Author's Picture Issue: India 2008
Article no.: 5
Topic: Mitigating Risks in a Connected World
Author: Nipun Mehrotra
Title: Vice President & General Manager, Global Technology Services
Organisation: IBM India/SA
PDF size: 224KB

About author

Nipun Mehrotra is the Vice President & General Manager, Global Technology Services for IBM India/South Asia. Mr Mehrotra has over 21 years of experience in the Information Technology industry – across India, ASEAN and Asia Pacific regions managing various sales & marketing positions and leading Business Units. Nipun Mehrotra has held various other leadership positions within IBM as well. Mr Mehrotra currently serves as a member of IBM India/SA Senior Leadership Team as well as part of the IBM Technical Leadership Team.

Article abstract

Today, economies are inter-connected, businesses are networked, and organizations operate seamlessly across geographical boundaries. This interconnection is highly beneficial, but also brings serious risks. Nearly 70 per cent of India’s CIOs consider risk mitigation among their top three priorities. Companies need comprehensive risk mitigation strategies that consider the staff’s access to information, computer security, software applications, stored data and the security of physical facilities. Any comprehensive risk mitigation strategy must focus on the areas of governance, business continuity and data security.

Full Article

The Industrial Revolution marked a major turning point in the history of mankind. For many decades, the Industrial Revolution continued to change the way businesses across the world worked. This change acquired a new dimension with the advent of the Information Revolution, or Internet Revolution over a decade ago. Today economies are inter-connected, businesses are networked, and organizations operate seamlessly across geographical boundaries. In this changed landscape, the technology executives today have become modern-day gladiators of sorts – at any given moment they are required to engage in battle with ferocious threats on multiple fronts. But instead of testing their mettle against tigers and warriors, IT Professionals face off daily against a multitude of shadowy threats ranging from malicious computer hackers to complex government and industry regulations. IT professionals are finding out that it is a battle they cannot fight on their own. To win this battle, what enterprises and their CIOs really need is a true risk mitigation strategy. They need a strategy that takes a holistic approach combining careful attention to people and their access to information, as well as to computer systems, software applications and stored data. Organizations must, as well, link in security for physical facilities to organise an encompassing risk mitigation effort. Perhaps, it is this realization that resulted in nearly 70 per cent of India’s CIOs placing risk mitigation among their top three priorities in a recently conducted survey. What they need now is a comprehensive strategy that covers risk by focusing on the areas of governance, business continuity and data security. Relentless focus on these three areas is critical to the success of a risk mitigation strategy, which would then ensure a strong foundation for any growth-hungry business. Governance Achieving effective governance is no simple undertaking. The management of Information and Communications Technology (ICT) operations, that have become the central nervous system of most enterprises over the last ten years, has become even more mission-critical to Indian businesses than ever before. As a result, IT operations have also become more complex, bringing many new risks. As business partnerships and supply chains increasingly span the globe, emerging issues in any one part of the world can easily lead to IT problems for the entire enterprise. Add to this the fact that today’s IT management has the primary objective of managing risks, not only from traditional security and compliance threats, but also from system performance, availability of resources and integrity of IT services. To ensure a comprehensive governance strategy, today’s CIOs and IT managers must be able to govern IT across the entire organization, cutting across silos and islands of computing. Having a holistic view of the overall business is essential to allow effective decision making on technology. A well-defined escalation and review process is vital to ensure operational command and control. Governance has to cover the strategic, the tactical as well as operational aspects of the business; the key to success in this endeavour is a detailed and well-documented authority and review mechanism. Another approach to enable effective IT governance is to start with a business’s most strategic IT initiatives and provide improved business alignment, visibility and control throughout the IT lifecycle. An organization can improve its business performance and resilience by optimizing service management, business continuity and security. As the nervous system of the business, IT must adapt dynamically as business service demands change – delivering quickly on new requirements and responding to new threats. Business Continuity To ensure governance, organizational leaders must also have a business continuity plan in place to maintain resiliency when problems arise. In order for an organization to be resilient, they need to be sure they are prepared for both expected and unexpected events to help ensure business continuity. In fact, building resiliency should be a core component of a business and IT strategy, with operations and infrastructure designed to accommodate the challenges that come with a range of disruptions. These could be in the event of a network outage, a power/utility outage, physical threat to the infrastructure due to natural calamity or terrorist attacks. Yet another very important aspect of business continuity is also to ensure human capital resiliency. In a business environment, where people are the most critical asset and are required on a 24/7 basis to serve the needs of customers from across the world, it becomes critical that strong human capital resiliency is also built into the business continuity strategy. This can be achieved via work area recovery centres that enhance an organization’s ability to respond and rapidly adapt to threats to its workforce and their workplaces. Many industries now enforce complex regulatory guidelines and recovery centres can ensure the organisation’s uninterrupted operation as well as regulatory compliance. CIOs and IT managers should frequently assess which business functions are most vital and vulnerable throughout the organization, as well as the potential impact of disruptions on business and operational productivity. Once an assessment is complete, people, plans and technologies can be put into place to ensure that information, services and support is available for all constituencies. While seamless connectivity brings great opportunities for businesses to grow their operations beyond geographical boundaries, it also poses a great number of potential risks. Companies should also apply the same defensive principles to protect their extended operations and safeguard their workforce productivity in an event of an unplanned disaster, outage, etc. Implementing a business continuity plan as part of a governance and risk management strategy creates a targeted breakdown of vulnerabilities within an organization and outlines best practices, backups and avoidance systems, thereby protecting business goals. Data security Business data is the lifeblood of enterprise operations and safeguarding it is essential to maintaining order. Enterprises must protect data to the fullest extent possible through its lifecycle in order to achieve both business continuity and compliance with government and industry regulations, yet threats to that data are evolving faster than ever. Security and network managers face a daily barrage of automated attacks, targeted attacks and internal breaches committed by both outside threats and privileged users within the enterprise. Today, organizations have to deal with many new regulations that specify how business data is to be treated by an enterprise, who can access it, and under what circumstances it can or cannot be changed. Protecting business data involves restricting access to the appropriate people both within and outside the organization, maintaining integrity since data must be safeguarded from unauthorized attempts, while providing uninterrupted availability for the business to continue. By implementing a comprehensive security assessment strategy, an enterprise can determine where it is most vulnerable to attacks, which solutions are required to address those vulnerabilities and how to integrate those solutions optimally into the IT infrastructure to fend off threats both today and in the future. Identity management is also an important component of an effective governance strategy since it helps IT management set up new accounts and passwords quickly and securely for employees and customers, while providing the ability to restrict, manage and monitor access and synchronize employee passwords to minimize intentional or unintentional misuse of business data. It is pertinent for Indian and global organizations to effectively implement a robust risk mitigation strategy that outlines IT performance objectives and ties back to IT governance processes, limits the impact of security exposures and improves business resiliency. Successfully executing this strategy is critical, as organizations today feel the pressure from increasing local as well as global competition, more complex customer demands and ever-evolving security threats. It is not exactly a battle to the death, but in a seamless global business arena, it truly is survival of the fittest and the prepared.