Adopt Change Management Practices & Succeed at IT Organizational Redesign

The perfect IT organizational structure will fail to be implemented if there is no change management.

Analyst Perspective

Don’t doom your organizational redesign efforts

After helping hundreds of organizations across public and private sector industries redesign their organizational structure, we can say there is one thing that will always doom this effort: A failure to properly identify and implement change management efforts into the process. Employees will not simply move forward with the changes you suggest just because you as the CIO are making them. You need to be prepared to describe the individual benefits each employee can expect to receive from the new structure. Moreover, it has to be clear why this change was needed in the first place. Redesign efforts should be driven by a clear need to align to the organization’s vision and support the various objectives that will need to take place. Most organizations do a great job defining a new organizational structure. They identify a way of operating that tells them how they need to align their IT capabilities to deliver on strategic objectives. What most organizations do poorly is invest in their people to ensure they can adopt this new way of operating. Brittany Lutes Research Director, Organizational Transformation Info-Tech Research Group

Executive Summary

Info-Tech Insight

Implementing your organizational design with good change management practices is more important than defining the new organizational structure.

Your challenge

This research enables organizations to succeed at their organizational redesign:

• By implementing the right change management practices. These methods prevent:
  • The loss of critical IT employees who will voluntarily exit the organization.
  • Employees from creating rumors that will be detrimental to the change.
  • Confusion about why the change was needed and how it will benefit the strategic objectives the organization is seeking to achieve.
  • Spending resources (time, money, and people) on the initiative longer than is necessary.

McKinsey reported less than 25% of organizational redesigns are successful. Which is worse than the average change initiative, which has a 70% failure rate.

Source: AlignOrg, 2020.

The value of the organizational redesign efforts is determined by the percentage of individuals who adopt the changes and operate in the desired way of working.

When organizations properly use organizational design processes, they are:

4× more likely to delight customers

13× more effective at innovation

27× more likely to retain employees

Source: The Josh Bersin Company, 2022

Common obstacles

These barriers make implementing an organizational redesign difficult to address for many organizations:

• You communicated the wrong message to the wrong audience at the wrong time. Repeatedly.
• There is a lack of clarity around the drivers for an organizational redesign.
• A readiness assessment was not completed ahead of the changes.
• There is no flexibility built into the implementation approach.
• The structure is not aligned to the strategic goals of IT and the organization.
• IT leadership is not involved in their staff’s day-to-day activities, making it difficult to suggest realistic changes.

Don’t doom your organizational redesign with poor change management

Only 17% of frontline employees believe the lines of communication are open.

Source: Taylor Reach Group, 2019

43% Percentage of organizations that are ineffective at the organizational design methodology.

Source: The Josh Bersin Company, 2022.

Change management is a must for org design

Forgetting change management is the easiest way to fail at redesigning your IT organizational structure

• Change management is not a business transformation.
• Change management consists of the practices and approaches your organization takes to support your people through a transformation.
• Like governance, change management happens regardless of whether it is planned or ad hoc.
• However, good change management will be intentional and agile, using data to help inform the next action steps you will take.
• Change management is 100% focused on the people and how to best support them as they learn to understand the need for the change, what skills they must have to support and adopt the change, and eventually to advocate for the change.

"Organizational transformation efforts rarely fail because of bad design, but rather from lack of sufficient attention to the transition from the old organization to the new one."

– Michael D. Watkins & Janet Spencer. ”10 Reason Why Organizational Change Fails.”

Info-Tech’s approach

Redesigning the IT structure depends on good change management

Common changes in organizational redesigns

Top reasons organizational redesigns fail

1. The rationale for the redesign is not clear.
2. Managers do not have the skills to lead their teams through a change initiative like organizational redesign.
3. You communicated the wrong messages at the wrong times to the wrong audiences.
4. Frontline employees were not included in the process.
5. The metrics you have to support the initiative are countering one another – if you have metrics at all.
6. Change management and project management are being treated interchangeably.

Case study: restructuring to reduce

Clear Communication & Continuous Support

Situation

On July 26th, 2022, employees at Shopify – an eCommerce platform – were communicated to by their CEO that a round of layoffs was about to take place. Effective that day, 1,000 employees or 10% of the workforce would be laid off.

In his message to staff, CEO Tobi Lutke admitted he had assumed continual growth in the eCommerce market when the COVID-19 pandemic forced many consumers into online shopping. Unfortunately, it was clear that was not the case.

In his communications, Tobi let people know what to expect throughout the day, and he informed people what supports would be made available to those laid off. Mainly, employees could expect to see a transparent approach to severance pay; support in finding new jobs through coaching, connections, or resume creation; and ongoing payment for new laptops and internet to support those who depend on this connectivity to find new jobs.

Results

Unlike many of the other organizations (e.g. Wayfair and Peloton) that have had to conduct layoffs in 2022, Shopify had a very positive reaction. Many employees took to LinkedIn to thank their previous employer for all that they had learned with the organization and to ask their network to support them in finding new opportunities. Below is a letter from the CEO:

Shopify, 2022.

Forbes, 2022.

Aligned to a Meaningful Vision

An organizational redesign must be aligned to a clear and meaningful vision of the organization.

Define the drivers for organizational redesign

And align the structure to execute on those drivers.

• Your structure should follow your strategy. However, 83% of people in an organization do not fully understand the strategy (PWC, 2017).
• How can employees be expected to understand why the IT organization needs to be restructured to meet a strategy if the strategy itself is still vague and unclear?
• When organizations pursue a structural redesign, there are often a few major reasons:
  • Digital/organizational transformation
  • New organizational strategy
  • Acquisition or growth of products, services, or capabilities
  • The need to increase effectiveness
  • Cost savings
• Creating a line of sight for your employees and leadership team will increase the likelihood that they want to adopt this structure.

“The goal is to align your operating model with your strategy, so it directly supports your differentiating capabilities.”

– PWC, 2017.

How to align structure to strategy

Recommended action steps:

• Describe the end state of the organizational structure and how long you anticipate it will take to reach that state. It's important that employees be able to visualize the end state of the changes being made.
• Ensure people understand the vision and goals of the IT organization. Are you having discussions about these? Are managers discussing these? Do people understand that their day-to-day job is intended to support those goals?
• Create a visual:
  • The goals of the organization → align to the initiatives IT → which require this exact structure to deliver.
• Do not assume people are willing to move forward with this vision. If people are not willing, assess why and determine if there are benefits specific to the individual that can support them in adopting the future state.
• Define and communicate the risks of not making the organizational structure changes.

Info-Tech Insight

A trending organizational structure or operating model should never be the driver for an organizational redesign.

IT Leaders Are Not Set Up To Succeed

Empower these leaders to have difficult conversations.

Lacking key leadership capabilities in managers

Technical leaders are common in IT, but people leaders are necessary during the implementation of an organizational structure.

• Managers are important during a transformational change for many reasons:
  • Managers play a critical role in being able to identify the skill gaps in employees and to help define the next steps in their career path.
  • After the sponsor (CIO) has communicated to the group the what and the why, the personal elements of the change fall to managers.
  • Managers’ displays of disapproval for the redesign can halt the transformation.
• However, many managers (37%) feel uncomfortable talking to employees and providing feedback if they think it will elicit a negative response (Taylor Reach Group, 2019).
• Unfortunately, organizational redesign is known for eliciting negative responses from employees as it generates fears around the unknown.
• Therefore, managers must be able to have conversations with employees to further the successful implementation and adoption of the structure.

“Successful organizational redesign is dependent on the active involvement of different managerial levels."

– Marianne Livijn, “Managing Organizational Redesign: How Organizations Relate Macro and Micro Design.”

They might be managers, but are they leaders?

Recommended action steps:

• Take time to speak with managers one on one and understand their thoughts, feelings, and understanding of the change.
• Ensure that middle-managers have an opportunity to express the benefits they believe will be realized through the proposed changes to the organizational chart.
• Provide IT leaders with leadership training courses (e.g. Info-Tech’s Leadership Programs).
• Do not allow managers to start sharing and communicating the changes to the organizational structure if they are not demonstrating support for this change. Going forward, the group is all-in or not, but they should never demonstrate not being bought-in when speaking to employees.
• Ensure IT leaders want to manage people, not just progress to a management position because they cannot climb a technical career ladder within the proposed structure. Provide both types of development opportunities to all employees.
• Reduce the managers’ span of control to ensure they can properly engage all direct reports and there is no strain on the managers' time.

Info-Tech Insight

47% of direct reports do not agree that their leader is demonstrating the change behaviors. Often, a big reason is that many middle-managers do not understand their own attitudes and beliefs about the change.

Source: McKinsey & Company “How Do We Manage the Change Journey?”

Check out Info-Tech’s Build a Better Manager series to support leadership development

These blueprints will help you create strong IT leaders who can manage their staff and themselves through a transformation.

Build a Better Manager: Basic Management Skills

Build a Better Manager: Personal Leadership

Build a Better Manager: Manage Your People

Build Successful Teams

Transparent & Frequent Communication

Provide employees with several opportunities to hear information and ask questions about the changes.

Communication must be done with intention

Include employees in the conversation to get the most out of your change management.

• Whether it is a part of a large transformation or a redesign to support a specific goal of IT, begin thinking about how you will communicate the anticipated changes and who you will communicate those changes to right away.
• The first group of people who need to understand why this initiative is important are the other IT leaders. If they are not included in the process and able to understand the foundational drivers of the initiative, you should not continue to try and gain the support of other members within IT.
• Communication is critical to the success of the organizational redesign.
• Communicating the right information at the right time will make the difference between losing critical talent and emerging from the transition successfully.
• The sponsor of this redesign initiative must be able to communicate the rationale of the changes to the other members of leadership, management, and employees.
• The sponsor and their change management team must then be prepared to accept the questions, comments, and ideas that members of IT might have around the changes.

"Details about the new organization, along with details of the selection process, should be communicated as they are finalized to all levels of the organization.”

– Courtney Jackson, “7 Reasons Why Organizational Structures Fail.”

Two-way communication is necessary

Recommended action steps:

• Don't allow rumors to disrupt this initiative – be transparent with people as early as possible.
• If the organizational restructure will not result in a reduction of staff – let them know! If someone's livelihood (job) is on the line, it increases the likelihood of panic. Let's avoid panic.
• Provide employees with an opportunity to voice their concerns, questions, and recommendations – so long as you are willing to take that information and address it. Even if the answer to a recommendation is "no" or the answer to a question is "I don't know, but I will find out," you've still let them know their voice was heard in the process.
• As the CIO, ensure that you are the first person to communicate the changes. You are the sponsor of this initiative – no one else.
• Create communications that are clear and understandable. Imagine someone who does not work for your organization is hearing the information for the first time. Would they be able to comprehend the changes being suggested?
• Conduct a pulse survey on the changes to identify whether employees understand the changes and feel heard by the management team.

Info-Tech Insight

The project manager of the organizational redesign should not be the communicator. The CIO and the employees’ direct supervisor should always be the communicators of key change messages.

Communication spectrum

An approach to communication based on the type of redesign taking place

Include Employees in the Redesign Process

Stop talking at employees and ensure they are involved in the changes impacting their day-to-day lives.

Employees will enable the change

Old-school approaches to organizational redesign have argued employee engagement is a hinderance to success – it’s not.

• We often fail to include the employees most impacted by a restructuring in the redesign process. As a result, one of the top reasons employees do not support the change is that they were not included in the change.
• A big benefit of including employees in the process is it mitigates the emergence of a rumor mill.
• Moreover, being open to suggestions from staff will help the transformation succeed.
• Employees can best describe what this transition might entail on a day-to-day basis and the supports they will require to succeed in moving from their current state to their future state.
  • CIOs and other IT leaders are often too far removed from the day-to-day to best describe what will or will not work.
• When employees feel included in the process, they are more likely to feel like they had a choice in what and how things change.

"To enlist employees, leadership has to be willing to let things get somewhat messy, through intensive, authentic engagement and the involvement of employees in making the transformation work."

– Michael D. Watkins & Janet Spencer, “10 Reasons Why Organizational Change Fails.”

Empowering employees as change agents

Recommended action steps:

• Do not tell employees what benefits they will gain from this new change. Instead, ask them what benefits they anticipate.
• Ask employees what challenges they anticipate, and identify actions that can be taken to minimize those challenges.
• Identify who the social influencers are in the organization by completing an influencer map. The informal social networks in your organization can be powerful drivers of change when the right individuals are brought onboard.
• Create a change network using those influencers. The change network includes individuals who represent all levels within the organization and can represent the employee perspective. Use them to help communicate the change and identify opportunities to increase the success of adoption: “Engaging influencers in change programs makes them 3.8 times more likely to succeed," (McKinsey & Company, 2020).
• Ask members of the change network to identify possible resistors of the new IT structure and inform you of why they might be resisting the changes.

Info-Tech Insight

Despite the persistent misconceptions, including employees in the process of a redesign reduces uncertainty and rumors.

Monitor employee engagement & adoption throughout the redesign

Only 22% of organizations include the employee experience as a part of the design process

– The Josh Bersin Company, 2022.

Employee Pulse Survey

Conduct mindful and frequent check-ins with employees

Process to conduct survey:

1. Using your desired survey solution (e.g. MS Forms, SurveyMonkey, Qualtrics) input the questions into the survey and send to staff. A template of the survey in MS Forms is available here: IT Organizational Redesign Pulse Survey Template.
2. When sending to staff, ensure that the survey is anonymous and reinforce this message.
3. Leverage the responses from the survey to learn where there might be opportunities to improve the transformation experience (aligning the structure to the vision, employee inclusion, communication, or managerial support for the change). Review the recommended action steps in this research set for help.
4. This assessment is intended for frequent but purposeful use. Only send out the survey when you have taken actions in order to improve adoption of the change or have provided communications. The Employee Pulse Survey should be reevaluated on a regular basis until adoption across all four categories reaches the desired state (80-100% adoption is recommended).

Define Key Metrics of Adoption & Success

Metrics have a dual benefit of measuring successful implementation and meeting the original drivers.

Measuring the implementation is a two-pronged approach

Both employee adoption and the transformation of the IT structure need to be measured during implementation

• Organizations that are going through any sort of transformation – such as organizational redesign – should be measuring whether they are successfully on track to meet their target or have already met that goal.
• Throughout the organizational structure transition, a major factor that will impact the success of that goal is employee willingness to move forward with the changes.
• However, rather than measuring these two components using hard data, we rely on gut checks that let us know if we think we are on track to gaining adoption and operating in the desired future state.
• Given how fluid employees and their responses to change can be, conducting a pulse survey at a regular (but strategically identified) interval will provide insight into where the changes will be adopted or resisted.

