Why risk management in enterprise I.T. systems starts with reducing complexity

Managing risk becomes more complex as businesses adopt new technologies and generate more data. That’s why lowering risks starts with reducing complexity.

Technology is in constant motion. While the unstoppable pace of innovation grants businesses the benefits of faster and better technology, there is also a high price to be paid in the form of rapidly increasing complexity.

Enterprise I.T. environments have become excruciatingly complicated, spanning an ever-wider range of mobile, desktop, and cloud endpoints and networks that have expanded far beyond the original notion of a perimeter. As a result of this rapid digitisation, the volume of data created, captured, copied, and consumed worldwide grew from 2 to 64 zettabytes between 2010 and 2020¹.

The overarching problem is that complex systems are harder to protect. With so many moving parts and countless potential entry points into a company’s network, there is a lot that can go wrong. This includes increased cybersecurity risks, inefficient backup and disaster recovery, and a greater risk of system outages resulting in a domino effect halting business operations. Managing these risks has never been harder.

In this article, we will take a  look deeper into the specific risks that rise alongside complexity and how an integrated business management system (IBMS) can address them.

Understanding the risks of increased complexity

Multiple factors contribute to the problem of I.T. complexity. These include the widespread lack of interoperability in many organisations, a lack of alignment between I.T. and business, and a lack of strategic planning at the leadership level. Complexity is an especially big problem for established enterprises, especially those that have undergone a merger or acquisition (M&A), in which redundant technology might be left over. The shift to remote and hybrid work models has also resulted in increased complexity, which is due in part to the broader range of apps and devices being used to access corporate networks.

The biggest risk that comes with increased complexity is the cybersecurity one. It is inherently much harder to protect a more complex environment, potentially leaving glaring vulnerabilities for attackers to exploit. For example, old user accounts, devices, and applications that have been left unused and forgotten about are often prime targets for threat actors.

It is also much harder to effectively back up and recover data that is spread across dozens or even hundreds of different apps and devices. Without a centralised, interconnected platform that keeps all your data visible through a single pane of glass, efficient backup and recovery soon becomes a practical impossibility. Furthermore, there is no single backup and recovery solution that can encompass every possible platform, device, and data source.

Increased complexity also leads to increased regulatory and legal risk. Every additional layer of complexity leaves more room for costly errors and oversight that can result in your business failing to pass a third-party audit. This in turn, can lead to legal issues and fines. After all, every third-party service provider you use to host and manage your business apps and infrastructure leaves you open to liability if they don’t take compliance as seriously as you do.

Finally, another major risk that comes with growing complexity is the business resilience issue. Even in a siloed business environment, essential operations still span multiple systems and departments and depend on many moving parts. As such, there end up being many single points of failure, as opposed to just a few, that need to be managed and mitigated. In such an environment, it might only take an otherwise minor issue with one small part of the system to bring everything down.

How integrated business management can help

To maintain a unified risk management posture, you need an environment in which all systems can work together and provide complete visibility via a single pane of glass. In the context of I.T., that means being able to monitor and manage every asset from a single user interface, as opposed to myriad different systems each with their own logs and dependencies.

Improved risk management is one of the main value propositions of using an integrated suite of business applications. For example, suppose you can combine key business workflows like project management, employee collaboration, accounting, content management, and asset auditing into a single connected environment. In this case,  you can greatly reduce your technology footprint.

Migrating to an integrated and standardised technological environment is especially important for companies that have just undergone major structural changes. Events like opening a new branch or M&As can leave a hodgepodge of systems in place resulting in vulnerabilities going unnoticed. That’s why the top priority, especially after a major change, must be to consolidate and integrate your technology environment.

Another huge advantage of having an integrated business technology stack is that you have what’s known as a single source of truth (SSoT) – an aggregated data environment in which everything is managed in a single environment. That doesn’t necessarily mean everything has to be physically stored in the same place, but rather that everything can be found from a single point of reference. In the context of integrated business management, that point of reference could be an auditing tool that connects all your data sources.

When you have complete visibility into your environment, you can also benefit from advanced analytics, granting greater control over things like efficiency and compliance. For example, if you receive a subject access request (SAR) under a data privacy legislation like GDPR or CCPA, it will be much easier to comply if all your data is readily accessible. However, without an integrated environment, the scope for compliance or auditing failure is much greater.

Ultimately, an integrated approach to risk management gives your organisation the ability to consistently accomplish goals, meet legal requirements, and act with integrity. As information security and technical innovation jostle for control in today’s business environments, it’s never been more important to establish that balance and, in doing so, overcome IT complexity.

References

CPD: Actuaries Institute Members can claim two CPD points for every hour of reading articles on Actuaries Digital.