Technology Risk Management - The Definitive Guide | LeanIX

Technology risk management is a broad, complex topic that cannot be solved by manual data maintenance – no matter how great your team is. With the help of ... Products Solutions Customers Partners Resources Company Getstarted EnterpriseArchitectureManagement(EAM) BuildtechnologylandscapestopoweroutstandingcustomerexperiencesandtransformyourIT SaaSManagementPlatform(SMP) Discover,optimizeandmanageSoftware-as-a-Serviceatscaleintheenterprise ValueStreamManagement(VSM) Discover,catalogandimprovetheefficiencyofsoftwaredelivery LeanIXContinuousTransformationPlatform® TruecloudnativeSaaS,certifiedwiththehigheststandardsforsecurityanddataprivacy Learnmore ByUseCase Deliverbetterexperiences ApplicationPortfolioManagement ObsolescenceRiskManagement Data&IntegrationArchitecture Post-MergerITIntegration SAPS/4HANATransformation MicroserviceCatalog ApplicationModernization&CloudMigration SecurityVulnerabilityMitigation SaaSManagement ByUserRole EnterpriseArchitect SRE&DevOpsEngineer VP/HeadofProcurement IT&SoftwareAssetManager CustomerStories Findcompanieslikeyoursandseewhattheyhavetosay ProfessionalServices LearnhowLeanIXhelpsyouimprovetime-to-valuewithdedicatedconsultants CustomerSuccess GenerateactionableinsightsInamatterofweekswiththeLeanIXimplementation LeanIXCommunity Accessthecommunityportalandbenefitfromsharedbestpracticesandknowledge LeanIXConnect AttendtheleadingindustryconferenceforEnterpriseArchitects,CIO,CTOs,CloudArchitects LeanIXAcademy AccesstrainingandcertificationprogramstoexpandyourLeanIXknowledge 700+LeanIXCustomers AgrowinglistofindustryleaderswhotrustinLeanIX SeeFullList FindaPartner Consultants,advisors,technologypartners:FindtherightPartnerinyourregion PartnerProgram SignuptotheLeanIXpartnerprogramandbeginyourjourney PartnerPortal Leadregistrationandallthepartnerenablementyouneed LeanIXStore ContributetotheLeanIXecosystembyprovidingextensionslikenewreports,integrations,orotherassets PartnerEvents Searchingforanopportunitytomeetusoraneventforpotentialandexistingpartners LeanIXAcademicEdition Bringdata-drivenEAtoyouruniversityclassrooms—trytheLeanIXAcademicEditionforfree ResourceLibrary Takeyourcapabilitiestothenextlevelandarmyourselfwiththeknowledgeyouneed DocumentationHub Accessthelatestdocumentation,usecasedescriptionandLeanIXfeaturechanges LeanIXSupport Accessthecommunityportalandbenefitfromsharedbestpracticesandknowledge UnleashITPodcast ListentoourpodcastaboutcontinuoustransformationhostedbyLeanIXfounderAndréChrist LeanIXBlog Getadvice,tipsandtricksfromourproductexpertsandindustrythoughtleaders Wiki ReadaboutkeytopicslikeEnterpriseArchitecture,ValueStreamManagementorSaaSManagement Events&Webinars Checkouttheupcomingeventscalendartodiscoverexcitinglearningopportunities BusinessCapabilityMaps Navigateyourwaythroughourlibraryanddownloadatemplateforyourindustry Aboutus Learnmoreaboutourcompanyvision,theexecutiveteamandinvestors IndustryRecognition AccoladesforLeanIXfromanalystsandmedia Newsroom ReadthelatestinLeanIXannouncementsandcoverage Career Findanopportunitytochallengeandbechallenged,andworkwithsomeofthemosttalentedpeople Events&Webinars Checkouttheupcomingeventscalendartodiscoverexcitinglearningopportunities Industryacknowledgments SeeLeanIX’recentindustryacknowledgmentsandanalystsrecognitions. EngineeringBlog StoriesfromourdailyEngineeringwork