First focus on the business challenge
Before you even look at the available technology solutions, the first step to success is to consider the business challenge that you are trying to solve. Matters for consideration include: who in the organisation should be responsible for addressing the challenge, and what they need to do to solve that challenge. In short, you should take a People, Process and then Technology approach.
When you consider who should be responsible for addressing the challenge, this will clearly identify some of the key stakeholders. However, there are likely to be other stakeholders who are also key to the successful adoption of any technology solution. By identifying and involving these key stakeholders, you will gain a deeper understanding of the challenge at hand – and be able to identify the most appropriate solution. The stakeholders involved should be from all disciplines that have an interest in the topic, including the business as well as technology and other support functions. Whether they’re part of the core business, technology or support functions, any and all stakeholders with an interest in the topic should be involved.
Once you understand the business challenge, it can be broken down into a set of requirements which can then be used to evaluate the potential solution that you wish to consider. Building the requirements before considering a solution helps to ensure that you are actually addressing the business challenge, rather than simply favouring a specific solution – whether consciously or subconsciously.
Usually, not all the requirements will have equal importance – so it is also a good idea to introduce some form of simple weighting criteria. It is better to resist the temptation to make this too complex; all of the key stakeholders should be able to understand and agree to these criteria. Ideally, all of this will be done before starting to consider the potential solutions.
By focusing on People, Process and then Technology, you will significantly increase the likelihood of delivering value to the organisation.
Avoid implementing technology that is looking for a problem
New and evolving technologies are being developed and sold every day, and this is especially true in the information security space – given the growing concerns over cyber security amongst governments and businesses. Technology vendors are always keen to show off their products and promote them as the solution to your problems, i.e. the ‘silver bullet’, which often leads to putting technology first.
When you start with a technology solution in mind, you will find yourself looking for a reason to implement that solution – meaning you are already biased in your thinking. It is all too easy to believe that a problem exists when you know how to solve that specific problem. It may be true that this particular problem does exist in your organisation, but it may not have a high priority.
Obtain a mandate to make lasting change
At the beginning, it is important to ensure that you have obtained the right mandate which must extend beyond the life of the project. You need to consider what changes to the organisation will be required as a result of the implementation of the specific solution. Furthermore, you also need to determine how this will impact the culture of the organisation. The longer term benefits of the project and resulting changes in the organisational practices and culture need to be included in the project’s business case.
These benefits need to be articulated to the business in language that they will understand and not in technobabble, which will just confuse them. It is worth spending time with all of the key stakeholders, and any others impacted by the changes, to explain to them the benefits to both the organisation and the specific individuals. When people feel involved in the process of change, they are much more likely to adopt and embrace that change.
Throughout the project, it is critical to ensure that the buy-in created at the start is nurtured and continues to grow – given that the goal is to create a lasting change. Over time, you will be able to build your reputation, as success in one project leads to higher confidence in your ability to deliver in future.
Confront the roadblocks to implementation
It is a fact of life that not everything always runs smoothly… in our experience, this is especially true when it comes to implementing technology projects – especially IT Security Tools. In fact, it is not unusual for a similar project to spring up three or four years later to do the same thing. You are likely to encounter a number of roadblocks during the course of such a project.
It is all too tempting to avoid roadblocks and hope that they will go away of their own accord – however, this is rarely the case. We have seen projects happily proceeding with everyone believing that their status is “Green” and then, suddenly, two weeks before their “go live” date, their status suddenly becomes “Red”. Usually, this is because roadblocks were ignored – so the best advice is NOT to bury bad news.
Obviously, just telling the stakeholder about the roadblocks and that it is bad news is not sufficient or acceptable. You need to confront the problem by informing the stakeholder that there is an issue which you are investigating and that you will be providing them with options by a specific date. To achieve this, you need to analyse the various issues at hand – consider all the possible ways of solving the problem and determine the preferred course of action, including any changes to the timelines, costs and potential benefits.
Today’s working environment is extremely dynamic and speed of change seems to be continuing to increase, so it is quite possible that the requirements may change during the lifetime of a project. Remaining open to change is key to success and you should be prepared to question your assumptions as any requirements alter.
Throughout, you need to be pragmatic and focus on practical solutions without losing sight of the overall goals of the project. If the actions required to overcome a particular roadblock would significantly erode the potential benefits of the project, then it is a perfectly valid action to terminate the project rather than wasting more resources on trying to reach completion. Too few projects ever reach this conclusion because everyone involved is too determined to see it through, come what may and regardless of the impact.
Find out more about how your business can truly protect its future from cyber threats by contacting Corix Partners. Corix Partners is a Boutique Management Consultancy Firm, focused on assisting CIOs and COOs in resolving Security Strategy, Organisation & Governance challenges.