Governance and Fighting the Curse of Complexity

The task is Sisyphean. The mountain is IT complexity. The boulder is made from complex infrastructure, network connections, data stores, and devices. The person pushing the boulder up the steep slope? Every IT and security leader and worker. Will we ever rein in IT complexity?

Unfortunately, not.

But we can try.

There are two routes up that mountain. One is made from the growing plethora of tools that harmonize, integrate, and simplify complex operations. The road other is paved with disciplined IT and business governance.

The Burgeoning Complexity of IT and Security Solutions

On a business level, complexity comes from growth through acquisition – when enterprises inherit systems of record and of work that, more often than not, are different from one another. Shadow IT introduces systems and applications that are often outside of an enterprise’s catalog of IT tools. Moreover, new sources of ever expanding data produced by generative AI and the unfettered growth of unstructured data introduce even more challenges.

There’s the complexity of security in the organization. Password strategies. Incident response plans. Firewalls. Training and awareness. Encryption. Anti-virus. Authentication. Back-ups. Data at rest. Data in motion. Testing vendor solutions. Risk considered in vendor contracts. Cyber insurance. State actors. IoT. The attack surface. This is hardly simple.

Consider today’s IT architecture world: on premises, outsourced data center, public cloud, multicloud, hybrid cloud, the edge.

Throw in all the technical debt – and the cultural tendency (and often necessity) of building connections for backward compatibility. There are also complex ERP and CRM solutions – as well as inputs from OT and IoT systems and devices. It’s like making stew with all the leftovers in the refrigerator.

The consequence: increased cost and a slower pace of innovation from idea to scale.

Complexity robs the organization of its focus. Complexity is the enemy of resiliency. Complexity frustrates the C-suite, hamstrings communication with regulators, vendors, and partners, and frustrates employees, customers, and prospects.

Tools to Rein In Complexity

Thankfully, In the IT and security worlds we’re being offered tools to simplify and integrate virtually every part of our IT ecosystems. These tools either integrate multiple systems, provide a unifying suite of solutions, or both.

For overall business application and processes, you could look to Software AG’s webMethods or Oracle’s WebLogic Application Server or other approaches from TIBCO, IBM, Open Text and others.

There are options that help companies manage disparate tasks, projects, and resources. Here we can look at monday.com, Asana, Trello, Hive, Zoho, and a host of others. There are “integrated” approaches to cybersecurity threat protection and remediation, including solutions from Palo Alto Networks, CrowdStrike, Fortinet, and many others.

But are the tools which integrate and overlay disparate processes really simplifying IT?

Of course they do, but with a big caveat. There will always be new computing paradigms: think of virtual reality or robotics or quantum computing. New systems, new technologies, new approaches will continue to increase IT complexity.

Indeed, our complex economies – and the pace of business change – all but guarantee that we’re in a permanent state of increasing complexity.

Governance and the Process Side of Simplification

So, if integrative tools are only part of the answer, what else can IT and security leaders do?

The answer lies in building a system of overall guardrails – governance, if you will – of the entire enterprise. Integration will always be important, but it doesn’t take the place of rules-based standardization and simplification.

That means due diligence in terms of the systems of record used before an acquisition is made. It means active training and re-training of staff so that politics doesn’t keep an obsolete system alive when it should be sunsetted. It means rock-solid identity management so that systems, data, and applications are accessed by the right people – and IP addresses – at the right time.

Plain and simple, all IT purchases should be approved by an IT governance group. There should be no new systems acquired unless there’s an analysis of the new technology’s impact on complexity in the environment.

Audits of applications should lead to the sunsetting of duplicative systems. And organizations should employ governance rules to define the sources of truth in terms of what data should be used and when and where that data resides.

IT leaders have many vendor solutions at their disposal when it comes to simplifying their IT ecosystems. But there is no tool that overlays all the integrative, simplifying tools on offer today.

The most powerful solution isn’t downloaded from a tech company’s site. It comes from the brave business, IT, and security leaders who define, refine, and enforce systems of governance.

###

For further reading, we recommend:

https://owy.mn/3I7jBdg: OliverWyman’s TECHNOLOGY COMPLEXITY AND ITS IMPACT ON INNOVATION, By Chris DeBrusk

https://bit.ly/42Pe703 Forbes: July 10, 2022: Today’s Enterprises Have A Complexity Problem: Their Profits, Productivity And Security Depend On Solving It