Sustainability DiscoverwhatLeanIXisdoingforagreenerfuture Contactus Getintouchwithusviaemail,phoneoratanyofourofficesworldwide EAManagement Scheduleademo ValueStreamManagement Free14-DayTrial Scheduleademo SaaSManagementPlatform Scheduleademo Products EnterpriseArchitectureManagement ValueStreamManagement SaaSManagementPlatform LeanIXContinuousTransformationPlatform® Solutions ByUseCase Deliverbetterexperiences ApplicationPortfolioManagement ObsolescenceRiskManagement PostMergerIntegration ApplicationModernization&CloudMigration Data&IntegrationArchitecture SAPS/4HANATransformation MicroserviceCatalog SaaSManagement SecurityVulnerabilityMitigation ByUserRole EnterpriseArchitect SRE&DevOpsEngineer IT&SoftwareAssetManager VP/HeadofProcurement Customers CustomersStories Customers CustomerSuccess ProfessionalServices LeanIXCommunity LeanIXConnectSummit Partners FindaPartner PartnerProgram PartnerPortal BecomeaPartner PartnerEvents Store LeanIXAcademicEdition Resources Blog ResourcesLibrary DocumentationHub Support Podcast Wiki VirtualEvent&Webinars Company AboutUs Newsroom Events&Webinars Career Industryacknowledgment EngineeringBlog Sustainability ContactUs Getstarted Login TheDefinitiveGuideto TechnologyRiskManagement DownloadfreeWhitePaper Technologyriskisanypotentialfortechnologyfailurestodisruptyourbusinesssuchasinformationsecurityincidentsorserviceoutages.1 DownloadfreeWhitePaper Shortcuts Introduction WhatyouneedtoknowaboutTechnologyRiskManagement Benefitsoftechnologyriskassessments Howtoperformatechnologyriskassessment Deep-dive:End-of-lifemanagement Deep-dive:Compliance Deep-dive:Complexity Conclusion IntroductiontoTechnologyRiskManagement LetmestartwithashockingexampleofhowarunawayITriskincidentcanhaveacatastrophicimpact,justlikewhathappenedtotheairlineComair,asubsidiaryofDeltaAirLines.OnebusyDecember,Comair’screw-schedulingsystemfailedbecauseitwasonlycapableofhandlingacertainnumberofchangesamonth.Thesystemabruptlystoppedfunctioning,leavingnearly200,000passengersstrandedthroughouttheUSintherun-uptoChristmas.RevenuelossesasadirectresultofthisincidentareestimatedatUS$20million. Anup-to-dateEAinventorygivesyouinformationonallyourapplicationsincludingthetechnologiestheyarebasedon.ThishelpsyoutoassesswhichapplicationsmightbeatriskbecauseunderlyingITcomponentsarenolongersupportedandletsyoukeeptrackofyourtechnologystandards.Incidentsthathappenbecauseofunsupportedtechnologycomponentsonaveragewillcostcompaniesaround€600.000.Inthisdefinitiveguide,youwilllearnhowtoavoidthissituation.   WhatyouneedtoknowaboutTechnologyRiskManagement Mostcompaniesaremuchbetteratintroducingnewtechnologiesthanretiringthem.Thecostofrunningunsupportedtechnologycanbehigh.CostsofIToutagesanddatabreachesrunintothemillions.Attheend-of-lifeoftechnology,ITmanagementhastodealwithchallengessuchasintegrationissues,limitedfunctionality,lowservicelevels,lackofavailableskills,andmissingsupportfromvendors. Thetwentylargesttechnologyvendorsaloneprovideoveramillionofdifferenttechnologyproducts.Therelatedinformation,likelifecycles,canchangeeverysingleday.  Mostcompaniesaremuchbetteratintroducingnewtechnologythanretiringit.67%ofCIOsindicatetheirtechnologyriskmanagementasineffective. Ifyouareresearchinghowtodoatechnologyriskassessment,thisstoryisprobablyalreadyfamiliartoyou.Thisiswhywehavecreatedadefinitiveguidetotechnologyriskassessment. The technologyrisklandscape isquicklychanging,mainlyduetoemergingtechnologiessuchasblockchain,ornewmethodslikemicroservices.Ifnothandledaccordingly,thisresultsinanincreasedITrisk,andthus,anincreasedriskfortheentireenterprise.  