile they are with some very effective Ransomware as a Service with Profit Share (RWaaS-PS) campaigns targeting disgruntled and financially distressed workers with elevated security privileges given to avoid difficulties during work-from-home (WFH). This, along with the traditional “executive (CEO/CFO) authorised funds transfers” scam now using a combined forged email and deep-fake voice mail has been devastatingly effective in some areas during lockdown.

Sustainable Workplaces

We have also surprisingly noticed that users are much more adaptable that we previously gave them credit, whether it was the Queen having her first Zoom call, or Grandma having a telehealth consult with her GP and having a digital prescription filled.  Technology has been an enabler across the community and our users have never been more receptive to digital change. Legal departments that had provided nothing but problems with digital signature projects waved them through with encouraging comments, and “do nothing different Mary” from accounts became a digital champion explaining to others how to change video meeting virtual backgrounds.  Often the IT crew have developed a level of goodwill in the business for enablement that can be exploited to deliver permanent productivity gain. This unfortunately has often been in stark contrast to the lack of credibility that IT leadership has enjoyed within the broader executive team, as planning and capability failures have been multiplied by large expectation gaps. The crisis often proved how well IT can be reactive, but similarly proved in many cases how they lack effective pro-active management discipline and planning skills.

Some organization are formalizing a “work from anywhere” future, with others focused on returning to the office (RTO). We expect that especially for CBD-based knowledge workers, mandated office-based work will face strong headwinds, with workers demanding to maintain much of the flexibility afforded to them during the crisis. Our recommendation is that IT anticipate hybrid environments, with between 40 and 60% of hours worked from home becoming the norm in many organizations.

Although the move from office to WFH was hard, the move from WFH to the new normal hybrid WFH&O is more complex, as it need to deal with both environments in a permanent manner. While an incremental improvement in capability post-migration to WFH was acceptable, RTO needs to be fully functional on day 1. Similarly, where we cut corners to rapidly build capability for WFH due to everything being temporary and mandatory, these compromises are not acceptable when they are more permanent and not being externally forced. Where we may have got away with taking our office monitor home and balancing it on the ironing board as a temporary WFH solution, we cannot expect workers to carry equipment back and forward in a hybrid scenario. OH&S concerns might have been largely ignored during the health crisis due to the required rapid response but ironing board based workplace design won’t cut it any longer. During work from home, rostering or time and attendance systems were often not a focus but moving forward requires permanent solutions.

Anecdotal evidence on worker productivity during lockdown is very mixed; some reported significant gains driven by the use of commute hours for additional work, while others saw burnout issues caused by perceived 7*24 availability. Some organisations found that online meetings were more focussed while others reported that more detailed analysis was lost. IT leaders need to be cognisant that technology is the enabler of productivity and not the driver, partnering with the rest of the business to find out what is the priority and delivering that that should be the focus.

There is no doubt in my mind that the “free pass” afforded by users with regards to performance, functionality and reliability issues during the early stage of the crisis will evaporate completely, and we will be left with a permanent requirement to deliver appropriate service levels in a non-deterministic environment.

The Network is Everything

The undoubted hero of the crisis has been the Internet, fortuitously in the year that the NBN build “completed” and delivered an effective and usable broadband speed to the vast majority of metropolitan Australians, we have relied on home internet connections like never before. However, network engineering teams across the country are likely to exit the year with much less hair than they started it with, and with a number of learnings and adjusted priorities for the years ahead.

Carrier choice matters: While the rapid lock down and WFH transition was occurring, carriers saw network traffic patterns change enormously with peak evening demand and business hours peaks hitting record levels on a daily basis. One of the top four carriers decided that the appropriate response to the massive traffic growth was a network change embargo, cementing congestion and packet loss for the duration of the lockdown! Whether it is the internet into head office, mobile 4G/5G internet hotspots from your phone, or the NBN connection to the users home – the ability to compare bandwidth quality of a best-efforts service such as the internet is incredibly difficult but vitally important, and unfortunately price is often not a good measure of quality.