“Think about intentionally measuring at the moments in the change storyline where feedback will allow leaders to make strategic decisions and interventions.”

– Bradley Wilson, “Employee Survey Questions: The Ultimate Guide.”

Report that the organizational redesign for IT was a success

Recommended action steps:

• Create clear metrics related to how you will measure the success of the organizational redesign, and communicate those metrics to people. Ensure the metrics are not contrary to the goals of other initiatives or team outcomes.
• Create one set of metrics related to adoption and another set of metrics tied to the successful completion of the project objective.
  • Are people changing their attitudes and behaviors to reflect the required outcome?
  • Are you meeting the desired outcome of the organizational redesign?
• Use the metrics to inform how you move forward. Do not attempt the next phase of the organizational transformation before employees have clearly indicated a solid understanding of the changes.
• Ensure that any metrics used to measure success will not negatively interfere with another team’s progress. The metrics of the group need to work together, not against each other.

Info-Tech Insight

Getting 100% adoption from employees is unlikely. However, if employee adoption is not sitting in the 80-90% range, it is not recommended that you move forward with the next phase of the transformation.

Example sustainment metrics

Change Management ≠ Project Management

Stop treating the two interchangeably.

IT organizations struggle to mature their OCM capabilities

Because frankly they didn’t need it

• Change management is all about people.
• If the success of your organization is dependent on this IT restructuring, it is important to invest the time to do it right.
• This means it should not be something done off the side of someone's desk.
• Hire a change manager or look to roles that have a responsibility to deliver on organizational change management.
• While project success is often measured by if it was delivered on time, on budget, and in scope, change management is adaptable. It can move backward in the process to secure people's willingness to adopt the required behaviors.
• Strategic organizations recognize it’s not just about pushing an initiative or project forward. It’s about making sure that your employees are willing to move that initiative forward too.
• A major organizational transformation initiative like restructuring requires you lean into employee adoption and buy-in.

“Only if you have your employees in mind can you implement change effectively and sustainably.”

– Creaholic Pulse Feedback, “Change Management – And Why It Has to Change.”

Take the time to educate & communicate

Recommended action steps:

• Do not treat change management and project management as synonymous.
• Hire a change manager to support the organizational redesign transformation.
• Invest the resources (time, money, people) that can support the change and enable its success. This can look like:
  • Training and development.
  • Hiring the right people.
  • Requesting funds during the redesign process to support the transition.
• Create a change management plan – and be willing to adjust the timelines or actions of this plan based on the feedback you receive from employees.
• Implement the new organizational structure in a phased approach. This allows time to receive feedback and address any fears expressed by staff.

Info-Tech Insight

OCM is often not included or used due to a lack of understanding of how it differs from project management.

And an additional five experts across a variety of organizations who wish to remain anonymous.

Research Contributors and Experts

Info-Tech Research Group

Related Info-Tech Research

Bibliography

Aronowitz, Steven, et al. “Getting Organizational Design Right,” McKinsey, 2015. Web.
Ayers, Peg. “5 Ways to Engage Your Front-Line Staff.” Taylor Reach Group, 2019. Web.
Bushard, Brian, and Carlie Porterfield. “Meta Reportedly Scales Down, Again – Here Are the Major US Layoffs This Year.” Forbes, September 28, 2022. Web.
Caruci, Ron. “4 Organizational Design Issues that Most Leaders Misdiagnose.” Harvard Business Review, 2019.
“Change Management – And Why It Has to Change.” Creaholic Pulse Feedback. Web.
“Communication Checklist for Achieving Change Management.” Prosci, 27 Oct. 2022. Web.
“Defining Change Impact.” Prosci. 29 May 2019. Web.
“The Definitive Guide To Organization Design.” The Josh Bersin Company, 2022.
Deshler, Reed. “Five Reasons Organizational Redesigns Fail to Deliver.” AlignOrg. 28 Jan. 2020. Web.
The Fit for Growth Mini Book. PwC, 12 Jan. 2017.
Helfand, Heidi. Dynamic Reteaming: The Art and Wisdom of Changing Teams. 2nd ed., O’Reilly Media, 2020.
Jackson, Courtney. “7 Reasons Why Organizational Structures Fail.” Scott Madden Consultants. Web.
Livijn, Marianne. Managing Organizational Redesign: How Organizations Relate Macro and Micro Design. Doctoral dissertation. Department of Management, Aarhus University, 2020.
Lutke, Tobias. “Changes to Shopify’s Team.” Shopify. 26 July 2022.
McKinsey & Company. “How Do We Manage the Change Journey?” McKinsey & Company.2020.
Pijnacker, Lieke. “HR Analytics: Role Clarity Impacts Performance.” Effectory, 29 Sept. 2019. Web.
Tompkins, Teri C., and Bruce G. Barkis. “Conspiracies in the Workplace: Symptoms and Remedies.” Graziadio Business Review, vol. 21, no. 1, 2021.Web.
“Understanding Organizational Structures.” SHRM,2022.
Watkins, Michael D., and Janet Spencer. “10 Reasons Why Organizational Change Fails.” I by IMD, 10 March 2021. Web.
Wilson, Bradley. “Employee Survey Questions: The Ultimate Guide.” Perceptyx, 1 July 2020. Web.

The State of Black Professionals in Tech

Keep inclusion at the forefront to gain the benefits from diversity.

Analysts' Perspective

The experience of Black professionals in technology is unique.

Diversity in tech is not a new topic, and it's not a secret that technology organizations struggle to attract and retain Black employees. Ever since the early '90s, large tech organizations have been dealing with public critique of their lack of diversity. This topic is close to our hearts, but unfortunately while improvements have been made, progress is quite slow.

In recent years, current events have once again brought diversity to the forefront for many organizations. In addition, the pandemic along with talent trends such as "the great resignation" and "quiet quitting" and preparations for a recession have not only impacted diversity at large but also Black professionals in technology. Our previous research has focused on the wider topic of Recruiting and Retaining People of Color in Tech, but we've found that the experiences of persons of color are not all the same.

This study focuses on the unique experience of Black professionals in technology. Over 600 people were surveyed using an online tool; interviews provided additional insights. We're excited to share our findings with you.

Allison Straker Research Director Info-Tech Research Group	Ugbad Farah Research Director Info-Tech Research Group

Demographics

In October 2021, we launched a survey to understand what the Black experience is like for people in technology. We wanted and received a variety of responses which would help us to understand how Black technology professionals experienced their working world. We received responses from 633 professionals, providing us with the data for this report.

For more information on our survey demographics please see the appendix at this end of this report.

26% of our respondents either identified as Black or felt the world sees them as Black.

Professionals from various countries responded to the survey:

• Most respondents were born in the US (52%), Canada (14%), India (14%), or Nigeria (4%).
• Most respondents live in the US (56%), Canada (25%), Nigeria (2%), or the United Kingdom (2%).

Companies with more diversity achieve more revenue from innovation

Organizations do better and are more innovative when they have more diversity, a key ingredient in an organization's secret sauce.
Organizations also benefit from engaged employees, yet we've seen that organizations struggle with both. Just having a certain number of diverse individuals is not enough. When it comes to reaping the benefits of diversity, organizations can flourish when employees feel safe bringing their whole selves to work.

Companies with higher employee engagement experience 19.2% higher earnings.

However, those with lower employee engagement experience 32.7% lower earnings.
(DecisionWise, 2020)

If your workforce doesn't reflect the community it serves, your business may be missing out on the chance to find great employees and break into new and growing markets, both locally and globally.
Diversity makes good business sense.
(Business Development Canada, 2023)

A study about Black professionals

Why is this about Black professionals and not other diverse groups?

While there are a variety of diversity dimensions, it's important to understand what makes up a "multicultural workforce." There is more to diversity than gender, race, and ethnicity. Organizations need to understand that there is diversity within these groups and Black professionals have their own unique experience when it comes to entering and navigating tech that needs to be addressed.

(Brookfield Institute for Innovation and Entrepreneurship, 2019)

The solutions that apply to Black professionals are not only beneficial for Black employees but for all. While all demographics are unique, the solutions in this report can support many.

Unsatisfied and underrepresented

Less Black professionals responded as "satisfied" in their IT careers. The question is: How do we mend the Gap?

Percentage of IT Professionals Who Reported Being Very Satisfied in Their Current Role

• All Other Professionals: 34%
• Black Professionals: 23%

Black workers are underrepresented in most professional roles, especially computer and math Occupations

The gap in satisfaction

What's Important?

Our research suggests that the differences in satisfaction among ethnic groups are related to differences in value systems. We asked respondents to rank what's important, and we explored why.

Non-Black professionals rated autonomy and their manager working relationships as most important.

For Black professionals, while those were important, #1 was promotion and growth opportunities, ranked #7 by all other professionals. This is a significant discrepancy.

Recognition of my work/accomplishments also was viewed significantly differently, with Black professionals ranking it low on the list at #7 and all other professionals considering it very important at #3.

All Other Professionals		Black Professionals

Maslow's Hierarchy of Needs applies to job satisfaction

In Maslow's hierarchy, it is necessary for people to achieve items lower on the hierarchy before they can successfully pursue the higher tiers.

Too many Black professionals in tech are busy trying to achieve some of the lower parts of the hierarchy; it is stopping them from achieving elements higher up that can lead to job satisfaction.

This can stop them from gaining esteem, importance, and ultimately, self-actualization. The barriers that impact safety and social belonging happen on a day-to-day basis, and so the day-to-day lives of Black professionals in tech can look very different from their counterparts.

There are barriers that hinder and solutions that support employees

There are various barriers that increase the likelihood for Black professionals to focus on the lower end of the needs hierarchy:	These are among some of the solutions that, when layered, can support Black professionals in tech in moving up the needs hierarchy. Focusing on these actions can support Black professionals in achieving much needed job satisfaction.

What does this mean?

The minority experience is not a monolith

The barriers that Black professionals encounter aren't limited to the same barriers as their colleagues, and too often this means that they aren't in a position to grow their careers in a way that leads to job satisfaction.

There is a 11% gap between the satisfaction of Black professionals and their peers.

Early Steps:
Take time to understand the Black experience.

As leaders, it's important to be aware that employee goals vary depending on the barriers they're battling with.

Intermediate:
If Black employees don't have strong relationships, networks, and mentorships it becomes increasingly difficult to navigate the path to upward mobility.

As a leader, you can look for opportunities to bridge the gap on these types of conversations.

Advanced:
Black professionals in tech are not advancing like their counterparts.

Creating clear career paths will not only benefit Black employees but also support your entire organization.

Key metrics:

• Engagement
• Committed Executive Leadership
• Development Opportunities
• Organizational Programs

Black respondents are significantly more likely to report barriers to their career advancement

Common barriers

Black professionals, like their colleagues, encounter barriers as they try to advance their careers. The barriers both groups encounter include microaggressions, racism, ageism, accessibility issues, sexual orientation, bias due to religion, lack of a career-supported network, gender bias, family status bias, and discrimination due to language/accents.

What tops the list

Microaggressions and racism are at the top of these barriers, but Black professionals also deal with other barriers that their colleagues may experience, such as gender-based bias, accessibility issues, religion, and more.

One of these barriers alone can be difficult to deal with but when they are compounded it can be very difficult to navigate through the working environment in tech.

What are microaggressions?

Microaggression

A statement, action, or incident regarded as an instance of indirect, subtle, or unintentional discrimination against members of a marginalized group such as a racial or ethnic minority.

(Oxford Languages, 2023)

Why are they significant?

These things may seem innocent enough but the messaging that is received and the lasting impression is often far from it.

Our research shows that racism and discrimination contribute to poor mental health among Black professionals.

Examples

• You're so articulate!
• How do you always have different hair, can I touch it?
• Where are you really from?
• I don't see color.
• I believe the most qualified person should get the job; everyone can succeed in this society if they work hard enough.

"The experience of having to question whether something happened to you because of your race or constantly being on edge because your environment is hostile can often leave people feeling invisible, silenced, angry, and resentful."
Dr. Joy Bradford,
clinical Psychologist, qtd. In Pfizer

It takes some time to get in the door

For too many Black respondents, It took Longer than their peers to Find Technology Jobs.

Both groups had some success finding jobs in "no time" – however, there was a difference. Thirty-four percent of "all others" found their jobs quickly, while the numbers were less for Black professionals, at 26%. There was also a difference at the opposite end of the spectrum. For 29% of Black professionals, it took seven months or longer to find their IT job, while that number is only 19% for their peers.

.

This points to the need for improvements in recruitment and career advancement.

29% of Black respondents said that it took them 7 months or longer to find their technology job.

Compared to 19% of all other professionals that selected the same response.

And once they're in, it's difficult to advance

Black Professionals are not Advancing as Quickly as their Colleagues. Especially when you look at their Experience.

Our research shows that compared to all other ethnicities; Black participants were 55% more likely to report that they had no career advancement/promotion in their career. There is a bigger percentage of Black professionals who have never received a promotion; there's also a large number of Black professionals who have been working a significant amount time in the same role without a promotion.

.Career Advancement

Black participants were 55% more likely to report that they had had no career advancement/promotion in their career.

No advancement

There's a high cost to lack of engagement

When employees feel disillusioned with things like career advancement and microaggressions, they often become disengaged. When you continuously have to steel yourself against microaggressions, racism, and other barriers, it prevents you from bringing your whole self to the office. The barriers can lead to what's been coined as "emotional tax." An emotional tax is the experience of feeling different from colleagues because of your inherent diversity and the associated negative effects on health, wellbeing, and the ability to thrive at work.

(DecisionWise, 2020)

"I've conditioned myself for the corporate world, I don't bring my authentic self to work."
Anonymous Interview Subject

Lack of engagement also costs the organization in terms of turnover, something many organizations today are struggling with how to address. Organizations want to increase the ability of the workforce to remain in the organization. For Black employees, this gets harder when they're not engaged and they're the only one. When the emotional tax gets to be too much, this can lead to turnover. Turnover not only costs companies billions in profits, it also negatively impacts leadership diversity. It's difficult to imagine career growth when you don't see anyone that looks like you at the top. It is a challenge to see your future when there aren't others that you can relate to at top levels in the organization, leading to one of our interview subjects to muse, "How long can I last?"

"Being Black in tech can be hard on your mental health. Your mind is constantly wondering, 'how long can I last?' "
Anonymous Interview Subject

Fewer Black professionals feel like they can be their authentic selves at work

Authentic vs. Successes

For many Black professionals, "code-switching," or altering the way one speaks and acts depending on context, becomes the norm to make others more comfortable. Many feel that being authentic and succeeding in the workplace are mutually exclusive.

Programs and Resources

We asked respondents "What's in place to build an inclusive culture at your company?" Most respondents (51% and 45%) reported that there were employee resource groups at their organizations.

