Plan-Net’s Technical Services Director, Adrian Polley was in attendance at the Gartner Symposium 2018 in Barcelona earlier this month. The event attracts over 6,000 CIOs and IT thought leaders from across Europe and is packed full of seminars and sessions on emerging trends, technologies and insights to fuel business advantage IT.
Here’s Adrian’s key takeaways from the event.
Gartner Analyst Simon Mingay’s presentation on Shadow IT was very well attended, and probably reflects the challenge that many CIO’s face with business departments working outside of the IT department to engage their own IT systems. A key message of the session was that it’s becoming futile for IT departments to seek to prevent this type of expenditure. Gartner has some customers where more than 40% of the overall IT spend is outside the core IT budget, so it’s well beyond a blip. The recommendation is that the IT department and CIO in particular works with the business department heads to ensure that the organisation properly understands the IT purchases its making and what the implications are. In that way, Shadow IT can become Business Led IT.
Any IT system can be rated against how mission-critical it is and how complex. The more complex and mission-critical a system, the stronger the argument that it’s controlled by the IT department, but where systems are low complexity and less mission-critical, a Business Led approach may well be more appropriate. A critical point is that any Business Led IT initiatives can’t be run by the departments as a “hobby”. There needs to be proper ownership and accountability for the systems within the business department, and appropriate co-operation with the IT department. And clearly there needs to be an agreed and applied framework for all IT systems which includes full consideration of purchase and operating costs, as well as obvious concerns around information security and data protection.
The Gartner Zone at Symposium is a relatively small open theatre space on the ground floor which Gartner uses for some of its own presentations. One of the challenges is that some of these presentations are extremely popular – and one such was Bill Pray’s session on Deploying, Managing and Governing Office 365.
A telling statistic early on in the presentation was that as of July 2017, 85% of customers that Gartner surveyed were either using Office 365 or had plans to start using it within 6 months. For Microsoft customers, Office 365 is becoming a when not if scenario.
Anyone with experience of Office 365 will know that it is massive in scope – not just as a product set which continues to grow, but also in how Office 365 is managed and secured. For this reason, it’s critical to treat an Office 365 migration as a program of work rather than a single project and to deploy things gradually and in a controlled manner – Bill shared some anecdotes of companies that had deployed O365 in a big bang approach and the chaos that had then ensued as they sought to wrest back control of what they had unleashed.
One key takeaway from the session was that Office 365 customers need to be wary with respect to how their data is stored. Office 365 is a globally deployed product set, but not all components are running in all locations at this moment in time – Sway and Yammer for example only currently run out of US data centres. Therefore if your firm is very particular about where it’s data is stored, this is something that needs to be considered.
The security theme wasn’t as prevalent at Symposium as it has been in previous years, but there were still various sessions on security as well as some mainstream and more niche security vendors demonstrating products.
In Bart Willemsen’s seminar “Top Trends in Security for 2018/19” it was reassuring to know that the message that good information security practices are critical business health is now being properly grasped by business leaders. Much of the reason for this is the impact of significant data leakages and other security breaches in household name companies, eroding trust in those businesses but also causing real financial loss. However he reported that fewer than 15% of CISOs have a seat at the boardroom table and there is a sizable language gap between Information Security professionals and the wider business community. His view is that it’s up to the security people to bridge the gap if they want to be properly heard. A further concern is that in many businesses, information security roles are poorly defined, which weakens the whole information security posture.
On a similar theme, IBM presented on “Cyber Resilience and Recovery” and made reference to NIST Cybersecurity Framework which defines a wheel of activities.
Their concern is that frequently Information Security people ignore the Respond and Recover parts of the framework, believing them to be other people’s responsibility e.g. the DR Manager. As a consequence, if they do get hit with an attack, they are unprepared to deal with it. IBM maintains a command centre in Boston where companies can simulate various different types of attacks and test their responses – not only at a technical level, but how well their people react under pressure and whether they make good decisions. Due to popularity, they are launching a similar facility in Europe but in the form of a fully-kitted truck which can be driven to where it’s needed.