For a successful IT transformation, risks need to be considered. We look at these risks in our third blog post on enterprise IT. Employees need to be functionally prepared for the complexity of corporate IT. Of course, data protection is also an issue to be considered.

13. November 2022 • Blog article

Dear Readers,

Incorporating the reality of hybrid IT into our current and future digital transformation strategy can only mean one thing: we need to learn and internalise how to make the risks of this part of the new business world manageable. Turning a blind eye and proceeding without caution is not an option. Because the consequences of uninformed and uncontrolled implementation of new features in the seemingly beautiful new hybrid IT world can, to put it bluntly, "blow up in your face". Good risk management will prevent this, as I will illustrate with a few examples.

Keeping an eye on data protection

One of the stumbling blocks of increasing migration to the cloud as a key part of transformation is the protection of personal and non-personal data. This is a concern for all our customers, as we know from our consulting experience. And rightly so, as questions such as whether two-factor authentication or encryption is offered, where exactly the data is stored, and to what extent it is protected from unauthorised access and manipulation are crucial. It must also be transparent what happens to customer data after it has been used, and what is not allowed to happen. The availability of such data must also be clarified. And what about unauthorised uses and exclusions? These are all contractual issues. It is important to identify them in the legal framework and to modify or include them where necessary. However, due to their scope and complexity, the contractual terms and conditions of many providers are often difficult to understand in detail for company employees, from staff to management to the CIO. An additional expert perspective is helpful to ensure security and avoid unpleasant surprises.

Focusing on details - throughout the entire process

Clarity is required even in the selection of offerings. The first step is to identify the specific needs of the organisation. Then the responsible IT person reviews the solutions and makes a recommendation in favour of a vendor. That's the theory. However, we have observed that many companies are now decentralising responsibility. This means that other departments in the company, such as marketing, sales, accounting, etc., are increasingly responsible for IT. Genuine IT expertise as a basis for decision-making is being pushed into the background and only brought into play when problems arise. The COVID-19 phase has led to hasty decisions in this respect. Such uncoordinated processes are inherently risky, and slip-ups are almost guaranteed. For example, not all available cloud offerings are often correctly represented in providers' portfolios, which can lead to users making the wrong choices when booking through the shopping solution. In the order section, where modules are defined across the board - from economy to the premium edition - there is already a danger of overbooking, i.e. too many features, leading to avoidable additional costs. Or there may be underbooking, resulting in the need for additional features, which can also be very expensive. Even the decision whether to charge per user or a fixed sum per month needs to be considered. In short, there needs to be clarity in every aspect before a contractual commitment is made with the final click.

Building a stable structure instead of uncontrolled growth

Just like a stable house that makes sense of all the rooms and makes them easily accessible, a hybrid, complex enterprise IT requires a well-designed and stable architecture without barriers. The system architecture must be designed so that all the components work together in harmony. For example, it should still be possible to download or upload large amounts of data from the cloud, while simultaneously running an SAP reconciliation - meaning that data transfer doesn't slow down the ongoing use of the system. It sounds obvious but is not the case in many organisations. The excessive use of network bandwidth as described above is often ignored in good faith. When end-to-end monitoring is used to detect critical system conditions, cloud resources should be included.

Gone are the days when IT problems were solved in the canteen

Today, when problems arise, the cloud provider may be called upon to play an active role in finding the root cause. In the past, all IT stakeholders in a company could usually get together quickly and informally. Problem management used to take place during casual conversations in the café kitchen, corridor or canteen - an approach we are all familiar with. Now, when support is needed from the provider, there is a potential risk that they are not contractually obliged to offer this, especially when it comes to hyperscalers. The situation becomes even more sensitive when troubleshooting must be extended across multiple systems and vendors. A cumbersome process looms if problem resolution support is not agreed upon. This scenario also needs to be considered in advance.

Almost all of these risks, and many others associated with IT transformation, ultimately stem from unawareness, i.e. human fallibility. The complexity of hybrid IT can quickly overwhelm an organisation's staff - not a criticism, but an understandable and accepted fact. One thing is clear: excessive fear is as bad a guide as naively ignoring risks with the attitude that "everything will work out". What is needed is a great deal of attention and a little respect for the challenges of IT transformation.

With this in mind, best regards,

Your IT Sourcing Team

Learn more about digital transformation at AXXCON:

Torsten Beyer

Managing Partner

Roland Behr

Associate Partner

Thomas Gondorf

Associate Partner

Related articles



+49 6196 9549376