Do you feel you can be your authentic self at work?

What can be done?

There are various actions that organizations can take to help address barriers.

It's important to ensure these are not put in as band-aid solutions but that they are carefully thought out and layered.

Our findings demonstrate that remote work, career development, and DEI programs along with mentorship and diverse leadership are strong enablers of professional satisfaction. An unfortunate consequence, if professionals are not nurtured, is that we risk losing much needed talent to self-employment or to other organizations.

There are several solutions

Respondents were asked to distribute points across potential solutions that could lead to job satisfaction. The ratings showed that there were common solutions that could be leveraged across all groups.

Respondents were asked what solutions were valuable for their career development.

All groups were mostly aligned on the order of the solutions that would lead to career satisfaction; however, Black professionals rated the importance of employee resource groups as higher than their colleagues did.

Mentorship and sponsorship are seen as key for all employees, as is of course training.

However, employee resource groups (ERGs) were rated significantly higher for Black professionals and discussions around diversity were higher for their colleagues. This may be because other groups feel a need to learn more about diversity, whereas Black professionals live this experience on a day-to day basis, so it's not as critical for them.

Double the number of satisfied Black professionals through mentorship and sponsorship

Mentorship and sponsorship help to close the job satisfaction gap for Black IT professionals. The percentage of satisfied Black employees almost doubles when they have a mentor or sponsorship, moving the satisfaction rate to closer to all other colleagues.

As leaders, you likely benefit from a few different advisors, and your staff should be able to benefit in the same way.

They can have their own personal board of advisors, both inside and outside of your organization, helping them to navigate the working world in IT.

To support your staff, provide guidance and coaching to internal mentors so that they can best support employees, and ensure that your organizational culture supports relationship building and trust.

While all are critical, coaching, mentoring, and sponsorship are not the same

Coaching

Performance-driven guidance geared to support the employee with on-the-job performance. This could be a short-term relationship.

Mentorship

A relationship where the mentor provides guidance, information, and expertise to support the long-term career development of the mentee.

Sponsorship

The act of advocating on the behalf of another for a position, promotion, development opportunity, etc. over a longer period.

For more information on setting up a mentorship program, see Optimize the Mentoring Program to Build a High Performing Learning Organization.

On why mentorship and sponsorship are important:

"With some degree of mentorship or sponsorship, it means that your ability to thrive or to have a positive experience in organizations increases substantially. Mentorship and sponsorship are very often the lynchpin of someone being successful and sticking with an organization. Sponsorship is an endorsement to other high-level stakeholders who very often are the gatekeepers of opportunity. Sponsors help to shepherd you through the gate."

Carlos Thomas Executive Councilor, Info-Tech Research Group

What is an employee resource group?

IT Professionals rated ERGs as the third top driver of success at work

Employee resource groups enable employees to connect in their workplace based on shared characteristics or life experiences.

ERGs generally focus on providing support, enhancing career development, and contributing to personal development in the work environment. Some ERGs provide advice to the organization on how they can support their diverse employees.

As leaders, you should support and encourage the formation of ERGs in your organization.

What each ERG does will vary according to the needs of employees in your organization. Your role is to enable the ERGs as they are created and maintained.

On setting up and leveraging employee resource groups:

"Employee resource groups, when leveraged in an authentically intentional way, can be the some of the most impactful stakeholders in the development and implementation of the organizational diversity, equity, and inclusion strategy. ERGs are essential to the development of policies, programs, and initiatives that address the needs of equity-seeking groups and are key to driving organizational culture and employee wellbeing, in addition to hiring and recruitment. ERGs must be set up for success by having adequate resources to do the work, which includes adequate budgets, executive sponsorship, training, support, and capacity to do the work. According to a Great Place To Work survey (2021), 50% of ERGs identified the need for adequate resources as a challenge for carrying out the work.:"

CINNAMON CLARK PRACTICE LEAD, DIVERSITY, EQUITY AND INCLUSION services, MCLEAN & CO

There is a gap when it comes to diversity in leadership

Representation at leadership levels is especially stagnant.

Black Americans comprise 13.6% of the US population
(2022 data from the US Census Bureau)

And yet only 5.9% of the country's CEOs are Black, with only 6 (1%) at the top of Fortune 500 companies.
(2021 data from the Bureau of Labor Statistics and Fortune.com)

I've never worked for a company that has Black executives. It's difficult to envision long-term growth with an organization when you don't see yourself represented in leadership.
– Anonymous Interview Subject

Having diversity in your leadership team doubles satisfaction

Our research shows that Black professionals are more satisfied in their role when they see leaders that look like them.

Satisfaction of other professionals is not as impacted by diversity in leadership as for Black professionals. Satisfaction doubles in organizations that have a diverse leadership team.

To reap the benefits from diversity, we need to ensure diversity is not just in entry or mid-level positions and provide employees an opportunity to see diversity in their company's leadership.

On the need for diversity in leadership:

"As a Black professional leader, it's not lost on me that I have a responsibility. I have to demonstrate authenticity, professionalism, and exemplary behavior that others can mimic. And I must also showcase that there are possibilities for those coming up in their career. I feel very grateful that I can bestow onto others my knowledge, my experience, my journey, and the tips that I've used to help bring me to be where I am. (Having Black leaders in an organization) demonstrates that there is talent across the board, that there are all types of women and people with proficiencies. What it brings to the table is a difference in thoughts and experience. A person like myself, sitting at the table, can bring a unique perspective on employee behavior and employee impact. CCL is an organization focused on equity, diversity, and inclusion; for sure having me at the table and others that look like me at the table demonstrates to the public an organization that's practicing what it preaches."

C. Fara Francis CIO, Center for creative leadership

Work from home

While all groups have embraced the work-from-home movement, many Black professionals find it reduces the impact of racial incidents in the workplace.

Percentage of employees who experienced positive changes in motivation after working remotely.

I have to guard and protect myself from experiencing and witnessing racism every day. I am currently working remotely, and I can say for certain my mood and demeanor have improved. Not having to decide if I should address a racist comment or action has made my day easier.
Source: Slate, 2022

Remote work significantly led to feelings of better chances for career advancement

Survey respondents were asked about the positive and negative changes they saw in their interactions and experiences with remote work. Black employees and their colleagues replied similarly, with mostly positive experiences.

While both groups enjoyed better chances for career advancement, the difference was significantly higher for Black professionals.

Reasons for Self-Employment:

More Black professionals have chosen self-employment than their colleagues.

The biggest reasons for both groups in choosing self-employment were for better pay, career growth, and work/life balance.

While the desire for better pay was the highest reason for both groups, for engaged employees salary is a lower priority than other concerns (Adecco Group's Global Workforce of the Future report). Consider salary in conjunction with career growth, work/life balance, and the variety in the work that your employees have.

If we don't consider our Black employees, not only do we risk them leaving the organization, but they may decide to just work for themselves.

Most professionals believe their organizations are committed to diversity, equity, and inclusion

38% of all respondents believe their organizations are very committed to DEI
49% believe they are somewhat committed
9% feel they are not committed
4% are unsure

Make sure supports are in place to help your employees grow in their careers:

Leadership
IT Leadership Career Planning Research Center

Diversity and Inclusion Tactics
IT Diversity & Inclusion Tactics

Employee Development Planning
Implement an IT Employee Development Plan

Belief in your organization's diversity, equity, and inclusion efforts isn't consistent across groups: Make sure actions are seen as genuine

While organization's efforts are acknowledged, Black professionals aren't as optimistic about the commitment as their peers. Make sure that your programs are reaching the various groups you want to impact, to increase the likelihood of satisfaction in their roles.

SATISFACTION INCREASES IN BOTH BLACK AND NON-BLACK PROFESSIONALS

When they believe in their company's commitment to diversity, equity. and inclusion.

Of those who believe in their organization's commitment, 61% of Black professionals and 67% of non-Black professionals are very satisfied in their roles.

Recommendations

It's important to understand the current landscape:

• The barriers that Black employees often face.
• The potential solutions that can help close the gap in employee satisfaction.

We recognize that resolving this is not easy. Although senior executives are recognizing that a diverse set of experiences, perspectives, and backgrounds is crucial to fostering innovation and competing on the global stage, organizations often don't take the extra step to actively look for racialized talent, and many people still believe that race doesn't play an important part in an individual's ability to access opportunities.

Look at a variety of solutions that you can implement within your organization; layering solutions is the key to driving business diversity. Always keep in mind that diversity is not a monolith, that the experiences of each demographic varies.

Info-Tech resources

• Recruit IT Talent
• Recruit and Retain People of Color in IT
• Recruit and Retain People of Color in IT Webinar

Appendix

About the research

Diversity in tech survey

As part of the research process for the State of Black Tech Report, Info-Tech Research Group conducted an open online survey among its membership and wider community of professionals. The survey was fielded from October 2021 to April 2022, collecting 633 responses.

Current Position

Education and Experience

Education was fairly consistent across both groups, with a few exceptions: more Black professionals had secondary school (9% vs. 4%) and more Black professionals had Doctorate degrees (4% vs. 2%).

We had more non-Black respondents with 20+ years of experience (31% vs. 19%) and more Black respondents with less than 1 year of experience (8% vs. 5%) – the rest of the years of experience were consistent across the two groups.

It is important to recognize that people are often seen by "the world" as belonging to a different race or set of races than what they personally identify as. Both aspects impact a professional's experience in the workplace.

Bibliography

Barton, LeRon. “I’m Black. Remote Work Has Been Great for My Mental Health.” Slate, 15 July 2022.

“Black or African American alone, percent.” U.S. Census Bureau QuickFacts: United States. Accessed 14 February 2023.

Boyle, Matthew. “More Workers Ready to Quit Over ‘Window Dressing’ Racism Efforts.” Bloomberg.com, 9 June 2022.

Boyle, Matthew. “Remote Work Has Vastly Improved the Black Worker Experience.” Bloomberg.com, 5 October 2021.

Cooper, Frank, and Ranjay Gulati. “What Do Black Executives Really Want?” Harvard Business Review, 18 November 2021.

“Emotional Tax.” Catalyst. Accessed 1 April 2022.

“Employed Persons by Detailed Occupation, Sex, Race, and Hispanic or Latino Ethnicity” U.S. Bureau of Labor Statistics. Accessed February 14, 2023.

“Equality in Tech Report - Welcome.” Dice, 9 March 2022. Accessed 23 March 2022.

Erb, Marcus. "Leaders Are Missing the Promise and Problems of Employee Resource Groups." Great Place To Work, 30 June 2021.

Gawlak, Emily, et al. “Key Findings - Being Black In Corporate America.” Coqual, Center for Talent Innovation (CTI), 2019.

“Global Workforce of the Future Research.” Adecco, 2022. Accessed 4 February 2023.

Gruman, Galen. “The State of Ethnic Minorities in U.S. Tech: 2020.” Computerworld, 21 September 2020. Accessed 31 May 2022.

Hancock, Bryan, et al. “Black Workers in the US Private Sector.” McKinsey, 21 February 2021. Accessed 1 April 2022.

“Hierarchy Of Needs Applied To Employee Engagement.” Proactive Insights, 12 February 2020.

Hobbs, Cecyl. “Shaping the Future of Leadership for Black Tech Talent.” Russell Reynolds Associates, 27 January 2022. Accessed 3 August 2022.

Hubbard, Lucas. “Race, Not Job, Predicts Economic Outcomes for Black Households.” Duke Today, 16 September 2021. Accessed 30 May 2022.

Knight, Marcus. “How the Tech Industry Can Be More Inclusive to the Black Community.” Crunchbase, 23 February 2022.

“Maslow’s Hierarchy of Needs in Employee Engagement (Pre and Post Covid 19).” Vantage Circle HR Blog, 30 May 2022.

McDonald, Autumn. “The Racism of the ‘Hard-to-Find’ Qualified Black Candidate Trope (SSIR).” Stanford Social Innovation Review, 1 June 2021. Accessed 13 December 2021.

McGlauflin, Paige. “The Fortune 500 Features 6 Black CEOs—and the First Black Founder Ever.” Fortune, 23 May 2022. Accessed 14 February 2023.

“Microaggression." Oxford English Dictionary, Oxford Languages, 2023.

Reed, Jordan. "Understanding Racial Microaggression and Its Effect on Mental Health." Pfizer, 26 August 2020.

Shemla, Meir “Why Workplace Diversity Is So Important, And Why It’s So Hard To Achieve.” Forbes, 22 August 2018. Accessed 4 February 2023.

“The State of Black Women in Corporate America.” Lean In and McKinsey & Company, 2020. Accessed 14 January 2022.

Van Bommel, Tara. “The Power of Empathy in Times of Crisis and Beyond (Report).” Catalyst, 2021. Accessed 1 April 2022.

Vu, Viet, Creig Lamb, and Asher Zafar. “Who Are Canada’s Tech Workers?” Brookfield Institute for Innovation and Entrepreneurship, January 2019. Accessed on Canadian Electronic Library, 2021. Web.

Warner, Justin. “The ROI of Employee Engagement: Show Me the Money!” DecisionWise, 1 January 2020. Web.

White, Sarah K. “5 Revealing Statistics about Career Challenges Black IT Pros Face.” CIO (blog), 9 February 2023. Accessed 5 July 2022.

Williams, Joan C. “Stop Asking Women of Color to Do Unpaid Diversity Work.” Bloomberg.com, 14 April 2022.

Williams, Joan C., Rachel Korn, and Asma Ghani. “A New Report Outlines Some of the Barriers Facing Asian Women in Tech.” Fast Company, 13 April 2022.

Wilson, Valerie, Ethan Miller, and Melat Kassa. “Racial representation in professional occupations.” Economic Policy Institute, 8 June 2021.

“Workplace Diversity: Why It’s Good for Business.” Business Development Canada (BDC.ca), 6 Feb. 2023. Accessed 4 February 2023.

Security Priorities 2023

How we live post pandemic

Each organization is different, so a generic list of priorities will not be applicable to every organization.

During 2022, ransomware campaigns declined from quarter to quarter due to the collapse of experienced groups. Several smaller groups are developing to recapture the lost ransomware market. However, ransomware is still the most worrying cyber threat.

Also in 2022, people returned to normal activities such as traveling and attending sports or music events but not yet to the office. The reasons behind this trend can be many fold, such as employees perceive that work from home (WFH) has positive productivity effects and time flexibility for employees, especially for those with families with younger children. On the other side of the spectrum, some employers perceive that WFH has negative productivity effects and thus are urging employees to return to the office. However, employers also understand the competition to retain skilled workers is harder. Thus, the trend is to have hybrid work where eligible employees can WFH for a certain portion of their work week.