Consumer-grade is not business-grade; NBN upgrades and outages that were timed to avoid the Netflix peaks hit WFH users during their business day. Unplanned outages on consumer services can last 3 days, and consumer routers that fail over to 4G modems are not seamless, often causing an ongoing string of 5 minute outages as they fade in and out of service based around a very simplistic view of network availability. A deliberate effort by IT to design solutions for these issues proved highly effective for organisations that had the capability.

Traditional network SLA’s focused on MPLS grade networks are meaningless when staff are working from home. Many organisations were already transitioning towards SD-WAN or SASE architectures, however the crisis has prioritised and expedited the requirements for significant network transformation projects. Rather than relying on the crutch of supposably “reliable network links” we must architect solutions that provide the performance and reliability needed using best effort grade network links. This is possible, however it requires a diligent and informed planning approach to a significant network transformation program.

Resilient People

Organisations were often able to identify the critical IT resources during the early crisis response. When they saw that one or two IT staff seemed to be the centre of everything, they celebrated their dedication and heroics when 18-hour days were stacked end to end. However, we should examine our teams’ operational balance and knowledge distribution to identify resource choke points and single points of failure to plan for more sustainable and resilient operations in the future.

Training has never been so important – new processes and new technology requires new skills – and while team-based self-support models have often worked well through the crisis period, they have worked better when IT has effectively communicated and deliberately cascaded knowledge. We should be ensuring that we look at what worked, and what can be improved so that support models in the future can improve and embed new skills across the organisation. IT deskside support (physical presence) has been a reducing trend over recent years, however organisations that retained this capability to a limited degree were much better placed during the transition to WFH. The logistics of supporting an extensive work from home capability in a permanent form will require further consideration for many organisations. We recommend that HR be involved in these discussions to ensure technical and human requirements are balanced and expectations managed.

Future Vision

Some IT leaders and CIOs are taking the view that their “IT strategy is so well thought through that it doesn’t need to change” as its already focused on the flexibility and future architecture principles required. However this appears in most instances to be naïve; we believe it is fanciful to ignore the significant changes that have occurred in the business environment. Although it’s possible that the technology vision is still appropriate, the priority and velocity of the initiatives to get there will almost certainly have to be adjusted to support the business. Assumptions should be reviewed and priorities and velocity recast to deliver within the revised resource and capital envelope available. Whether due to the governments depreciation stimulus or simple business imperative, this may be an increased velocity of delivery for initiatives supporting cost savings or revenue generation.

Conclusion

2020 is the inflection year for many technology departments. Everyone should revisit strategy plans and many will need to rapidly review security risk and network transformation programs. Technology departments will be entering 2021 with a broader appreciation of the critical role they play.  IT successfully rising to the challenge of unexpected business requirements and changed expectations with considered strategic plans and deliberate responses will be a determining factor in their organisations’ overall success. It is simply not an option to wait and see what happens and unfortunately some technology leaders will not be able to meet this challenge. Technology disruption next year is unlikely to be any less than in 2020, however we can all work toward ensuring that it is more planned and deliberate.

Mar 27 2020
0

Can adversity drive innovation?

By | Value Realisation | No Comments

What has become clear in the last few days is that things that we had previously though was impossible, are actually happening. Who would have thought 10 days ago that Australia would shut down its international boarders and seek to significantly restrict movements between states. The new normal for the world is the basis for innovation – consider what you though you knew to be a fact, it is often just a constraint of thinking. But how does this affect technology planning and strategy?

When we look at the short term we are often finding that assumptions around response planning has been unable to predict the impacts of this crisis. Digital supply chains are failing and we are needing to revisit the assumptions made for our existing plans. Directions by IT for staff to go down to Officeworks to pick up a screen and keyboard for your new work from home environment are being replaced with come to the office and take your monitor home as staff report that the shelves are bare at suppliers. Hotspot your laptop to your work mobile has been replaced with order a NBN service as network congestions hits mobile networks. Record highs reported by telco’s for voice traffic is changing our assumption about the role voice services play in these scenarios.

In the medium term we need to understand how the new work practices are changing assumptions that we made about collaboration and collaborative systems. We are seeing that the requirements of systems that supported face to face meetings are quite different from those that replace face to face activity. Systems that provide effective video collaboration between two people are not the same as those that can support effective communication between 15 people. Slack, Webex, Teams and Zoom may have previously looked like they were all solving similar problems, are being proven to be different on a regular basis.