AccordingtoKPMG’s technologyriskmanagementsurvey,technologyriskmanagementneedstoevolvetobepreparedforthisnew,fast-pacedanddisruptiveworld.Manyorganizationsoperatinginthedigitalagedonotconsidertechnologyriskasavaluecenterandstillremainstuckintraditional,compliance-focusedapproachestotechnologyriskthatdon’tofferthebestcontroloftechnologyassets,processes,andpeople—includingstaticqualitativemeasurement,reactiveriskdecisionsandalackofinnovation. Didyouknowthat72%oforganizationsbringtechriskteamsintoprojectsoncetechnologyriskissueshavealreadyappearedand47%adopttechnologiessuchasmobileappsanddeviceswithoutevenincludingtheminriskassessments?  BenefitsofTechnologyRiskAssessments Therearevariousbenefitstothis.Amongstthemare: Reducingcosts FindoutwhatthebesttechnologiesarebyassessingthefunctionalfitofeachITcomponentandthebusinesscriticality.Thisletsyouoptforastandardacrossregionsoroffices,thusreducingredundantapplicationsand/ortechnologies.Forexample,whywouldweuseOracleandMySQL? Wewouldbepayingforbothwhenoneofthemcouldbesuitablefortheentireorganization. Reducingrisks Whathappenswhenwehaven’tupdatedoursoftwaretothelatestversionyet?Orevenworse,whyweareusingfivedifferentversions?Thiscouldbeduetoanunderlyingtechnology.Otherapplicationsdependantonanunderlyingapplicationcouldeventuallyleadtoasnowballeffectoferrorsthroughouttheentireorganization.Itiscrucialtoidentifyandunderstandwhichunderlyingtechnologiesexist,theirlifecycles,andanysoftwaredependencies. Image1:ITComponentMatrixshowingthelifecycleofITcomponentsregardingtheirprovidersandtechstacks. Increasingagility Oneofthetopicsthatmostcompaniesbattlewithisstandardization.Whenwedonothaveclearstandardsdefined,thingsgetchaoticfast.Oncethesestandardshavebeendefined,wemustalsomakesurethattheyarebeingfollowed.Ideally,oneshouldnothavetogodoortodoorassessing,forexample,howwellstakeholdersareadheringtoITsecuritystandards.Toacknowledgethis,werecommendusingsurveys.Youcaneitheruseatool,suchasSurveyMonkey,orusetheLeanIXSurveyfeature,whichautomaticallyimportsallanswersintothetool,readyforassessment. Image2:LeanIXSurveyshowinghowtoefficientlydoanIT-securityassessment.     Poster BestPracticestoDefineTechnologyStacks Thisposterleveragesvisualtechnologystackexamplestoenableyoutocreatetheperfecttech.stackforyourorganization. Downloadnow Presentation BestPracticeTechnologyStacksforSmall,Medium,&LargeCompanies CategorizingITComponentscanenablesmarteranalyticsandpriorities.Organizeyourtechnologyfromleantodetailedwiththesethreetemplates. Downloadnow Poster IntegrateEAandITSMwiththeLeanIXServiceNowIntegration ThisposterillustrateshowwebridgethegapbetweenEnterpriseArchitecture(EA)andITServiceManagement(ITSM). Downloadnow Allfreeressources HowtoperformaTechnologyRiskAssessment Nowthatwehaveestablishedthebenefits,youwillprobablywanttoknowwhatthestepsaretocreateathoroughtechnologyassessment.  