Besides ransomware and the hybrid work model, in 2022, we saw an evolving threat landscape, regulatory changes, and the potential for a recession by the end of 2023, which can impact how we prioritize cybersecurity this year. Furthermore, organizations are still facing the ongoing issues of insufficient cybersecurity resources and organization modernization.

This report will explore important security trends, the security priorities that stem from these trends, and how to customize these priorities for your organization.

In Q2 2022, the median ransom payment was $36,360 (-51% from Q1 2022), a continuation of a downward trend since Q4 2021 when the ransom payment median was $117,116.
Source: Coveware, 2022

From January until October 2022, hybrid work grew in almost all industries in Canada especially finance, insurance, real estate, rental and leasing (+14.7%), public administration and professional services (+11.8%), and scientific and technical services (+10.8%).
Source: Statistics Canada, Labour Force Survey, October 2022; N=3,701

Hybrid work changes processes and infrastructure

Investment on remote work due to changes in processes and infrastructure

As part of our research process for the 2023 Security Priorities Report, we used the results from our State of Hybrid Work in IT Survey, which collected responses between July 10 and July 29, 2022 (total N=745, with n=518 completed surveys). This survey details what changes in processes and IT infrastructure are likely due to hybrid work.

Process changes to support hybrid work

Survey respondents (n=518) were asked what processes had the highest degree of change in response to supporting hybrid work. Incident management is the #1 result and service request support is #2. This is unsurprising considering that remote work changed how people communicate, how they access company assets, and how they connect to the company network and infrastructure.

Infrastructure changes to support hybrid work

For 2023, we believe that hybrid work will remain. The first driver is that employees still prefer to work remotely for certain days of the week. The second driver is the investment from employers on enabling WFH during the pandemic, such as updated network architecture (44%) and the infrastructure and day-to-day operations (41%) as shown on our survey.

Top cybersecurity concerns and organizational preparedness for them

Concerns may correspond to readiness.

In the Info-Tech Research Group 2023 Trends and Priorities Survey of IT professionals, we asked about cybersecurity concerns and the perception about readiness to meet current and future government legislation regarding cybersecurity requirements.

Cybersecurity issues

Survey respondents were asked how concerned they are about certain cybersecurity issues from 1 (not concerned at all) to 5 (very concerned). The #1 concern was talent shortages. Other issues with similar concerns included cyber risks not on leadership's radar, supply chain risks, and new regulations (n=507).

Cybersecurity legislation readiness

When asked about how confident organizations are about being prepared to meet current and future government legislation regarding cybersecurity requirements, from 1 (not confident at all) to 5 (very confident), the #1 response was 3 (n=499).

Unsurprisingly, the ever-changing government legislation environment in a world emerging from a pandemic and ongoing wars may not give us the highest confidence.

We know the concerns and readiness…

But what is the overall security maturity?

As part of our research process for the 2023 Security Priorities Report, we reviewed results of completed Info-Tech Research Group Security Governance and Management Benchmark diagnostics (N=912). This report details what we see in our clients' security governance maturity. Setting aside the perception on readiness – what are their actual security maturity levels?

Overall, assessed organizations are still scoring low (47%) on Security Culture and Policy and Process Governance. This justifies why most security incidents are still due to gaps in foundational security and security awareness, not lack of advanced controls such as event and incident management (58%).

And how will the potential recession impact security?

Organizations are preparing for recession, but opportunities for growth during recession should be well planned too.

As part of our research process for the 2023 Security Priorities Report, we reviewed the results of the Info-Tech Research Group 2023 Trends and Priorities Survey of IT professionals, which collected responses between August 9 and September 9, 2022 (total N=813 with n=521 completed surveys).

Expected organizational spending on cybersecurity compared to the previous fiscal year

Keeping the same spending is the #1 result and #2 is increasing spending up to 10%. This is a surprising finding considering the survey was conducted after the middle of 2022 and a recession has been predicted since early 2022 (n=489).

Five Security Priorities for 2023

Maintain Secure Hybrid Work

PRIORITY 01

• HOW TO STRATEGICALLY ACQUIRE, RETAIN, OR UPSKILL TALENT TO MAINTAIN SECURE SYSTEMS.

Executive summary

Background

If anything can be learned from COVID-19 pandemic, it is that humans are resilient. We swiftly changed to remote workplaces and adjusted people, processes, and technologies accordingly. We had some hiccups along the way, but overall, we demonstrated that our ability to adjust is amazing.

The pandemic changed how people work and how and where they choose to work, and most people still want a hybrid work model. However, the number of days for hybrid work itself varies. For example, from our survey in July 2022 (n=516), 55.8% of employees have the option of 2-3 days per week to work offsite, 21.0% for 1 day per week, and 17.8% for 4 days per week.

Furthermore, the investment (e.g. on infrastructure and networks) to initiate remote work was huge, and the cost doesn't end there, as we need to maintain the secure remote work infrastructure to facilitate the hybrid work model.

Current situation

Remote work: A 2022 survey by WFH Research (N=16,451) reports that ~14% of full-time employees are fully remote and ~29% are in a hybrid arrangement as of Summer-Fall 2022.

Security workforce shortage: A 2022 survey by Bridewell (N=521) reports that 68% of leaders say it has become harder to recruit the right people, impacting organizational ability to secure and monitor systems.

Confidence in the security practice: A 2022 diagnostic survey by Info-Tech Research Group (N=55) reports that importance may not correspond to confidence; for example, the most important selected cybersecurity area, namely Data Access/Integrity (93.7%), surprisingly has the lowest confidence of the practice (80.5%).

"WFH doubled every 15 years pre-pandemic. The increase in WFH during the pandemic was equal to 30 years of pre-pandemic growth."

Source: National Bureau of Economic Research, 2021

Leaders must do more to increase confidence in the security practice

Importance may not correspond to confidence

As part of our research process for the 2023 Security Priorities Report, we analyzed results from the Info-Tech Research Group diagnostics. This report details what we see in our clients' perceived importance of security and their confidence in existing security practices.

Cybersecurity importance

Cybersecurity importance areas

Confidence in cybersecurity practice

Confidence in cybersecurity practice areas

Diagnostics respondents (N=55) were asked about how important security is to their organization or department. Importance to the overall organization is 2.1 percentage points (pp) higher, but confidence in the organization's overall security is slightly lower (-0.4 pp).

If we break down to security areas, we can see that the most important area, Data Access/Integrity (93.7%), surprisingly has the lowest confidence of the practice: 80.5%. From this data we can conclude that leaders must build a strong cybersecurity workforce to increase confidence in the security practice.

Use this template to explain the priorities you need your stakeholders to know about.

Maintain secure hybrid work plan

Provide a brief value statement for the initiative.

Build a strong cybersecurity workforce to increase confidence in the security practice to facilitate hybrid work.

Initiative Description:

• Description must include what organization will undertake to complete the initiative.
• Review your security strategy for hybrid work.
• Identify skills gaps that hinder the successful execution of the hybrid work security strategy.
• Use the identified skill gaps to define the technical skill requirements for current and future work roles.
• Conduct a skills assessment on your current workforce to identify employee skill gaps.
• Decide whether to train, hire, contract, or outsource each skill gap.
  

Drivers:

List initiative drivers.

• Employees still prefer to WFH for certain days of the week.
• The investment on WFH during pandemic such as updated network architecture and infrastructure and day-to-day operations.
• Tech companies' huge layoffs, e.g. Meta laid off more than 11,000 employees.

Risks:

List initiative risks and impacts.

• Unskilled workers lacking certificates or years of experience who are trained and become skilled workers then quit or are hijacked by competitors.
• Organizational and cultural changes cause friction with work-life balance.
• Increased attack surface of remote/hybrid workforce.

Benefits:

List initiative benefits and align to business benefits or benefits for the stakeholder groups that it impacts.

• Increase perceived productivity by employees and increase retention.
• Increase job satisfaction and work-life balance.
• Hiring talent that has been laid off who are difficult to acquire in normal conditions.

Related Info-Tech Research:

• Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan
• Build an IT Employee Engagement Program
• Build an Information Security Strategy

Recommended Actions

1. Identify skill requirements to maintain secure hybrid work

Review your security strategy for hybrid work.

Determine the skill needs of your security strategy.

2. Identify skill gaps

Identify skills gaps that hinder the successful execution of the hybrid work security strategy.

Use the identified skill gaps to define the technical skill requirements for work roles.

3. Decide whether to build or buy skills

Conduct a skills assessment on your current workforce to identify employee skill gaps.

Decide whether to train, hire, contract, or outsource each skill gap.

Source: Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan, Info-Tech

Secure Organization Modernization

PRIORITY 02

• TRENDS SUGGEST MODERNIZATION SUCH AS DIGITAL
  TRANSFORMATION TO THE CLOUD, OPERATIONAL TECHNOLOGY (OT),
  AND THE INTERNET OF THINGS (IOT) IS RISING; ADDRESSING THE RISK
  OF CONVERGING ENVIRONMENTS CAN NO LONGER BE DEFERRED.

Executive summary

From computerized milk-handling systems in Wisconsin farms, to automated railway systems in Europe, to Ausgrid's Distribution Network Management System (DNMS) in Australia, to smart cities and beyond; system modernization poses unique challenges to cybersecurity.

The threats can be safety, such as the trains stopped in Denmark during the last weekend of October 2022 for several hours due to an attack on a third-party IT service provider; economics, such as a cream cheese production shutdown that occurred at the peak of cream cheese demand in October 2021 due to hackers compromising a large cheese manufacturer's plants and distribution centers; and reliability, such as the significant loss of communication for the Ukrainian military, which relied on Viasat's services.

Despite all the cybersecurity risks, organizations continue modernization plans due to the long-term overall benefits.

Current situation

• Pressure of operational excellence: Competitive markets cannot keep pace with demand without modernization. For example, in automated milking systems, the labor time saved from milking can be used to focus on other essential tasks such as the decision-making process.
• Technology offerings: Technologies are available and affordable such as automated equipment, versatile communication systems, high-performance human machine interaction (HMI), IIoT/Edge integration, and big data analytics.
• Higher risks of cyberattacks: Modernization enlarges attack surfaces, which are not only cyber but also physical systems. Most incidents indicate that attackers gained access through the IT network, which was followed by infiltration into OT networks.

IIoT market size is USD 323.62 billion in 2022 and projected to be around USD 1 trillion in 2028.

Source: Statista,
March 2022

Modernization brings new opportunities and new threats

Higher risks of cyberattacks on Industrial Control System (ICS)

Target: Australian sewage plant. Method: Insider attack. Impact: 265,000 gallons of untreated sewage released.	Target: Middle East energy companies. Method: Shamoon. Impact: Overwritten Windows-based systems files.	Target: German Steel Mill Method: Spear-phishing Impact: Blast furnace control shutdown failure.	Target: Middle East Safety Instrumented System (SIS). Method: TRISIS/TRITON. Impact: Modified safety system ladder logic.	Target: Viasat's KA-SAT Network. Method: AcidRain. Impact: Significant loss of communication for the Ukrainian military, which relied on Viasat's services.
Target: Marconi wireless telegraphs presentation. Method: Morse code. Impact: Fake message sent "Rats, rats, rats, rats. There was a young fellow of Italy, Who diddled the public quite prettily."	Target: Iranian uranium enrichment plant. Method: Stuxnet. Impact: Compromised programmable logic controllers (PLCs).	Target: ICS supply chain. Method: Havex. Impact: Remote Access Trojan (RAT) collected information and uploaded data to command-and-control (C&C) servers.	Target: Ukraine power grid. Method: BlackEnergy. Impact: Manipulation of HMI View causing 1-6 hour power outages for 230,000 consumers.	Target: Colonial Pipeline. Method: DarkSide ransomware. Impact: Compromised billing infrastructure halted the pipeline operation.

Sources:

• DOE, 2018
• CSIS, 2022
• MIT Technology Review, 2022

Info-Tech Insight

Most OT incidents start with attacks against IT networks and then move laterally into the OT environment. Therefore, converging IT and OT security will help protect the entire organization.

Use this template to explain the priorities you need your stakeholders to know about.

Secure organization modernization

Provide a brief value statement for the initiative.

The systems (OT, IT, IIoT) are evolving now – ensure your security plan has you covered.

Initiative Description:

• Description must include what organization will undertake to complete the initiative.
• Identify the drivers to align with your organization's business objectives.
• Build your case by leveraging a cost-benefit analysis and update your security strategy.
• Identify people, process, and technology gaps that hinder the modernization security strategy.
• Use the identified skill gaps to update risks, policies and procedures, IR, DR, and BCP.
• Evaluate and enable modernization technology top focus areas and refine security processes.
• Decide whether to train, hire, contract, or outsource to fill the security workforce gap.

Drivers:

List initiative drivers.

• Pressure of operational excellence
• Technology offerings
• Higher risks of cyberattacks

Risks:

List initiative risks and impacts.

• Complex systems with many components to implement and manage require diligent change management.
• Organizational and cultural changes cause friction between humans and machines.
• Increased attack surface of cyber and physical systems.

Benefits:

List initiative benefits and align to business benefits or benefits for the stakeholder groups that it impacts.

• Improve service reliability through continuous and real-time operation.
• Enhance efficiency through operations visibility and transparency.
• Gain cost savings and efficiency to automate operations of complex and large equipment and instrumentations.

Related Info-Tech Research:

• Industrial Control System (ICS) Modernization: Unlock the Value of Automation in Utilities
• Secure IT-OT Convergence
• Build an Information Security Strategy

Recommended Actions

1. Identify modernization business cases to secure

Identify the drivers to align with your organization's business objectives.

Build your case by leveraging a cost-benefit analysis, and update your security strategy.

2. Identify gaps

Identify people, process, and technology gaps that hinder the modernization
security strategy.

Use the identified skill gaps to update risks, policies and procedures, IR, DR, and BCP.

3. Decide whether to build or buy capabilities

Evaluate and enable modernization technology top focus areas and refine
security processes.

Decide whether to train, hire, contract, or outsource to fill the security workforce gap.

Sources:

Industrial Control System (ICS) Modernization: Unlock the Value of Automation in Utilities, Info-Tech

Secure IT-OT Convergence, Info-Tech

Develop a cost-benefit analysis

Identify a modernization business case for security.

An example of a cost-benefit analysis for ICS modernization

Sources:

Industrial Control System (ICS) Modernization: Unlock the Value of Automation in Utilities, Info-Tech

Lawrence Berkeley National Laboratory, 2021

IT-OT convergence demands new security approach and solutions

Identify gaps

Attack Vectors

IT

• User's compromised credentials
• User's access device, e.g. laptop, smartphone
• Access method, e.g. denial-of-service to modem, session hijacking, bad data injection

OT

• Site operations, e.g. SCADA server, engineering workstation, historian
• Controls, e.g. SCADA Client, HMI, PLCs, RTUs
• Process devices, e.g. sensors, actuators, field devices

Defense Strategies

• Limit exposure of system information
• Identify and secure remote access points
• Restrict tools and scripts
• Conduct regular security audits
• Implement a dynamic network environment

(Control System Defense: Know the Opponent, CISA)

An example of a high-level architecture of an electric utility's control system and its interaction with IT systems.

