Every time business people talk about digital transformation and the hurdles they face, you can be sure that one of the first thing they will mention is IT.
IT prevents business departments from moving fast, IT raises too many constraints while the goal is to be agile, IT wants to rationalize while business people want to test, fail and learn. So there’s no surprise if these people see IT as Evil.
IT is not evil and you’re building hell
I don’t subscribe to this point of view. It’s true that IT should sometimes be faster, more agile, more easygoing. On the other hand they will be the ones who will be blamed if a platform collapses, if a major issue appears or a security breach is exploited by a hacker.
Precisely, let’s talk about breaches.
In the mid 2000s doing digital projects was great, today it’s like paradise. No more complex integrations, endless custom development to make systems talk together : there are APis/
Before, one had to build a door on each side then a tunnel between both. Today the plugs exist, what can be done is well documented, the only need is to build the pipe but it’s far easier than before.
It solves an actual issue : make two platforms that have nothing to do the one with the other talk together, share data or trigger actions. It has become so easy that everything is about APIs now. Connecting apps has become so easy that everybody plays with it.
“Can I plug my CRM on your customer base ?” “Of course”.
“I need to extract data from the CRM to us it in my marketing automation system”.”No problem”.
“Can I use your xxxx data for…..”. “Of course”.
Everyone started to took the required data where it was available and that’s a good thing because it’s the reason why things have been designed this way. The problem is that it’s done one at a time, even under the radar.
Today, in theory, everyone knows where the app one has installed takes data and where it sends data.
Lack of data governance is a time-bomb
Very few know if, once sent “elsewhere”, data is not sent to one or two other applications. And so on.
From connection to connection, no one has a clear vision of where data goes and who does what with it. And since it all happened in an adhoc fashion without a clear governance, today it’s hard to disentangle all this mess.
One day, by flowing from one app to another, data will end in an unsecured place with no one being aware of that. Because one person is not cautious enough about security the whole chain will be at risk and no one can see it because one only know what’s been done at his own level. With GDPR coming, not that funny situations may arise.
I had this discussion with friends working il large businesses that have the reputation of being very focused on security. It’s obvious that everyone “hopes” that no mistake was made but after years of ungoverned projects where people plugged unplugged, when applications were added and removed, it’s very hard to know what goes where.
It’s a risk if a security breach appears somewhere. But it’s also a risk if, suddenly, someone decides to unplug an app without knowing that it will prevent 5 or 10 others apps from working.
If your organizations is well advanced in digital, it’s high time to map all the interconnections between apps, the known ones and the unknown ones that came under your radar.
If you’re just starting with data, be aware of this risk from the very beginning.
Anyway it’s a real concern and instead of shooting at the wrong enemy, business lines and IT should collaborate to avoid a future disaster.