Where some cloud providers have been able to keep ahead of the growth curve, others have not. When your scenario planning has now fallen down on assumptions that have proved inaccurate, it is vital to quickly identify the problem, and make a decision to remediate. The challenge is to make sure that these decision are based on knowledge and fact, rather than pivoting away from a poorly performing service to a completely failing one. Independent and experienced advice is key.

In the longer term it is all about understanding and preparing for the pressure of the recovery. Every year we see the subtle lift in business spirits on the break of spring, but the up turn from this recovery will be enormous. The pressure to delivery solutions at speed will be greater than we have experienced before and a disproportionate amount of this load will fall on the shoulders of your IT systems, infrastructure and capability. Decision support systems, data analysis and visualisation tools and massive changes to global supply chains and work practices will drive monumental change in core business systems. Poor advice by technologist due to inexperience of conflicted interests will deliver project and system failure. This has always cost businesses disproportionately to the expected implementation costs – add pressure, short time frames and lack of understanding and knowledge and we can reasonably expect some monumental stuff ups. Planning is essential, IT excellence is by design, not by accident.

Mar 03 2020
0

Pandemic Planning

By | Value Realisation | No Comments

With the general public seeming to be panic buying toilet paper and hand sanitiser many of our clients have been asking what should IT be doing to prepare. Although formal pandemic planning is quite an involved process, understanding your IT capabilities and governance processes is key to making sure that you are able to respond if required. With local authorities now predicting that peak risk of major disruption will be in August, we have come up with our top 5 questions that IT needs to be able to answer today.

They are:

  1. What percentage of your workforce would be able to simultaneously work from home with the existing remote access capacity? How many workers know how without instruction from IT?
  2. Has the technical architecture of your remote working systems been designed to provide the level of reliability required to support critical business tasks, or has it been design with a best efforts approach as you could “always drive into the office if it was important”?
  3. What IT capabilities are single man sensitive – does documentation exist to cover the recovery of failed key systems while key IT staff are on unexpected medical leave? Are security protocols robust enough to support mass remote working when key decision makers may be unavailable?
  4. What 3rd party suppliers or services are you critically reliant upon, and do they have a pandemic response plan in place? How easily is your off-site backup process disrupted?
  5. Is your IT support capability able to provide the required levels of service when a significant proportion of the workforce are not in the office? How many times are technical problems solved with a quick drop in to the IT guys desk?

Often these questions have answers that can surprise, and with the continuity of critical systems and IT services vital to the ongoing operation of any business we are finding many CEO’s are seeking to undertake an independent IT assessment to provide assurance that they are able to rely on those capabilities during an unexpected disruption. Fully understanding your existing capabilities and limitations, as well as reviewing your technical governance processes seems like a small step, however it can significantly improve an organisations ability to respond quickly and effectively to rapidly changing circumstances.

Sep 29 2014
1

Are you getting value from your IT spend?

By | Value Realisation | No Comments

No matter if your view of IT is as a cost centre or a potential strategic advantage, ensuring that you are receiving good value in your IT spend is critical. Reducing cost and improving service delivery through effective IT management and improved business alignment are key outcomes from undertaking an Independent IT review and health check.

  • We will assess your internal IT service delivery or external IT service provider to consider if improved services or technology architectures could provide efficiency or capability improvements.
  • We will review your technology roadmap, consider technology failure scenarios and insure that appropriate steps have been taken to mitigate those risks that are a real danger to the organisations wellbeing.
  • We will assess your business requirements, consider best practice, new technology architectures and service delivery models and provide actionable advice on how to improve your IT service levels and reduce cost.

Read More

Jan 18 2011
1

Can the Virgin Blues happen to you?

By | Value Realisation | No Comments

Executives across the country could feel the hair on the back of their necks stand on end over the weekend on hearing the complete financial, PR, operational and reputational disaster that besieged Virgin Blue after a catastrophic IT failure. While the press was interviewing distraught travellers across the country that were asking “Why didn’t they have a backup”, the dirty secret across many Australian organisations is that their IT recovery plans are either inadequate, or reliant on 3rdparty providers whom they do not have the skills to audit. Read More