Source: ISA-99, 2007

RESPOND TO REGULATORY CHANGES

PRIORITY 03

• GOVERNMENT-ENACTED POLICY CHANGES AND INDUSTRY REGULATORY CHANGES COULD BE A COMPLIANCE BURDEN … OR PREVENT YOUR NEXT SECURITY INCIDENT.

Executive summary

Background

Government-enacted regulatory changes are occurring at an ever-increasing rate these days. As one example, on November 10, 2022, the EU Parliament introduced two EU cybersecurity laws: the Network and Information Security (NIS2) Directive (applicable to organizations located within the EU and organizations outside the EU that are essential within an EU country) and the Digital Operational Resilience Act (DORA). There are also industry regulatory changes such as PCI DSS v4.0 for the payment sector and the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) for Bulk Electric Systems (BES).

Organizations should use regulatory changes as a means to improve security practices, instead of treating them as a compliance burden. As said by lead member of EU Parliament Bart Groothuis on NIS2, "This European directive is going to help around 160,000 entities tighten their grip on security […] It will also enable information sharing with the private sector and partners around the world. If we are being attacked on an industrial scale, we need to respond on an industrial scale."

Current situation

Stricter requirements and reporting: Regulations such as NIS2 include provisions for incident response, supply chain security, and encryption and vulnerability disclosure and set tighter cybersecurity obligations for risk management reporting obligations.

Broader sectors: For example, the original NIS directive covers 19 sectors such as Healthcare, Digital Infrastructure, Transport, and Energy. Meanwhile, the new NIS2 directive increases to 35 sectors by adding other sectors such as providers of public electronic communications networks or services, manufacturing of certain critical products (e.g. pharmaceuticals), food, and digital services.

High sanctions for violations: For example, Digital Services Act (DSA) includes fines of up to 6% of global turnover and a ban on operating in the EU single market in case of repeated serious breaches.

Approximately 100 cross-border data flow regulations exist in 2022.

Source: McKinsey, 2022

Stricter requirements for payments

Obligation changes to keep up with emerging threats and technologies

An example of new requirements for PCI DSS v4.0

Source: Prepare for PCI DSS v4.0, Info-Tech

Use this template to explain the priorities you need your stakeholders to know about.

Respond to regulatory changes

Provide a brief value statement for the initiative.

The compliance obligations are evolving – ensure your security plan has you covered.

Initiative Description:

Description must include what organization will undertake to complete the initiative.

• Identify relevant security and privacy compliance and conformance levels.
• Identify gaps for updated obligations, and map obligations into control framework.
• Review, update, and implement policies and strategy.
• Develop compliance exception process and forms.
• Develop test scripts.
• Track status and exceptions

Drivers:

List initiative drivers.

• Pressure of new regulations
• Governance, risk & compliance (GRC) tool offerings
• High administrative or criminal penalties of non-compliance

Risks:

List initiative risks and impacts.

• Complex structures and a great number of compliance requirements
• Restricted budget and lack of skilled workforce for organizations such as local municipalities and small or medium organizations compared to private counterparts
• Personal liability for some regulations for non-compliance

Benefits:

List initiative benefits and align to business benefits or benefits for the stakeholder groups that it impacts.

• Reduces compliance risk.
• Reduces complexity within the control environment by using a single framework to align multiple compliance regimes.
• Reduces costs and efforts related to managing IT audits through planning and preparation.

Related Info-Tech Research:

• Build a Security Compliance Program
• Prepare for PCI DSS v4.0
• Build an Information Security Strategy

Recommended Actions

1. Identify compliance obligations

Identify relevant security and privacy obligations and conformance levels.

Identify gaps for updated obligations, and map obligations into control framework.

2. Implement compliance strategy

Review, update, and implement policies and strategy.

Develop compliance exception process.

3. Track and report

Develop test scripts to check your remediations to ensure they are effective.

Track and report status and exceptions.

Sources: Build a Security Compliance Program and Prepare for PCI DSS v4.0, Info-Tech

Identify relevant security and privacy compliance obligations

Identify obligations

An example of security and privacy compliance obligations

How much does it cost to become compliant?

• It is important to understand the various frameworks and to adhere to the appropriate compliance obligations.
• Many factors influence the cost of compliance, such as the size of organization, the size of network, and current security readiness.
• To manage compliance obligations, it is important to use a platform that not only performs internal and external monitoring but also provides third-party vendors (if applicable) with visibility into potential threats in their organization.

Adopt Next-Generation Cybersecurity Technologies

PRIORITY 04

• GOVERNMENTS AND HACKERS ARE RECOGNIZING THE IMPORTANCE OF EMERGING TECHNOLOGIES, SUCH AS ZERO TRUST ARCHITECTURE AND AI-BASED CYBERSECURITY. SO SHOULD YOUR ORGANIZATION.

Executive summary

Background

The cat and mouse game between threat actors and defenders is continuing. The looming question "can defenders do better?" has been answered with rapid development of technology. This includes the automation of threat analysis (signature-based, specification-based, anomaly-based, flow-based, content-based, sandboxing) not only on IT but also on other relevant environments, e.g. IoT, IIoT, and OT based on AI/ML.

More fundamental approaches such as post-quantum cryptography and zero trust (ZT) are also emerging.
ZT is a principle, a model, and also an architecture focused on resource protection by always verifying transactions using the least privilege principle. Hopefully in 2023, ZT will be more practical and not just a vendor marketing buzzword.

Next-gen cybersecurity technologies alone are not a silver bullet. A combination of skilled talent, useful data, and best practices will give a competitive advantage. The key concepts are explainable, transparent, and trustworthy. Furthermore, regulation often faces challenges to keep up with next-gen cybersecurity technologies, especially with the implications and risks of adoption, which may not always be explicit.

Current situation

ZT: Performing an accurate assessment of readiness and benefits to adopt ZT can be difficult due to ZT's many components. Thus, an organization needs to develop a ZT roadmap that aligns with organizational goals and focuses on access to data, assets, applications, and services; don't select solutions or vendors too early.

Post-quantum cryptography: Current cryptographic applications, such as RSA for PKI, rely on factorization. However, algorithms such as Shor's show quantum speedup for factorization, which can break current crypto when sufficient quantum computing devices are available. Thus, threat actors can intercept current encrypted information and store it to decrypt in the future.

AI-based threat management: AI helps in analyzing and correlating data extremely fast compared to humans. Millions of telemetries, malware samples, raw events, and vulnerability data feed into the AI system, which humans cannot process manually. Furthermore, AI does not get tired in processing this big data, thus avoiding human error and negligence.

Data breach mitigation cost without AI: USD 6.20 million; and with AI: USD 3.15 million

Source: IBM, 2022

Traditional security is not working

Alert Fatigue

Too many false alarms and too many events to process. Evolving threat landscapes waste your analysts' valuable time on mundane tasks, such as evidence collection. Meanwhile, only limited time is spared for decisions and conclusions, which results in the fear of missing an incident and alert fatigue.

Lack of Insight

To report progress, clear metrics are needed. However, cybersecurity still lacks in this area as the system itself is complex and some systems work in silos. Furthermore, lessons learned are not yet distilled into insights for improving future accuracy.

Lack of Visibility

System integration is required to create consistent workflows across the organization and to ensure complete visibility of the threat landscape, risks, and assets. Also, the convergence of OT, IoT, and IT enhances this challenge.

Source: IBM Security Intelligence, 2020

A business case for AI-based cybersecurity

Threat management

Prevention

Risk scores are generated by machine learning based on variables such as behavioral patterns and geolocation. Zero trust architecture is combined with machine learning. Asset management leverages visibility using machine learning. Comply with regulations by improving discovery, classification, and protection of data using machine learning. Data security and data privacy services use machine learning for data discovery.

Detection

AI, advanced machine learning, and static approaches, such as code file analysis, combine to automatically detect and analyze threats and prevent threats from spreading, assisted by threat intelligence.

Response

AI helps in orchestrating security technologies for organizations to reduce the number of security agents installed, which may not talk to each other or, worse, may conflict with each other.

Recovery

AI continuously tunes based on lessons learned, such as creating security policies for improving future accuracy. AI also does not get fatigue, and it assists humans in a faster recovery.

AI has been around since the 1940s, but why is it only gaining traction now? Because supporting technologies are only now available, including faster GPUs for complex computations and cheaper storage for massive volumes of data.

Use this template to explain the priorities you need your stakeholders to know about.

Adopt next-gen cybersecurity technologies

Use this template to explain the priorities you need your stakeholders to know about.

Develop a practical roadmap that shows the business value of next-gen cybersecurity technologies investment.

Initiative Description:

Description must include what organization will undertake to complete the initiative.

• Identify the stakeholders who will be affected by the next-gen cybersecurity technologies implementation and define responsibilities based on skillsets and the degree of support.
• Adopt well-established data governance practices for cross-functional teams.
• Conduct a maturity assessment of key processes and highlight interdependencies.
• Develop a baseline and periodically review risks, policies and procedures, and business plan.
• Develop a roadmap and deploy next-gen cybersecurity architecture and controls step by step, working with trusted technology partners.
• Monitor metrics on effectiveness and efficiency.

Drivers:

List initiative drivers.

• Pressure of attacks by sophisticated threat actors
• Next-gen cybersecurity technologies tool offerings
• High cost of traditional security, e.g. longer breach lifecycle

Risks:

List initiative risks and impacts.

• Lack of transparency of the model or bias, leading to non-compliance with policies/regulations
• Risks related with data quality and inadequate data for model training
• Adversarial attacks, including, but not limited to, adversarial input and model extraction

Benefits:

List initiative benefits and align to business benefits or benefits for the stakeholder groups that it impacts.

• Reduces the number of alerts, thus reduces alert fatigue.
• Increases the identification of unknown threats.
• Leads to faster detection and response.
• Closes skills gap and increases productivity.

Related Info-Tech Research:

• Build a Zero Trust Roadmap
• AI Governance
• Leverage AI in Threat Management (keynote presentation available on request)

Recommended Actions

1. People

Identify the stakeholders who will be affected by the next-gen cybersecurity technologies implementation and define responsibilities based on skillsets and the degree of support.

Adopt well-established data governance practices for cross-functional teams.

2. Process

Conduct a maturity assessment of key processes and highlight interdependencies.

Develop a baseline and periodically review risks, policies and procedures, and business plan.

3. Technology

Develop a roadmap and deploy next-gen cybersecurity architecture and controls step by step, working with trusted technology partners.

Monitor metrics on effectiveness and efficiency.

Source: Leverage AI in Threat Management (keynote presentation), Info-Tech

Secure Services and Applications

PRIORITY 05

• APIS ARE STILL THE #1 THREAT TO APPLICATION SECURITY.

Executive summary

Background

Software is usually produced as part of a supply chain instead of in silos. A vulnerability in any part of the supply chain can become a threat surface. We have learned this from recent incidents such as Log4j, SolarWinds, and Kaseya where attackers compromised a Virtual System Administrator tool used by managed service providers to attack around 1,500 organizations.

DevSecOps is a culture and philosophy that unifies development, security, and operations to answer this challenge. DevSecOps shifts security left by automating, as much as possible, development and testing. DevSecOps provides many benefits such as rapid development of secure software and assurance that, prior to formal release and delivery, tests are reliably performed and passed.

DevSecOps practices can apply to IT, OT, IoT, and other technology environments, for example, by integrating a Secure Software Development Framework (SSDF).

Current situation

Secure Software Supply Chain: Logging is a fundamental feature of most software, and recently the use of software components, especially open source, are based on trust. From the Log4j incident we learned that more could be done to improve the supply chain by adopting ZT to identify related components and data flows between systems and to apply the least privilege principle.

DevSecOps: A software error wiped out wireless services for thousands of Rogers customers across Canada in 2021. Emergency services were also impacted, even though outgoing 911 calls were always accessible. Losing such services could have been avoided, if tests were reliably performed and passed prior to release.

OT insecure-by-design: In OT, insecurity-by-design is still a norm, which causes many vulnerabilities such as insecure protocols implementation, weak authentication schemes, or insecure firmware updates. Additional challenges are the lack of CVEs or CVE duplication, the lack of Software Bill of Materials (SBOM), and product supply chains issues such as vulnerable products that are certified because of the scoping limitation and emphasis on functional testing.

Technical causes of cybersecurity incidents in EU critical service providers in 2019-2021 shows: software bug (12%) and faulty software changes/update (9%).

Source: CIRAS Incident reporting, ENISA (N=1,239)

Software development keeps evolving

DOD Maturation of Software Development Best Practices

Best practices in software development are evolving as shown on the diagram to the left. For example, 30 years ago the lifecycle was "Years or Months," while in the present day it is "Weeks or Days."

These changes also impact security such as the software architecture, which is no longer "Monolithic" but "Microservices" normally built within the supply chain.

The software supply chain has known integrity attacks that can happen on each part of it. Starting from bad code submitted by a developer, to compromised source control platform (e.g. PHP git server compromised), to compromised build platform (e.g. malicious behavior injected on SolarWinds build), to a compromised package repository where users are deceived into using the bad package by the similarity between the malicious and the original package name.

Therefore, we must secure each part of the link to avoid attacks on the weakest link.

Software supply chain guidance

Secure each part of the link to avoid attacks on the weakest link.

Source: "Securing the Software Supply Chain" series, Enduring Security Framework (ESF), 2022

"Most software today relies on one or more third-party components, yet organizations often have little or no visibility into and understanding of how these software components are developed, integrated, and deployed, as well as the practices used to ensure the components' security."

Source: NIST – NCCoE, 2022

Use this template to explain the priorities you need your stakeholders to know about.

Secure services and applications

Provide a brief value statement for the initiative.

Adopt recommended practices for securing the software supply chain.

Initiative Description:

Description must include what organization will undertake to complete the initiative.

• Define and keep security requirements and risk assessments up to date.
• Require visibility into provenance of product, and require suppliers' self-attestation of security hygiene.
• Verify distribution infrastructure, product and individual components integrity, and SBOM.
• Use multi-layered defenses, e.g. ZT for integration and control configuration.
• Train users on how to detect and report anomalies and when to apply updates to a system.
• Ensure updates from authorized and authenticated sources and verify the integrity of the updated SBOM.

Drivers:

List initiative drivers.