Werecommendthefollowing: Getacompletelistofapplicationsyouuse Hopefully,youhavebeendocumentingyourapplicationsoverthepastyear.Ifnot,IwouldsuggestfirstreadingourrulesandguidelinesforApplicationRationalization. Withoutanoverviewofyourcurrentapplicationlandscape,itdoesnotmakesensetostartatechnologyassessment.Youwouldn’tstartbakingacakewithoutalistofingredients,right?Asafirststep,youneedtocollectalistofalltheapplicationsyouarecurrentlyusinginyourenterprise. Assessthesoftwareversionsthatareinuse Thenextstepistofindoutwhatsoftwareversionsarebeingused. Asabestpractice,werecommendusingatechnologystacktogroupyoursoftware.Youcanalsotagyoursoftware(manuallyorusingout-of-the-boxLeanIXtags)toreferencetheminthefuture.Inthescreenshotexamplebelow,youcanseethatwehavetaggedthemviatheCandidate,Leading,Exception,Sunset model. Assessserversanddatacentersinuse Thisnextstepissimilartothepreviousones.Werecommendagainassigningatechnologystacktoeachserveranddatacenter. Inthisstep,youshouldalsoverifythedata.Forexample,youcancheckwhereyourserversarelocatedbyusinganITcomponentlocationreport. Linksoftwareandserverstoapplications Afterhavingcollectedandverifiedallofthedataintheprevioussteps,itisimportanttonowcreatethelinkbetweensoftware,servers,andapplications.Thisletsyoulaterunderstandthedependenciesbetweentheseobjects,andthusavoidsituationsliketheonepreviouslydescribed. Image4:FreedrawreportshowingdependenciesbetweenanapplicationanditsITcomponentsandtechnicalstacks. Findouthowtechnologyaffectsyourbusiness Youmadeittothefinalstep.Nowit’stimetofindoutwhattechnologyriskactuallymeansforyourbusiness.Timetoputthepiecestogether,forexample,wecannowusefindoutwhereapplicationsusingcertainsoftwareversionsarehosted.   Deep-Dive:end-of-lifemanagement Oneofthemostimportantfactorsintechnologyriskmanagementisend-of-lifemanagement.  Whatdoesthismean?Companiesthatdon’tpayattentiontodeployedtechnologyreachingobsolescenceface ahighernumberofsecurityrisksandvulnerabilities thancompaniesthatkeepacloseeyeonthelife-cycleofelementsintheirITlandscape.Also,continuingtousehardwareorsoftwarethatisnolongersupportedmakesiteasierforcybercriminalstogainaccesstosystemsanddata. Thiscrucialtopicisoftenoverlooked,evengovernmentagenciesarenotimmunetothis.USGovernmentauditorsblastedtheInternalRevenueService(IRS)in2015formissingdeadlinestoupgradeWindowsXPPCsanddatacenterserversrunningWindowsServer2003,bothofwhichhavebeenretiredbyMicrosoft. NinemonthsafterWindowsXPfelloffMicrosoft’ssupportlist,theagencystillcouldnotaccountfor1,300PCs,about1%ofitstotal,andsocouldnotsaywhethertheyhadbeenpurgedoftheancientOS.TheIRSalsohadtopayMicrosoftforpost-retirementsupportcontractstobeprovidedwithcriticalsecurityupdates. Figure5-Thebusiness impactoftechnologyobsolescence.   Deep-dive:Compliance BusinessesneedtocomplywithmanyregulationsfromHIPAAtoPCIandFISMA.Whilecompliancedoescostmoneyandintermsoftechnology,requiresanaccurateviewofapplicationsandtechnology,thecostofnon-complianceisusuallyhigher.Asaruleofthumb,expertssaythatthecostofnon-complianceis2.5timeshigherthanthecostofcompliance. Anup-to-dateEAInventorydoesnotonlyprovideyouwithreliabledatathatyoucanusetodocumentyourcompliancewithregulations.TheLeanIXSurveyAdd-oncanalsohelpyoutocreatead-hocorregularsurveysfortheappropriatestafftomaintainaccurateinformationabout,forexample,theuseofsensitivedatabyapplications. AcurrentEAusecaseisGDPRforexample;Wecanassessourdatatodeterminetheirlevelofprivacysensitivity,categorizingthemaspublic/unclassified,sensitive,restricted,orconfidential.IfyouareusingaprofessionalenterprisearchitecturemanagementtoolsuchasLeanIX,youcanusetagstoaddfurtherattributes(e.g."GDPRrestricted")toadataobjectorapplication.Thiswillusuallyalreadybepartofyourinternalsecurityprocesses,whereyouassignattributessuchasconfidentiality,integrity,oravailabilitytodata. Deep-dive:Complexity