7. What They Tell Us
7
1) Business imperatives
2) Benefits realization
3) Unplanned outages
4) Absorbability
5) Risk
6) Systems of Record
7) Competitors
THEY THINK ABOUT YOU TALK ABOUT
1) IT strategy
2) Cost
3) Service tower uptime
4) Doability
5) DR/BC/Cyber security
6) Systems of Engagement
7) Innovation / Disruption
8. 3) Operational Uptime
• 99.9% means nothing to them
• Availability of vertical services means nothing to
them
• Outages are related to the business cycle
• They are only interested in unplanned outage
minutes of end-to-end services at certain times
• “Silent running” is simply your ticket to the game
• Does your IT organization structure reflect this?
8
9. 4) Doability Vs Absorbability
9
• It’s much easier for us to deliver than them to
assimilate
• IT folk celebrate when the system goes live. The
business thinks that the project starts at that point
• Is it better to sequence the traffic than to land it all
at the same time?
Corporate Change Impact
Peoplesoft
Enhancements
PetroTech
Competency
Mapping
PPI
Peoplesoft
Upgrade
10. 5) Risk: They Are Intellectually
Curious About Cloud
• They read about it in an airline magazine…
• They have suddenly become technical architects…
• They have realized that it is a big opportunity and a
big risk to your company:
o An opportunity to make the business much more agile
o An opportunity to keep IT headcount to a minimum
o A risk to the governance and security of the company’s
valuable data
o A risk of loss over regulatory compliance (SOX, PCI etc.)
10
11. What We Tell Them About Cloud
• 1980: Origins in telecomms – the Internet replaced point-to-point leased lines
• 1990: NASA SETI for supercomputer of distributed PCs
• 2000: First commercially successful SaaS application (Salesforce.com)
• 2006: First commercial “on demand” hosting (Amazon Web Services)
• 2010: Critical mass achieved on availability of web services (similar
concept to Apple’s App Store)
.
.
.
11
• 2015: Average mid-cap company uses hundreds of cloud-based apps,
mostly unsanctioned. Shadow IT gone wild.
12. It’s Here to Stay – Get Used to It
12
There are 5,000 enterprise apps
today (and growing).
13. 13
RISK =
THREAT x VULNERABILITY x CONSEQUENCE
What They Tell Us About Risk
14. CEOs Have Woken Up!
1 High taxation
2 Loss of customers/cancelled orders
3 Cyber risk
4 Price of material inputs
5= Excessively strict regulation
5= Changing legislation
7 Inflation
8 Cost and availability of credit
9 Rapid technological changes
10 Currency fluctuation
11= Interest rate change
11= Talent and skills shortage
13 Reputational risk
14 Corporate liability
15= Major asset price volatility
15= Poor/incomplete regulation
17 Fraud and corruption
18 Government spending cuts
19 Theft of assets or intellectual property
20 Failed investment
21 Corporate governance and internal oversight failure
22 Critical infrastructure failure
23 Supply chain failure
24 Increased protectionism
25 Insolvency risk
1 Loss of customers/Cancelled orders
2 Talent and skills shortages (including succession risk)
3 Reputational risk
4 Currency fluctuation
5 Changing legislation
6 Cost and availability of credit
7 Price of material inputs
8 Inflation
9 Corporate liability
10 Excessively strict regulation
11 Rapid technological changes
12 Cyber attacks (malicious)
13 High taxation
14 Failed investment
15 Major asset price volatility
16 Theft of assets/Intellectual Property
17 Fraud and corruption
18 Interest rate change
19 Cyber risks (non-malicious)
20 Poor/Incomplete regulation
21 Critical infrastructure failure
22 Government spending cuts
23 Supply chain failure
24 Pollution and environmental liability
25 Sovereign debt
Lloyds Risk Register 2012 Lloyds Risk Register 2014
Lloyds survey of 585 global CEOs
15. They Read The Media…
THE FACTS:
THE CONSEQUENCES:
THE LESSONS:
Hackers were able to steal sensitive personal and financial data from over
619,000 of the Company's employees and customers
Shareholder sued individual Board members for lack of “Duty of Care”
AIG clarified that their D&O insurance does not cover neglect of Duty of
Care
Federal judge permitted FTC lawsuit to proceed against the Corporation
The firm’s Officers have to comprehend the risk posed by cyber security,
and it can affect their personal wealth.
15
16. Many business executives believe that a competent IT
leader can prevent an intrusion into their company.
It is impossible to prevent a focused intruder from
gaining access, and yet 85% of IT security spend is
dedicated to prevention.
On average, it takes 212 days to react to an intrusion.
And We Tell Them You Must Assume
A Sophisticated Attack Will Succeed
20. So How Can Awareness Help?
20
• 85% of IT security spend goes on prevention
• Average of 212 days between intrusion and detection
• 90% of compromises exploit human frailties
• Be appreciative of the value-at-risk (i.e. materiality)
• Be alert to web phishing and e-mails containing malware
• Be sympathetic to strong passwords and regular changes
• Be observant for odd behaviors
22. Conveying Your Message
22
• Befriend their executive assistants
• Avoid scheduled meetings
• Travel to nowhere on the same flight
• Outside interests: Golf, fishing….
• Be persistent!