• Cyberattacks exploit the vulnerabilities of weak software supply chain
• Increased need to enhance software supply chain security, e.g. under the White House Executive Order (EO) 14028
• OT insecure-by-design hinders OT modernization

Risks:

List initiative risks and impacts.

Only a few developers and suppliers explicitly address software security in detail.

Time pressure to deliver functionality over security.

Lack of security awareness and lack of trained workforce.

Benefits:

List initiative benefits and align to business benefits or benefits for the stakeholder groups that it impacts.

Customers (acquiring organizations) achieve secure acquisition, deployment, and operation of software.

Developers and suppliers provide software security with minimal vulnerabilities in its releases.

Automated processes such as automated testing avoid error-prone and labor-intensive manual test cases.

Related Info-Tech Research:

• Build a Zero Trust Roadmap
• Embed Security Into the DevOps Pipeline

Recommended Actions

1. Procurement and Acquisition

Define and keep security requirements and risk assessments up to date.

Perform analysis on current market and supplier solutions and acquire security evaluation.

Require visibility into provenance of product, and require suppliers' self-attestation of security hygiene

2. Deployment

Verify distribution infrastructure, product and individual components integrity, and SBOM.

Save and store the tests and test environment and review and verify the
self-attestation mechanism.

Use multi-layered defenses, e.g. ZT for integration and control configuration.

3. Software Operations

Train users on how to detect and report anomalies and when to apply updates to a system.

Ensure updates from authorized and authenticated sources and verify the integrity of the updated SBOM.

Apply supply chain risk management (SCRM) operations.

Source: "Securing the Software Supply Chain" series, Enduring Security Framework (ESF), 2022

Bibliography

Aksoy, Cevat Giray, Jose Maria Barrero, Nicholas Bloom, Steven J. Davis, Mathias Dolls, and Pablo Zarate. "Working from Home Around the World." Brookings Papers on Economic Activity, 2022.
Barrero, Jose Maria, Nicholas Bloom, and Steven J. Davis. "Why working from home will stick." WFH Research, National Bureau of Economic Research, Working Paper 28731, 2021.
Boehm, Jim, Dennis Dias, Charlie Lewis, Kathleen Li, and Daniel Wallance. "Cybersecurity trends: Looking over the horizon." McKinsey & Company, March 2022. Accessed
31 Oct. 2022.
"China: TC260 issues list of national standards supporting implementation of PIPL." OneTrust, 8 Nov. 2022. Accessed 17 Nov. 2022.
Chmielewski, Stéphane. "What is the potential of artificial intelligence to improve cybersecurity posture?" before.ai blog, 7 Aug. 2022. Accessed 15 Aug. 2022.
Conerly, Bill. "The Recession Will Begin Late 2023 Or Early 2024." Forbes, 1 Nov. 2022. Accessed 8 Nov. 2022.
"Control System Defense: Know the Opponent." CISA, 22 Sep. 2022. Accessed 17 Nov. 2022.
"Cost of a Data Breach Report 2022." IBM, 2022.
"Cybersecurity: Parliament adopts new law to strengthen EU-wide resilience." European Parliament News, 10 Nov. 2022. Press Release.
"Cyber Security in Critical National Infrastructure Organisations: 2022." Bridewell, 2022. Accessed 7 Nov. 2022.
Davis, Steven. "The Big Shift to Working from Home." NBER Macro Annual Session On
"The Future of Work," 1 April 2022.
"Digital Services Act: EU's landmark rules for online platforms enter into force."
EU Commission, 16 Nov. 2022. Accessed 16 Nov. 2022.
"DoD Enterprise DevSecOps Fundamentals." DoD CIO, 12 May 2022. Accessed 21 Nov. 2022.
Elkin, Elizabeth, and Deena Shanker. "That Cream Cheese Shortage You Heard About? Cyberattacks Played a Part." Bloomberg, 09 Dec. 2021. Accessed 27 Oct. 2022.
Evan, Pete. "What happened at Rogers? Day-long outage is over, but questions remain." CBC News, 21 April 2022. Accessed 15 Nov. 2022.
"Fewer Ransomware Victims Pay, as Median Ransom Falls in Q2 2022." Coveware,
28 July 2022. Accessed 18 Nov. 2022.
"Fighting cybercrime: new EU cybersecurity laws explained." EU Commission, 10 Nov. 2022. Accessed 16 Nov. 2022.
"Guide to PCI compliance cost." Vanta. Accessed 18 Nov. 2022.
Hammond, Susannah, and Mike Cowan. "Cost of Compliance 2022: Competing priorities." Thomson Reuters, 2022. Accessed 18 Nov. 2022.
Hemsley, Kevin, and Ronald Fisher. "History of Industrial Control System Cyber Incidents." Department of Energy (DOE), 2018. Accessed 29 Aug. 2022.
Hofmann, Sarah. "What Is The NIS2 And How Will It Impact Your Organisation?" CyberPilot,
5 Aug. 2022. Accessed 16 Nov. 2022.
"Incident reporting." CIRAS Incident Reporting, ENISA. Accessed 21 Nov. 2022.
"Introducing SLSA, an End-to-End Framework for Supply Chain Integrity." Google,
16 June 2021. Accessed 25 Nov. 2022.
Kovacs, Eduard. "Trains Vulnerable to Hacker Attacks: Researchers." SecurityWeek, 29 Dec. 2015. Accessed 15 Nov. 2022.
"Labour Force Survey, October 2022." Statistics Canada, 4 Nov. 2022. Accessed 7 Nov. 2022.
Malacco, Victor. "Promises and potential of automated milking systems." Michigan State University Extension, 28 Feb. 2022. Accessed 15 Nov. 2022.
Maxim, Merritt, et al. "Planning Guide 2023: Security & Risk." Forrester, 23 Aug. 2022. Accessed 31 Oct. 2022.
"National Cyber Threat Assessment 2023-2024." Canadian Centre for Cyber Security, 2022. Accessed 18 Nov. 2022.
Nicaise, Vincent. "EU NIS2 Directive: what's changing?" Stormshield, 20 Oct. 2022. Accessed
17 Nov. 2022.
O'Neill, Patrick. "Russia hacked an American satellite company one hour before the Ukraine invasion." MIT Technology Review, 10 May 2022. Accessed 26 Aug. 2022.
"OT ICEFALL: The legacy of 'insecure by design' and its implications for certifications and risk management." Forescout, 2022. Accessed 21 Nov. 2022.
Palmer, Danny. "Your cybersecurity staff are burned out - and many have thought about quitting." ZDNet, 8 Aug. 2022. Accessed 19 Aug. 2022.
Placek, Martin. "Industrial Internet of Things (IIoT) market size worldwide from 2020 to 2028 (in billion U.S. dollars)." Statista, 14 March 2022. Accessed 15 Nov. 2022.
"Revised Proposal Attachment 5.13.N.1 ADMS Business Case PUBLIC." Ausgrid, Jan. 2019. Accessed 15 Nov. 2022.
Richter, Felix. "Cloudy With a Chance of Recession." Statista, 6 April 2022. Web.
"Securing the Software Supply Chain: Recommended Practices Guide for Developers." Enduring Security Framework (ESF), Aug. 2022. Accessed 22 Sep. 2022.
"Securing the Software Supply Chain: Recommended Practices Guide for Suppliers." Enduring Security Framework (ESF), Sep. 2022. Accessed 21 Nov. 2022.
"Securing the Software Supply Chain: Recommended Practices Guide for Customers." Enduring Security Framework (ESF), Oct. 2022. Accessed 21 Nov. 2022.
"Security Guidelines for the Electricity Sector: Control System Electronic Connectivity."
North American Electric Reliability Corporation (NERC), 28 Oct. 2013. Accessed 25 Nov. 2022.
Shepel, Jan. "Schreiber Foods hit with cyberattack; plants closed." Wisconsin State Farmer,
26 Oct. 2022. Accessed 15 Nov. 2022.
"Significant Cyber Incidents." Center for Strategic and International Studies (CSIS). Accessed
1 Sep. 2022.
Souppaya, Murugiah, Michael Ogata, Paul Watrobski, and Karen Scarfone. "Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps." NIST - National Cybersecurity Center of Excellence (NCCoE), Nov. 2022. Accessed
22 Nov. 2022.
"Ten Things Will Change Cybersecurity in 2023." SOCRadar, 23 Sep. 2022. Accessed
31 Oct. 2022.
"The Nature of Cybersecurity Defense: Pentagon To Reveal Updated Zero-Trust Cybersecurity Strategy & Guidelines." Cybersecurity Insiders. Accessed 21 Nov. 2022.
What Is Threat Management? Common Challenges and Best Practices." IBM Security Intelligence, 2020.
Woolf, Tim, et al. "Benefit-Cost Analysis for Utility-Facing Grid Modernization Investments: Trends, Challenges, and Considerations." Lawrence Berkeley National Laboratory, Feb. 2021. Accessed 15 Nov. 2022.
Violino, Bob. "5 key considerations for your 2023 cybersecurity budget planning." CSO Online,
14 July 2022. Accessed 27 Oct. 2022

Research Contributors and Experts

Andrew Reese
Cybersecurity Practice Lead
Zones

Ashok Rutthan
Chief Information Security Officer (CISO)
Massmart

Chris Weedall
Chief Information Security Officer (CISO)
Cheshire East Council

Jeff Kramer
EVP Digital Transformation and Cybersecurity
Aprio

Kris Arthur
Chief Information Security Officer (CISO)
SEKO Logistics

Mike Toland
Chief Information Security Officer (CISO)
Mutual Benefit Group

Modernize and Transform Your End-User Computing Strategy

Support the workforce of the future.

EXECUTIVE BRIEF

Analyst Perspective

Focus beyond the device

It’s easy to think that if we give end users nice devices, then they will be more engaged and they will be happy with IT. If only it were that easy.

Info-Tech Research Group has surveyed over 119,000 people through its CIO Business Vision diagnostic. The results show that a good device is necessary but not enough for high satisfaction with IT. Once a user has a decent device, the other aspects of the user’s experience has a higher impact on their satisfaction with IT.

After all, if a person is trying to run apps designed in the 1990s, if they are struggling to access resources through an underperforming VPN connection, or if they can’t get help when their devices and apps aren’t working, then it doesn’t matter that you gave them a state-of-the-art MacBook or Microsoft Surface.

As you build out your end-user computing strategy to reflect the new reality of today’s workforce, ensure you focus on shifting user support left, modernizing apps to support how users need to work, and ensuring that your network and collaboration tools can support the increased demands. End-user computing teams need to focus beyond the device.

Ken Weston, ITIL MP, PMP, Cert.APM, SMC

Research Director, Infrastructure and Operations Info-Tech Research Group

Mahmoud Ramin, PhD

Senior Research Analyst, Infrastructure and Operations Info-Tech Research Group

Executive Summary

Your Challenge

IT needs to answer these questions:

• What types of computing devices, provisioning models, and operating systems (OSes) should be offered to end users?
• How will IT support devices?
• What are the policies and governance surrounding how devices are used?
• What actions are we taking and when?
• How do end-user devices support larger corporate priorities and strategies?

Your answers need to balance choice, risk, and cost.

Common Obstacles

Management paradigms have shifted:

• OSes, device management, and IT asset management (ITAM) practices have changed.
• Users expect full capabilities on any personal device.
• Virtual desktops are switching to the cloud.
• Low-code/no-code platforms allow the business to manage their own apps or comanage with IT.
• Work-from-anywhere is the default.
• Users have higher customer service expectations.

Take end-user computing beyond the OS.

Info-Tech's Approach

This blueprint will help you:

• Identify desired benefits that align to IT and corporate priorities and strategies.
• Perform a persona analysis.
• Define a vision for end-user computing.
• Define the standard device and app offerings.
• Improve the supporting services surrounding devices.
• Develop a roadmap for implementing your strategy.

A good device is necessary for satisfaction with IT but it’s not enough.

If a user has a prestigious tablet but the apps aren’t built well, they can’t get support on it, or they can’t connect to the internet, then that device is useless. Focus on supportability, use cases, connection, policy – and device.

Your challenge

This blueprint will help you build a strategy that answers these questions:

• What types of computing devices should be offered to end users?
• What provisioning models will be used?
• What operating systems are supported?
• How will IT support devices?
• What are the policies and governance surrounding how devices are used?
• What actions are we taking and when?
• How do end-user devices support larger corporate priorities and strategies?

Definition: End-User Computing (EUC)

End-user computing (EUC) is the domain of information and technology that deals with the devices used by workers to do their jobs. EUC has five focus areas: devices, user support, use cases, policy & governance, and fitness for use.

A good end-user computing strategy will effectively balance:

User Choice

Cost

Risk

The right balance will be unique for every organization.

Strike the right balance

The discussion is larger than desktop support

If IT is an influencer, then you get to drive this conversation. If IT is not an influencer, then you need to support whatever option the business wants.

Good devices are necessary for overall IT satisfaction

BUT

Good devices are not enough for high satisfaction

A bad device can ruin a person’s satisfaction with IT

Info-Tech’s CIO Business Vision has shown that when someone is dissatisfied with their device, their satisfaction with IT overall is only 40.92% on average.

When a person is satisfied with their device, their average satisfaction increases by approximately 30 percentage points to 70.22%. (Info-Tech Research Group, CIO Business Vision, 2021; N=119,383)

Improvements in the service desk, business apps, networks and communication infrastructure, and IT policy all have a higher impact on increasing satisfaction.

For every one-point increase in satisfaction in those areas, respondents’ overall satisfaction with IT increased by the respective percentage of a point. (Info-Tech Research Group, CIO Business Vision, 2021; N=119,409)

End-User Paradigms Have Shifted

Take end-user computing beyond the device

Operating System - OS

Only Windows

• More choices than ever before

Endpoint Management System - UEM

Group Policy & Client Management

• Modern & Unified Endpoint Management

Personal Devices - BYOD

Limited to email on phones

• Full capabilities on any device

IT Asset Management - ITAM

Hands-on with images

• Zero-touch with provisioning packages

Virtual Desktops - DaaS

Virtual Desktop Infrastructure in the Data Center

• Desktop-as-a-Service in the cloud

Business-Managed Apps - BMA

Performed by IT

• Performed by the Business and IT

Work-From-Anywhere - WFA

Rare

• Default

Customer Satisfaction - C Sat

Phone calls and transactional interactions

• Self-serve & managing entire experience

Don’t limit your focus to only Windows and Macs

Android is the OS with the largest market share

Users and IT have more choices than ever before

Operating System - OS

Only Windows

• More choices than ever before

Microsoft is still the dominant player in end-user computing, but Windows has only a fraction of the share it once had.

