Over recent years, it feels like there’s been a perpetual gloom hanging over the annual meeting of the WEF in Davos. In a PwC survey released at this year’s meeting, 45% of CEOs said that their company will not be viable in ten years should it stay on its current path.
An ever-shifting list of crises has left businesses prioritising efforts to cement resiliency. This shouldn’t be mistaken for a risk-averse state of stasis. Businesses need a proactive grip on the critical processes fundamental to their survival to be resilient in the face of critical events – be that natural disasters, cyber-attacks, market downturns or financial shocks.
At a broad level, more senior leaders and boardrooms today recognise the power of being data-led to unlock efficiencies and improve operations. This ethos applies to assuring resiliency. Recent statistics indicate that 93% of companies without business continuity and disaster recovery that suffer a major data disaster are out of business within one year.
Organisations with a holistic view of applications, business capabilities and IT infrastructure are best placed to withstand, adapt, and recover from a critical event.
Live issues call for a live blueprint
In 2024, most businesses are digital be default There are not many industries that have remained immune to the digitalisation tidal wave. Just as an architectural blueprint provides a detailed plan of a structure or building, an effective enterprise architecture equips senior leaders with a blueprint for their entire enterprise landscape spanning the domains of business capabilities, business process, risk and more. Empowered with such a view, leaders can make better decisions more quickly and confidently. This sets the ideal stage for developing and executing responses to critical events.
A digital enterprise blueprint achieves more than a central view of IT. If embedded correctly, it acts as a “balance sheet” for the enterprise that factors in a range of metrics – not just the financial. Pulling in broader macro factors, like legacy technology dependencies (known in the IT industry vernacular as tech debt) and workforce skill gaps, into strategic considerations amounts to a breakaway from drawing on partial views for true business and IT alignment.
It goes without saying that not all enterprise architectures are made equal. Decision-makers need to pick the platform that fits their requirements for third-party integrations, so as much mission-critical data as possible is being fed into a blueprint. Functionality is also key – especially, specific to boosting resiliency and risk scenario planning.
Scenario exercises that make an impact
For some, risk scenarios might evoke an eye roll. They’re nothing new and it’s historically been difficult for businesses to ascertain which of many ‘what ifs?’ to care about. But this view is outdated. Risk scenarios in the IT domain can encompass everything from new technologies to external regulatory compliance to equip businesses with invaluable insight into the optimal response to anticipated or current risks.
It’s a no-brainer to seek out a digital enterprise architecture platform that can benchmark blueprints against risk management scenarios. In doing so, enterprises can establish the risks most aligned to their business, based on its current architecture, to make risk management manageable and actionable.
Enterprise leaders can quickly identify weak or stress points in the infrastructure, application or data designs, optimise IT costs, limit or make governance changes in the use of IT or improve ROI on IT investment based on the conclusions of scenario planning and ensure resilience in the face of the risks that pose the greatest threat; for example, cyber.
It is undeniable that cyber remains one of businesses greatest threats, particularly as we go digital by default. The 2024 edition of the CrowdStrike Global Threat Report should be mandatory reading for every CEO, CFO and board member. The reality is the speed and ferocity of cyberattacks continue to accelerate as adversaries compress the time between initial entry, lateral movement and breach. We are entering an era of a cyber arms race where AI will amplify the impact for both the security professional and the adversary. Organisations cannot afford to fall behind, and the legacy technology of yesterday is no match for the speed and sophistication of the modern adversary.Collaboration – the lifeblood of an enterprise architecture
Effective enterprise architectures can’t be disentangled from IT governance and, therefore, the involvement of multiple stakeholders. When the two are properly working in step, projects will be tailored or changed to ensure everything is pulling in the right direction of the overall strategic direction – which will encompass positioning on risk. That’s no bad thing.
Given this, it makes sense for enterprise leaders to use a digital enterprise architecture platform that plugs into their workforce’s commonly used collaboration and contribution tools. Blueprints can be uplevelled from a PDF document or spreadsheet to rich objects with metadata and relationships to help surface dependencies across business units and domains. For example, to understand which applications are underpinning which key processes. Business users can be empowered to add repository information via web parts, forms, surveys and group chats that aid the development of, and buy-in for, the central blueprint of the application and technology portfolio.
In the event of a crisis, effective communication and coordination around a central enterprise architecture repository mean business continuity plans – including incident response, crisis management, and disaster recovery – get carried out more quickly and work the way they’re meant to.
Embedded compliance
Regulatory requirements can’t be ignored by board rooms in 2024. Modern legislation increasingly pins direct responsibility for compliance on specific personnel and intense scrutiny around issues like data privacy persists.
Businesses find themselves in an especially vulnerable regulatory position in the wake of a critical event if they lack watertight demonstrations of compliance. Last October, for example, the UK’s Financial Conduct Authority fined US credit company Equifax £11 million for failing to protect the personal data of approximately 13.8 million UK consumers that was compromised in a cyber breach.
To prevent this from happening, enterprises can map regulations to processes, data and applications in a digital enterprise architecture platform. This mapping can be shown to auditors to demonstrate compliance.
Let’s take GDPR, a data privacy regulation that will apply to most enterprises, as an example. An enterprise-wise blueprint of the data landscape can be used to establish what, where, when and why personal data is collected. From here, the compliance teams can be provided with an outline of the data flow both inside and outside the organisation to understand where the greatest risks to customer data lie. Prioritisation can be made accordingly – whether that’s prohibiting future investment in a technology that poses a high risk for poor return or stopping the renewal of a license for an application about to be phased out because of significant security concerns.
In conclusion, boosting resilience shouldn’t be a woolly or hypothetical exercise. If it is, it’s not being done right. Whether it’s preparing for, adapting to, withstanding or recovering from a critical event – businesses that create a live digital architecture ensure their whole team are best placed to survive and thrive.
About the Author
Gareth Burton is an experienced Chief Executive Officer with a demonstrated successful track record of growing and transforming software and services businesses. He has a deep understanding of technology, digital transformation, and commercialization of IP, and is an experienced executive working with Private Equity sponsors.