Chief Technology Officer/CISO
In general, governance simply refers to the way that corporations follow business practices that conform to rules. Executives put these rules in place to help balance their own best interests with that of employees, customers, suppliers, governments, and other stakeholders. Naturally, some people may find certain rules inconvenient. However, in this age of mobile devices, remote workstations, elevated security threats, cloud storage, and increasing regulations, companies need excellent IT governance. Without proper policies, companies risk data loss, government penalties, and many other threats.
An Example of Poor Governance
CIO Magazine used the example of one anonomous financial corporation to illustrate poor IT governance. Lower level managers and employees grew increasingly frustrated with the time it took to get their own IT department to keep up with their business needs. They took it upon themselves to rig together systems that consisted of spreadsheets and stand-alone databases that ran on any number of devices.
For a time, employees may have felt empowered to quickly develop what they needed. Unsurprisingly, this sort of anarchy quickly led to problems:
- Unchecked, these rogue data systems led to multiple compliance citations and security beaches.
- The company also suffered from the inefficiencies of redundant data and duplicate efforts.
- Just as serious, none of these systems had disaster recovery plans in place.
- Few of these ad-hoc systems had been documented well, so the loss of the one employee who knew about the system could create havoc.
It’s fair to assume that the company’s IT department moved slowly for several reasons. Most likely, the developers had to follow IT security and compliance policies that people in other departments did not even know about. Official computer systems need documentation, backup plans, and security. Some companies might benefit from allowing other departments to develop their own systems; however, they need to follow the same IT governance policies as the IT department does.
Great IT Governance Leads to Great Corporate Performance
In an organization like the one in the example above, employees may have directly contributed to the problem. However, upper management and executives didn’t immediately stop it. It wouldn’t take state-backed hackers, a government whistleblower, or terrible catastrophe to cause problems for this company. The situation created a perfect storm of accidents that were simply waiting to happen.
On the other hand, good IT governance won’t happen by accident. Executives must analyze business risks and government regulations in the light of their business needs. In order to accomplish, they will need cooperation from IT and from other business units. Obtaining that cooperation takes two-way communication about the many ways this effort can benefit the company and the individuals involved. Only then, can established IT governance policies get developed and communicated to the entire company.
Consequences of Noncompliance With IT Governance
Typically, along with making sure that everybody knows the rules, companies also have to let their people know the consequences of breaking them. This probably shouldn’t just include consequences that might happen if data gets lost or stolen or a government regulation gets broken. If employees get caught breaking the rules before an awful event occurs, they may also need to feel the consequences for their actions as well. This also means that upper management needs to a way to gather information about how data and software gets accessed.
Naturally, it’s better if companies can urge compliance in a positive way. Shop managers and salesmen may not be eager to give up the mobile devices that have helped increase their productivity. Buyers and risk managers may have become used to sharing data with third parties in the cloud. It’s much better if these favored business processes can either be modified to comply or replaced with an alternative that is just as good or even better.
In the end, poor IT governance can risk a company’s reputation and even their ability to conduct business. The fast and ad-hoc solution won’t improve efficiency for long after it fails because it gets hacked, destroyed, or forgotten about. Certainly, executives hope to create policies that benefit everybody, so it may take some effort to ensure cooperation from all stakeholders.
Controlling IT Governance Is Not Easy
Putting good plans in place takes analysis, cooperation, and communication. In some cases, it also takes the right software and data management solutions. These solutions ensure that all stakeholders adhere to business practices that conform to corporate and government regulations.
At DataEndure, we understand how to help clients learn more about the systems that they already have and to keep what they need. Our solutions can improve and adhere to your company’s IT governance rules. At the same time, they can improve availability, recoverability, and security. Contact us today to tell us what you need.