IT needs to revisit their device management practices. Modern management tools such as unified endpoint management (UEM) tools are better suited than traditional client management tools (CMT) for a cross-platform world.

IT must also revisit their application portfolios. Are business apps supported on Android and iOS or are they only supported on Windows? Is there an opportunity to offer more options to end users? Are end users already running apps and handling sensitive data on Android and iOS through software-as-a-service and bring-your-own-device (BYOD) capabilities in Office 365 and Google apps?

OS market share is partly driven by the digital divide

If someone must choose between a smartphone and a computer, they go with a smartphone

IT can’t expect everyone to be fluent on Windows and Mac, have a computer at home, or even have home broadband.

Of US adults aged 18-29:

• 96% have a smartphone (the rest have cellphones).
• Only 70% of US adults aged 18-29 have a home broadband connection.

Further, only 59% of US adults making less than $30,000/year have a laptop or desktop. (“Mobile Technology” and “Digital Divide,” Pew Research, 2021.)

Globally, people are likelier to have a cell subscription than they are to have access to broadband.

Embrace new device management paradigms

Endpoint Management System - UEM

Group Policy & Client Management

• Modern & Unified Endpoint Management

Evaluate enterprise mobility management and unified endpoint management to better support a remote-first, cross-platform reality.

Client Management Tool (CMT)

CMTs such as Microsoft Endpoint Configuration Manager (ConfigMgr, aka SCCM) can be used to distribute apps, apply patches, and enforce group policy.

Enterprise Mobility Management (EMM)

EMM tools allow you to manage multiple device platforms through mobile device management (MDM) protocols. These tools enforce security settings, allow you to push apps to managed devices, and monitor patch compliance through reporting.

EMM tools often support mobile application management (MAM) and mobile content management (MCM). Most EMM tools can manage devices running Windows, Mac OS, iOS, and Android, although there are exceptions.

Unified Endpoint Management (UEM)

UEM solutions combine CMT and EMM for better control of remote computers running Windows or Macs. Examples include:

• Windows devices comanaged by Intune and ConfigMgr.
• Mac devices managed by Jamf Pro.
• Mac devices comanaged by Jamf Pro and Intune.

Most UEM tools can manage devices running Windows, Mac OS, iOS, and Android, allowing IT to manage all end-user devices from a unified tool set (although there are exceptions).

Mobile Application Management (MAM)

MAM provides the ability to package an app with security settings, distribute app updates, and enforce app updates. Some capabilities do not require apps to be enrolled in an EMM or UEM solution.

Mobile Content Management (MCM)

MCM tools distribute files to remote devices. Many MCM solutions allow for security settings to be applied, such as encrypting the files or prohibiting data from leaving the secure container. Examples include OneDrive, Box, and Citrix ShareFile.

Adopt modern management with EMM and UEM – better toolsets for today’s state of EUC

Sacrifice your Group Policy Objects to better manage Windows computers

IT asset management practices are shifting

IT Asset Management - ITAM

Hands-on with images

• Zero-touch with provisioning packages

Supply chain issues are making computers longer to procure, meaning users are waiting longer for computers (Cision, 2021). The resulting silicon chip shortage is expected to last until at least 2023 (Light Reading, 2021).

IT departments are delaying purchases, delaying refreshes, and/or purchasing more to reserve devices before they need them.

Remote work has increased by 159% over the past 12 years (NorthOne, 2021). New hires and existing users can’t always go into the office to get a new computer.

IT departments are paying vendors to hold onto computers and then drop-ship them directly to the end user. The devices are provisioned using zero touch (e.g. Autopilot, Apple Device Manager, or another tool). Since zero-touch provisioning tools do not support images, teams have had to switch to provisioning packages.

The pandemic saw an increase in spending on virtual desktops

Virtual desktops offered powerful tools for supporting remote devices and personal computers without compromising sensitive data

Virtual Desktops - DaaS

Virtual Desktop Infrastructure in the Data Center

• Desktop-as-a-Service in the cloud

The pandemic helped cloud-based virtual desktop infrastructure (VDI)

Citrix saw subscription revenue increase 71% year over year in 2020 (Citrix 2020 Annual Report, p. 4). VMware saw subscription and SaaS revenue increase 38% from January 2020 to 2021 – while on-premises licensing revenue decreased by 5% (VMware Annual Report 2021, p. 40).

IT no longer needs to manage the underlying infrastructure

Microsoft and AWS are offering desktops as a service (i.e. cloud-based virtual desktops). IT needs to manage only the device, not the underlying virtual desktop infrastructure. This is in addition to Citrix’s and VMware’s cloud offerings, where IT doesn’t need to manage the underlying infrastructure that supports VDI.

Visit the blueprint Implement Desktop Virtualization and Transition to Everything as a Service to get started.

Work-from-anywhere (WFA) is now the default

COVID-19 forced this shift

Work-From-Anywhere - WFA

Rare

• Default

Be prepared to support a hybrid workforce, where people are sometimes working remotely and sometimes working in the office.

• Device provisioning and deployment need to be rethought. In-person deployment is not always possible. IT should evaluate tools such as zero-touch provisioning.
• Service desks need better monitoring and management tools. End-user experience management (EUEM) can allow you to better identify where network issues are occurring – in your data center, at the user’s house, in the cloud, or somewhere in between. Remote control tools can then allow your tier 1 to remediate issues on the user’s device.
• Apps and devices need to be usable from anywhere. Environments that rely on desktops and on-premises apps need to be rearchitected for a remote-first workforce.
• Users are living inside video conferencing tools. With the impact of the COVID-19 pandemic, there are about 145 million daily users of Microsoft Teams, almost twice the number of users in 2020 (MUO, 2021). Ensure they have the training and expertise to effectively use these tools.

“More technical troubleshooting due to users working from home a lot more. It can be more difficult to talk users through fixes when they are off site if you cannot remotely assist so more emphasis on the communication skill which was already important.” (Service Desk Institute, 2021)

Visit the Hybrid Workplace Research Center to better support a hybrid workforce.

BYOD fully includes personal computers

It’s no longer about whether IT will allow BYOD

Stop pretending BYOD doesn’t happen

Personal Devices - BYOD

Limited to email on phones

• Full capabilities on any device

• BYOD (including BYOPC) is turned on by default. SaaS tools like Office 365 are built to be used on multiple devices, including multiple computers. Further, the pandemic saw 47% of organizations significantly increase their use of BYOD (Cybersecurity Insiders, 2021; N=271).
• BYOD can boost productivity. When employees can use smartphones for work, they report that it increases their productivity by 34 percent (Samsung Insights, 2016).
• BYOD is hard to support, so most organizations don’t. Only 22% of organizations provide full support for mobile devices, while 20% provide no support, 25% provide ad hoc support, and 26% provide limited support (Cybersecurity Insiders, 2021). If smartphones and tablets are heavily ingrained in business processes, then migrating to BYOD can overload the service desk.
• Securely enable employees. Mobile application management (MAM), mobile content management (MCM), and Office 365 have gotten smarter at protecting corporate data.

Action Item: Identify how IT can provide more support to personally owned computers, tablets, and smartphones.

58% of working Americans say their work devices are “awful to work on." (PCMag, 2021)

But only 22% of organizations provide full support to BYOD. (Cybersecurity Insiders, 2021)

IT must either provide better devices or start fully supporting users on personal PCs.

Build governance practices for low-code development platforms

Managing 1,000 different apps built out on low-code business process management platforms is hard, but it’s not nearly as hard as managing 1,000 unique SaaS apps or access databases

Business-Managed Apps - BMA

Performed by IT

• Performed by the Business and IT

Pros - Opportunities

• Offers DIY to users
• Business can build them quickly
• IT has central visibility
• IT can focus on the platform

Cons - Threats

• Sensitive data can get exposed
• Users may have issues with continuity and backup
• Responding to platform changes will be potentially challenging
• Support may be difficult after the app creator leaves

Action Item: Build a governance framework that describes the roles and responsibilities involved in business-owned apps. Identify the user’s role and end-user computing’s role in supporting low-code apps.

Visit the blueprint Embrace Business-Managed Apps to learn how to build a governance framework for low-code development platforms.

Visit the Low-Code Business Process Management SoftwareReviews category to compare different platforms.

Update your customer service practices

End users expect self-service and help from tier 1

Re-evaluate how you support both corporate-issued and personal-owned computers and mobile devices

Customer Satisfaction - C Sat

Phone calls and transactional interactions

• Self-serve & managing entire experience

Microsoft’s 2019 “Global State of Customer Service” report shows that people have high expectations:

• 31% of people expect call agents to have a “deep understanding of the caller’s relationship with the company”
• 11% expect self-service capabilities

End users have the same expectations of IT, the service desk, and end-user computing teams:

• Users expect any IT person with whom they are talking to have a deep understanding of their devices, apps, open tickets, and closed tickets.
• Users expect tier 1 to be able to resolve their incidents and requests without escalating to tier 2 or tier 3 end-user computing specialists.

Most Important Aspects of Customer Service

Resolving issue in one interaction - 35%

Knowledgeable agent - 31%

Finding information myself - 11%

Not repeating information - 20%

(Microsoft, 2019)

Desktop engineering needs to shift left

Revisit what work can only be done by tier 2 and tier 3 teams

Shifting left involves shifting resolution of incidents and service requests down from more costly resources to the first line of support and to end users themselves through self-service options

• Tier 1 needs up-to-date information on the end users’ devices and open tickets.
• Users should be able to request apps and download those apps through a self-service portal, a software catalog, or an app store.
• Tier 1 needs to be empowered to remote wipe devices, see troubleshooting and diagnostics information, and resolve incidents without needing to escalate.

Action Item: Apply shift-left enablement to train tier 1 agents on troubleshooting more incidents and fulfilling more service requests. Build top-notch self-service capabilities for end users.

Work with your service desk on the blueprint Optimize the Service Desk with a Shift-Left Strategy.

Windows 11 is coming

Prepare to make the jump

The sooner you start, the easier the migration will be

• Begin planning hardware refreshes. Old computers that do not have a TPM 2.0 chip are not currently supported on Windows 11 (“Enable TPM 2.0,” Microsoft, 2021). If you have old computers that will not support the jump to Windows 11– especially given the supply chain disruptions and silicon chip shortages – it is time to consider computer upgrades.
• The end of Windows 10 is coming. Windows 10’s retirement date is currently October 14, 2025 (“Windows 10 Home and Pro,” Microsoft, 2021). If you want to continue running Windows 10 on older computers beyond that time, you will need to pay for extended support or risk those computers being more easily breached.
• Begin testing your apps internally. Run Windows 11 within IT and test whether your apps will work on Windows 11.
• Pilot Windows 11 with IT-friendlies. Find users that are excited for Windows 11 and will not mind a bit of short-term pain.
• What is your risk appetite? Risk-averse organizations will want to wait until Microsoft, DISA, and/or Center for Internet Security have published security configuration best practices.

Info-Tech’s approach

Master the ever-expanding puzzle of end-user computing

User Group Analysis

Supported Devices and Apps

Fitness for Use

Device Support

The Info-Tech difference:

1. Balance user choice, risk mitigation, and cost optimization. The right balance will be unique for every organization.
2. Standardize the nonstandard. Anticipate your users’ needs by having power options and prestigious options ready to offer.
3. Consider multiple personas when building your standards, training, and migrations. Early Adopters, Late Adopters, VIP Users, Road Warriors, and Hoarders – these five personas will exist in one form or another throughout your user groups.

Modernize and Transform Your End-User Computing Strategy

Focus on the Big Picture

End-User Paradigms Have Shifted

Take end-user computing beyond the device

Operating System - OS

Only Windows

• More choices than ever before

Endpoint Management System - UEM

Group Policy & Client Management

• Modern & Unified Endpoint Management

Personal Devices - BYOD

Limited to email on phones

• Full capabilities on any device

IT Asset Management - ITAM

Hands-on with images

• Zero-touch with provisioning packages

Virtual Desktops - DaaS

Virtual Desktop Infrastructure in the Data Center

• Desktop-as-a-Service in the cloud

Business-Managed Apps - BMA

Performed by IT

• Performed by the Business and IT

Work-From-Anywhere - WFA

Rare

• Default

Customer Satisfaction - C Sat

Phone calls and transactional interactions

• Self-serve & managing entire experience

Don't just focus on the device!

Improvements in the service desk, business apps, networks and communication infrastructure, and IT policy have a higher impact on increasing satisfaction.

Impact of End-User Satisfaction of IT by Area Compared to Devices

Devices (x1.0)

IT Policy (x1.09)

Network & Communications Infrastructure (x1.41)

Business Apps (x1.51)

Service Desk (x1.54)

(Info-Tech Research Group, CIO Business Vision, 2021; n=119,409)

Build your strategy with these components...

End-User Group Analysis

• Work location
• Information interactions
• Apps
• Data and files
• Business capabilities
• Current offering
• Pain points
• Desired gains

Supported Devices & Apps

• Primary computing device offerings
• Power computing device offering
• Prestigious device offerings
• Secondary computing device offerings
• Provisioning models
• Standard apps
• Peripherals

Device Support

• Self-service
• Service Desk
• Specialists

Fitness for Use

• Organizational policies
• Security policies

Vision

...to answer these questions:

1. What devices will people have?
2. How will you support these devices?
3. How will you govern these devices?

Balance choice, risk, and cost

The right balance will be unique for every organization. Get the balance right by aligning your strategy's goals to senior leadership’s most important priorities.

• User choice
• Risk
• Cost

+ Standardize the non-standard

Have a more prestigious option ready for users, such as VIPs, who want more than the usual offerings. This approach will help you to proactively anticipate your users' needs.

+Consider multiple personas when building your standards, training, and migrations

These five personas will exist in one form or another throughout your user groups.

• Early Adopters
• Late Adopters
• VIP Users
• Road Warriors
• Hoarders

Use our approach to answer these questions:

What computers will people have?

Types of computing devices

• Power desktop
• Power laptop
• Desktop
• Laptop
• Virtual Desktop
• Thin Client Device
• Pro Tablet
• Tablet
• Smartphone

Corporate-Issued Approaches

• Kiosk – Shared, Single Purpose
• Pooled – Shared, Multipurpose
• Persistent – Individual
• Personally Owned

Supported Operating Systems

• Windows
• Mac
• Chrome OS
• Linux
• iOS/iPad OS
• Android

How will you support these devices?

Device Management

• Manual
• CMT
• EMM
• UEM
• Pooled Virtual Desktop Manager

Supporting Practices

• Self-Service
• Tier 1 Support
• Specialist Support

How will you govern these devices?

