VMblog recently spoke with Colin Earl, the founder and CEO of Agiloft, who shared his expertise around topics that are related to IT risk management fundamentals and how to mitigate those risks in the digital age.
VMblog: What are the biggest IT risks for
enterprises today?
Colin Earl: Potential IT risks continue to grow in number and complexity with the
rapid pace of technology. Today's legacy business processes regularly expose
enterprises to risks that could result in reputational damage, fines, financial
losses, legal liability, and unhappy customers. The top risks for enterprises
include:
- Data Security: Security risks are a top-of-mind issue for
all enterprises today. Data breaches that expose consumer data and break
trust with customers are a CEO's worst nightmare. Whether it's valuable IP,
pricing information, or confidential customer and employee data, once the
perimeter is breached, the potential damage is catastrophic.
- Compliance and Governance Failure: Another major risk involves managing
compliance. Whether it's HIPAA, Sarbanes-Oxley, or GDPR, businesses are
challenged to meet a variety of changing regulatory requirements, which
inevitably require new IT systems and policies to manage. Just as damaging are
failures in governance, where there are no systems in place to keep track of
and enforce a company's own internal policies.
- Implementation Failure: Any software implementation exposes a
business to a certain level of risk. Traditional, code-heavy solutions come
with an enormous price tag, take many months or years to deploy, and their
prices increase as more and more custom code is required to keep the system
running. And for most companies today, their business applications require
extensive custom coding for changes. As a result, changes take a long time and
frequently introduce bugs, which must be tested for, further extending
deployment time frames and technology risk failure.
VMblog: How have those risks changed recently?
Earl: IT systems are at the heart of just
about every business activity today, and an increasingly connected world
exposes organizations to several hidden threats. For example, if your company
stores contracts and other documents with confidential information on
individual computers, you are basically sending an open invitation for theft.
Additionally, the quickening pace
of modern commerce generates all kinds of risks, which enterprises must work
overtime to guard against. As regulations multiply, so do the chances of a
compliance failure, which can cause enterprise-threatening damage from big
fines to lawsuits and even criminal prosecutions.
VMblog: How do companies know if they have a
problem?
Earl: Organizations operating on legacy systems that are too busy putting out
fires to implement a new system are at extreme risk of IT failure. This is also
a strong indicator that your business processes need improvement. It's easy to
get caught in the trap of only responding to urgent tasks, especially when they
seem to bury the business. But if you do not take time to address the root
problems, like improving efficiency and the costs of managing compliance, then
you will never solve the larger process issues that are causing these fires in
the first place.
VMblog: How can they mitigate those risks? What step
should companies take first?
Earl:
Data Security: Enterprise must take a strategic approach to IT
security that identifies threats, protects sensitive information, and keeps
critical systems running. The best enterprise software gives organizations the
ability to carefully control access to data. A contract and commerce lifecycle
management (CCLM) system that manages access with well-defined permissions is
critical to ensuring data security. For instance, Agiloft offers secure
interfaces for vendors, providers, and internal staff with the ability to
define precise access controls down to the field level such as contract value,
workflow status, location, and any other desired group or individual
permissions. In addition to standard CLM features like two-factor
authentication and data encryption, these features can ensure your most
valuable IP, customer data, and contracts don't end up in the wrong hands.
Compliance and Governance
Failure: If you are attempting to
monitor compliance manually, you are exposing your company to tremendous risk
of compliance failure. Contract management software simplifies the
process by digitally auditing current contracts to ensure they have the
appropriate clauses related to data privacy, arbitration, confidentiality, or
other regulations that affect your business. Agiloft helps you build compliance
into your current business processes as well as integrate with other existing
systems vital to those processes.
Chevron's approach to Sarbanes-Oxley
is a good example of a company that automates management of complex compliance
requirements. As one of the largest energy companies in the world, Chevron must
document every change in its accounting process to comply with Sarbanes-Oxley
requirements. Chevron uses Agiloft process automation software to automatically
track and enforce all change requests, providing auditable records. Since the
process from entry to reporting is completely automated, it frees up staff for
more productive activities and nobody worries about manual errors or
inaccuracies.
Implementation Failure: Many business leaders and IT professionals
face an uphill battle when thinking about how to complete successful IT
projects. To help mitigate software
implementation risks, start by asking your vendor to take on some of
that risk through a guarantee on software and services. After all, if the
vendor is not able to guarantee their work, how can you trust that they will
deliver the product you want? The value of the guarantee is not that you'll get
your money back, it's that you won't need to ask for it. While rare in the
industry, this type of guarantee is worth seeking out as it can greatly reduce
the risks of implementing automated software that can defend against today's
technology risk failure. At Agiloft, we offer our customers a 100% satisfaction
guarantee on both the software licenses and services. If a customer is not satisfied
with the results or wants to cancel for any reason within 90 days of purchase,
they pay nothing. Over 27 years and thousands of implementations, the guarantee
has only been invoked three times.
##
About Colin Earl
Colin Earl
is the founder and CEO of Agiloft,
a Silicon Valley pioneer in no-code development platforms for business
applications.