Complexityistheenemyofsecurity.Whenitcomestotheretirementofoldtechnology,CIOshavetocarefullybalancetwoaspects.Ontheonehand,theyneedto“keepthelightson”.Theyneedtomakesure,aboveeverythingelse,thatIToperationsarerunningsmoothly. Theoldproverbsays,“Ifitisn'tbroken,don’tfixit,”butthisadagewasnotwrittenwithdigitaltransformationinmind.Thereis,ofcourse,sometruthinthesaying,asanupgradetonewertechnologyusuallyisaccompaniedbysomekindofinterruption,butkeepingthestatusquocomesatthecostof increasedcomplexity. Figure6: LeanIXdashboard illustrateswhichapplicationsareatriskastheunderlyingITcomponentsareoutofthelifecycle.  Obsolescenceandhardwaremaintenance,aswellassecurity,aresomeofthemostpressinginformationtechnologyproblemsfacingorganizationstoday.NotplanningforthefutureoftechnologyisbyfaroneofthemostcostlyITmistakesthatmanyenterprisesmake. Inconclusion: Mostcompaniesaremuchbetteratintroducingnewtechnologiesthanretiringthem.Thecostofrunningunsupportedtechnologycanbehigh.CostsofIToutagesanddatabreachesrunintothemillions. Technologyriskmanagementisabroad,complextopicthatcannotbesolvedbymanualdatamaintenance–nomatterhowgreatyourteamis.WiththehelpofLeanIXsoftware,enterprisearchitectscanquicklysourceup-to-datetechnologyproductinformation.Thisinformationisessentialwhenassessingtheriskoftheapplicationlandscapes,andtoplan,manageorretiretechnologycomponentsinasmartway. FreeWhitePaper NineUseCasesSolvedwithEnterpriseArchitecture Digitaltransformationhasuncoveredthetruevalueofenterprisearchitecture. Previewthefirst10pages Previous Page:/ Next Fillouttheformtogetthefullversion AnswerstofrequentlyaskedquestionsonTechnologyRiskManagement WhatdoesTechnologyRiskManagementmean? TechnologyriskmanagementistheapplicationofriskmanagementmethodstoITinordertominimizeormanageITriskaccordingly.Technologyriskmanagementgoeshandinhandwithapplicationportfoliomanagement,buttakesintoaccountevenmorefactors,suchasbusinesscriticality,functionalfitandtechnicalfit.Text WhatarethebenefitsofTechnologyRiskAssessments? BydoingTechnologyRiskAssessmentsyourcompanybenefitsdirectlyfromreducedcosts,reducedriskandincreasesmentofyourfirmsagility.Thisincreasesyourcompetitivenessinamoredigitalandfast-movingmarket. HowtoperformaTechnologyRiskAssessment? Getacompletelistofapplicationsyouuse Assessthesoftwareversionsthatareinuse Assessserversanddatacentersinuse Linksoftwareandserverstoapplications Findouthowtechnologyaffectsyourbusiness Learnmoreabout EnterpriseArchitecture EnterpriseArchitecture EverythingaboutwhatisEnterpriseArchitecture(EA),EAFrameworks,benefits,EnterpriseArchitectureManagement(EAM)andthemostimportantusecases. ApplicationPortfolioManagement Learneverythingyouneedtoknowaboutapplicationportfoliomanagement(APM),includingbestpractices,howtogetstartedwithAPMandacompleteguideonapplicationportfoliomanagement. ApplicationRationalization Applicationrationalizationmeanstostreamlinetheapplicationportfoliowiththegoalofreducingcomplexityandloweringtotalcostofownership(TCO). BusinessCapabilities Readeverythingaboutbusinesscapabilitiesandbusinesscapabilitymodeling.LearnnowhowtocreateyourownBusinessCapabilityModelin4steps! FreeWhitePaper NineUseCasesSolvedWithEnterpriseArchitecture Downloadnow! RequestaDemo GainValueoutofYourEAProgramNow! as