CAN YOU IMAGINE buying an expensive car to devote excessive amounts of time and money keeping the bodywork and interior pristine, while totally neglecting the tyres, brakes, engine and drive chain? Some might, but the vast majority worry about safety, reliability, resilience and the value of their investment, and certainly all the senior managers and board members I know fall into this ‘car-caring’ category.
So what happens to managers and board members when they wear their cloak of corporate responsibility? Hardly a week goes by without some major lapse of corporate security or system collapse that sees customers and services compromised. For example, the 2013 Lloyds and RBS IT crashes saw people and companies unable to access accounts, use ATMs, satisfy payrolls and make transfers/payments for more than a week.
It seems as if managers go to work and leave all common sense at home. Why do they neglect and starve IT of people, money and investment? It is the engine and drive chain of business. And worse still, IT is seen as a cost centre, and is often outsourced and out of mind. Add a growing disdain of techies and pride in tech ignorance and you have a perfect formula for failure.
The progressive outsourcing of IT on a grand scale has been popular for well over a decade, with thousands of redundancies creating a dearth of capability and understanding. Sadly, Lloyds and RBS appears to tick a lot of these boxes.
The difference between cars and software is huge. Cars are a mature technology going back more than 100 years and there is a commonality of design, supply, assembly and support. We can afford to let go – we just have to drive and adhere to a maintenance schedule. Dealers and garages are abundant, and the product is reliable and stable, with established standards and people training. None of this is true of software systems. The history is short, everything is customised, there are few standards, poor training, uncertainty of supply, and business systems only get more complex. And it all stands on legacy software stretching back to the days of COBOL.
Compound all of this with an MBA mindset – ‘I’m a professional manager and I can manage anything, so I don’t need to know about the technology’ – and add short-termism and the incentivisation of KPIs linked to a bonus pot, and the scene is set for cost cuttings. Then we have the shortening dwell times of the senior players. No one is ever to blame, and there is always a golden goodbye. Sadly, the world is managed by people full of confidence and the hubris of superiority based on a strong foundation of ignorance.
Managing complex IT systems demands expertise and a culture of trust, collaboration and care. It also needs an eye to the priorities of reliability, resilience, security, customer satisfaction and confidence. Neglecting or losing sight of any one of these can create immense operational, reputational and market damage. Not only does bad news travel further and faster than good – repairing the bad takes at least ten times the resources of maintaining the good.
Systems and software are a mix of process and creativity. They need dedicated professional attention, checks, cross-checks, extensive testing and, most importantly, a plan B. As far as I can see, all of the recent security and system failures have failed in at least one of these categories.
Managing a modern organisation has many of the features and demands of flying a passenger aircraft. And all pilots understand a lot about their machines, crew and passengers, as well as the processes involved, but they still resort to check lists and hours of training in simulators. They also have a plan B, C, and D. So employ managers that ‘understand’ the technology and see the necessity for investment and support while being capable of quantifying the pending cost of neglect. RBS et al are about to find out just how expensive cost saving and taking your eye off the ball can be. ?
Peter Cochrane is an IT consultant and former chief technologist at BT
Join Financial Director, Oracle and a host of ‘Fast Data’ experts to discover how financial professionals can help create a Fast Data business
Yahoo’s data breach highlights difficulty in determining whether unauthorised access to data has occurred
Cyber risk is a dynamic threat as criminals seek more creative ways of extracting value from reputable businesses. The new wave of attackers are sophisticated and skilled, and may lie low inside a network for weeks, or months, before taking definitive actions
What can you do to ensure your employees know the company policy and stick to it? Hear from other CFOs and experts in our free-to-view video
What are the next big technologies which can help keep cyber criminals at bay?