Corporate Policies

• Personal Use Allowed?
• Management and Security Policies
• Personal Device Use Allowed?
• Supported Apps and Use Cases
• Who Is Allowed to Purchase?
• Prohibited Apps and Use Cases
• Device Entitlement
• Stipends and/or Reimbursement to Users

Use our blueprint to improve your EUC practices

1. Devices
   • Corporate-issued devices
   • Standard offerings
2. User Support
   • Self-service
   • Tier 1 support
3. Use Cases
   • Providing value
   • Business apps
4. Policy & Governance
   • Personal device use
   • IT policy
5. Fitness for Use
   • Securing devices
   • Patching

Info-Tech’s methodology for end-user computing strategy

Insight summary

Once users are satisfied with devices, focus on the bigger picture

If end users are dissatisfied with devices, they will also be dissatisfied with IT. But if you don’t also focus on apps and supportability, then giving users better devices will only marginally increase satisfaction with IT.

Bring it back to stakeholder priorities

Before you build your vision statement, make sure it resonates with the business by identifying senior leadership’s priorities and aligning your own goals to them.

Balance choice, risk, and cost

The balance of user choice, risk mitigation, and cost optimization is unique for each company. Get the balance right by aligning your strategy’s goals to senior leadership’s most important priorities.

Communicate early and often with users

Expect users to become anxious when you start targeting their devices. Address this anxiety by bringing them into the conversation early in the planning – they will see that their concerns are being addressed and may even feel a sense of ownership over the strategy.

Standardize the nonstandard

When users such as VIP users want more than the standard offering, have a more prestigious option available. This approach will help you to proactively anticipate your users’ needs.

Consider multiple personas when building your standards, training, and migrations

Early Adopters, Late Adopters, VIP Users, Road Warriors, and Hoarders – these five personas will exist in one form or another throughout your user groups.

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

User Group Analysis Workbook

Use these worksheets to guide your analysis.

End-User Computing Ideas Catalog

Compare options for your end-user computing environment.

Standard End-User Entitlements and Offerings

Define your supported offerings and publish this document in your service catalog.

Policy Templates

Use these templates as a starting point for addressing policy gaps.

Key deliverable:

End-User Computing Strategy

Document your strategy using this boardroom-ready template.

Blueprint benefits

IT Benefits

• Deliver immediate value to end users.
• Provide the best service based on the user persona.
• Provide better device coverage.
• Use fewer tools to manage a less diverse but equally effective array of end-user computing devices.
• Provide more managed devices that will help to limit risk.
• Have better visibility into the end-user computing devices and apps.

Business Benefits

• Conduct corporate business under one broad strategy.
• Provide support to IT for specific applications and devices.
• Take advantage of more scalable economies for providing more advantageous technologies.
• Experience less friction between end users and the business and higher end-user satisfaction.

Measure the value of this blueprint

Your end-user computing strategy is an investment

Track the returns on your investment, even if those returns are soft benefits and not cost reductions

User Satisfaction

• Satisfaction with device
• Satisfaction with business apps
• Satisfaction with service desk timeliness
• Satisfaction with service desk effectiveness
• Satisfaction with IT Employee engagement

Total Cost

• Spend on each type of device
• Cost of licenses for management tools, operating systems, and apps
• Cost of support agreements # of support tickets per device per employee
• Time spent supporting devices per tier or support team
• Time spent per OS/app release

Risk Mitigation

• # of devices that are end-of-life
• % of devices in compliance
• # of unmanaged devices
• # of devices that have not checked in to management tool

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

Guided Implementation

"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

Workshop

"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

Consulting

"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks are used throughout all four options.

Guided Implementation

What does a typical GI on this topic look like?

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is 8 to 10 calls over the course of 4 to 6 months.

Phase 1: Set the Direction

• Call #1: Review trends in end-user computing and discuss your current state.
• Call #2: Perform a user group analysis.
• Call #3: Identify desired benefits and map to stakeholder drivers.

Phase 2: Define the Offering

• Call #4: Define standard offerings.
• Call #5: Select provisioning models.
• Call #6: Outline supporting services and opportunities to shift end-user computing support left.
• Call #7: Identify gaps in governance and policies.

Phase 3: Build the Roadmap

• Call #8: Develop initiatives.
• Call #9: Plan migration and build roadmap.

EUC Strategy Workshop Overview

Contact your account representative for more information.

workshops@infotech.com 1-888-670-8889

Phase 1

Set the Direction

Set the Direction

1.1 Identify Desired Benefits

1.2 Perform a User Group Analysis

1.3 Define the Vision

Define the Offering

2.1 Define the Standard Offerings

2.2 Outline Supporting Services

2.3 Define Governance and Policies

Build the Roadmap

3.1 Develop Initiatives

This phase will walk you through the following activities:

• Current-state analysis
• Goals cascade
• Persona analysis

This phase involves the following participants:

• End-User Computing Team
• IT Leadership

Set a direction that will create value for IT, stakeholders, and end users

Use your insights to build your strategy

Start by downloading Info-Tech’s End-User Computing Strategy Template

1. Perform a stop-start-continue exercise for how IT supports end-user devices.
2. Perform a goals cascade to identify how the end-user computing strategy can align with and support senior leaders’ priorities and strategic objectives.
3. Perform a user group analysis to identify what IT can do to provide additional value to end users.
4. Use the results to define a vision for your end-user computing strategy and in-scope benefits.

Download the End-User Computing Strategy Template.

Step 1.1

Identify Desired Benefits

Activities

1.1.1 Assess the current state of end-user computing

1.1.2 Perform a SWOT analysis

1.1.3 Map benefits to stakeholder drivers and priorities

Optional: Identify current total cost of ownership

This step requires the following inputs:

• Current approach for end-user computing
• List of strengths and weaknesses of the current approach

This step involves the following participants:

• CIO
• End-User Computing Team
• IT Leadership
• End-User Computing Manager

Outcomes of this step

• Defined success metrics that are tied to business value
• Vision statement, mission statement, and guiding principles

Review your current state for each end-user computing practice

1. Devices
   • Corporate-issued devices
   • Standard offerings
2. User Support
   • Self-service
   • Tier 1 support
3. Use Cases
   • Providing value
   • Business apps
4. Policy & Governance
   • Personal device use
   • IT policy
5. Fitness for Use
   • Securing devices
   • Patching

1.1.1 Assess the current state of end-user computing

Discuss IT’s strengths and challenges

Review your success in responding to the trends highlighted in the executive brief.

• Start by reviewing the trends in the executive brief. Identify which trends you would like to focus on.
• Review the domains below. Discuss:
  • Your current approach
  • Strengths about this approach
  • Challenges faced with this approach
• Document the results in the “Current-State Assessment” section of your End-User Computing Strategy.

1. Devices
   • Corporate-issued devices
   • Standard offerings
2. User Support
   • Self-service
   • Tier 1 support
3. Use Cases
   • Providing value
   • Business apps
4. Policy & Governance
   • Personal device use
   • IT policy
5. Fitness for Use
   • Securing devices
   • Patching

Download the End-User Computing Strategy Template.

Consider these aspects of end-user computing in your assessment

Devices: As shown in the executive brief, devices are necessary for satisfaction in IT. In your current-state assessment, outline the principal means by which users are provided with a desktop and computing.

• Corporate-issued devices: Document the types of devices (e.g. laptops, desktops, smartphones) and operating systems that IT currently supports.
  • Strengths: Highlight user satisfaction with your current offerings by referencing recent relationship surveys.
  • Challenges: Document corporate-issued devices where stakeholders and users are not satisfied, platforms that stakeholders would like IT to support, etc.
• Standard offerings: Name the high-level categories of devices that you offer to end users (e.g. standard device, power device).
  • Strengths: Outline steps that IT has taken to improve the portfolio of standard offerings and to communicate the offerings.
  • Challenges: Identify areas to improve the standard offerings.

User support: Examine how the end-user computing team enables a high-quality customer service experience. Especially consider self-service and tier 1 support.

• Self-service: Describe the current state of your self-service capabilities (e.g. name of the self-service portal, number of apps in the app store).
  • Strengths: Outline successes with your self-service capabilities (e.g. use of self-service tools, recently deployed tools, newly supported platforms).
  • Challenges: Identify gaps in self-service capabilities.
• Tier 1 support: Document the number of end-user computing incidents and service requests that are resolved at tier 1 as well as the number of incidents and service requests that are resolvable without escalation.
  • Strengths: Identify technologies that make first contact resolution possible. Outline other items that support tier 1 resolution of end-user computing tickets, such as knowledgebase articles and training programs.
  • Challenges: Document areas in which tier 1 resolution of end-user computing tickets is not feasible.

Considerations (cont’d.)

Use cases: Reflect on how IT and end-user computing supports users’ most important use cases. Consider these aspects:

• Providing value: Identify the number of user groups for which you have completed a user group analysis. Outline your major approaches for capturing feedback, such as relationship surveys.
  • Strengths: Document any successful initiatives around stakeholder relationships and requirements gathering. You can also highlight successful metrics, such as high satisfaction scores from a team, department, or division.
  • Challenges: Identify where there are dissatisfied stakeholders and gaps in product offerings and where additional work around value generation is required.
• Business apps: Outline your major business apps and your approach to improvement for these apps. If you need assistance gathering feedback from end users and stakeholders, you can use Info-Tech’s Application Portfolio Assessment.
  • Strengths: Show the EUC team’s successes in supporting critical business apps (e.g. facilitating user acceptance testing, deploying via endpoint management tool).
  • Challenges: Name business apps that are not meeting stakeholder needs. Consider if end users are dissatisfied with an app, if IT is unable to adequately monitor and support a business app, etc.

Policy and governance: Document the current state of policies governing the use of end-user computing devices, both corporate-issued and personally owned. Review Step 2.3 for a list of policy questions to address and for links to policy templates.

• Personal device use: Explain which users are allowed to use personally owned devices, what use cases are supported, and which types of devices are supported. Also, highlight explicit prohibitions.
  • Strengths: Highlight major accomplishments with BYOD, utilization metrics, etc. Consider including any platforms or apps that support BYOD (e.g. Microsoft Office 365).
  • Challenges: Identify where there are gaps in your support for personal devices. Examples can include insufficient management tools, lack of feedback from end users on BYOD support, undefined policies and governance, and inadequate support for personal devices.

Considerations (cont’d.)

IT policies: List your current policy documents. Include policies that relate to end-user computing, such as security policy documents; acceptable use policy documents; purchasing policies; documents governing entitlements to computers, tablets, smartphones, and prestigious devices; and employee monitoring policy documents.

• Strengths: Outline the effectiveness of these policies, user compliance to these policies, and your success in enforcing these policies.
• Challenges: Identify where you have gaps in user compliance, gaps in enforcing policies, many exceptions to a policy, etc.

Fitness for use: Reflect on your ability to secure users, enterprise data, and computers. Document your current capabilities to ensure devices are adequately secured and risks adequately mitigated.

• Securing devices: Describe your current approach to implementing security baselines, protecting data, and ensuring compliance.
  • Strengths: Highlight your accomplishments with ensuring devices meet your security standards and are adequately managed.
  • Challenges: Identify areas that are not adequately protected, where IT does not have enough visibility, and devices on which IT cannot enforce security standards.
• Patching: Describe your current approach to distributing OS patches, distributing app patches, and ensuring patch compliance.
  • Strengths: Outline steps that IT has taken to improve release and deployment practices (e.g. user acceptance testing, deployment rings).
  • Challenges: When is IT unable to push a patch to a device? Outline when devices cannot receive a patch, when IT is unable to ensure patches are installed, and when patches are disruptive to end users.

1.1.2 Perform a SWOT analysis

Summarize your current-state analysis

To build a good strategy, you need to clearly understand the challenges you face and opportunities you can leverage.

• Summarize IT’s strengths. These are positive aspects internal to IT.
• Summarize IT’s challenge. What internal IT weakness should the strategy address?
• Identify high-level opportunities. Summarize positive factors that are external to IT (e.g. within the larger organization, strong vendor relationships).
• Document threats. What external factors present a risk to the strategy?

Record your SWOT analysis in the “Current-State Assessment” section of your End-User Computing Strategy Template.

Download the End-User Computing Strategy Template.

1.1.3 Map benefits to stakeholder drivers and priorities

Use a goals cascade to identify benefits that will resonate with the business

Identify how end-user computing will support larger organizational strategies, drivers, and priorities

1. Identify stakeholders. Focus on senior leaders – user groups will be addressed in Step 1.2.
2. For each stakeholder, identify three to five drivers or strategic priorities. Use the drivers as a starting point to:
   1. Increase productivity
   2. Mitigate risks
   3. Optimize costs
3. Map the benefits you brainstormed in Step 1.1 to the drivers. It’s okay to have benefits map to multiple drivers.
4. Re-evaluate benefits that don’t map to any drivers. Consider removing them.

Record this table on the “Goals Cascade” slide in the “Vision and Desired Benefits” section of your End-User Computing Strategy Template.

Use the CEO-CIO Alignment Program to identify which business benefits are most important.

Sample end-user computing benefits

Optional: Identify current total cost of ownership

Be mindful of hidden costs, such as those associated with supporting multiple devices and maintaining a small fleet of corporate devices to ensure business continuity with BYOD.

• Use the Hardware Asset Management Budgeting Tool to forecast spend on devices (and infrastructure) based on project needs and devices nearing end of life.
• Use the Mobile Strategy TCO Calculator to estimate the total cost of all the different aspects of your mobile strategy, including:
  • Training
  • Management platforms
  • Custom app development
  • Travel and roaming
  • Stipends and taxes
  • Support
• Revisit these calculators in Phase 2. Use the TCO calculator when considering different approaches to mobility and end-user computing.

Insert the results into your End-User Computing Strategy Template.

Download the HAM Budgeting Tool.

Download the Mobile Strategy TCO Calculator.

Step 1.2

Perform a User Group Analysis

Activities

1.2.1 Organize roles based on how they work

1.2.2 Organize users into groups

1.2.3 Document the current offerings

1.2.4 Brainstorm pain points and desired gains for each user group

This step requires the following inputs:

• List of roles and technologies
• User feedback
• List of personas

This step involves the following participants:

• End-User Computing Team
• IT Leadership
• End-User Computing Manager

Outcomes of this step

• List of user groups and use cases for each group
• List of current offerings for each user group
• Value analysis for each user group

Gather the information you need

Use the Application Portfolio Assessment to run a relationship survey.

Dive deeper with the blueprint Improve Requirements Gathering.

List of Roles and Technology

Organization chart: Consult with HR or department leaders to provide a list of the different roles that exist in each department.

Identity access management tools: You can consult tools like Active Directory, but only if the data is clean.

Apps and devices used: Run a report from your endpoint management tool to see what devices and apps are used by one another. Supplement this report with a report from a network management tool to identify software as a service that are in use and/or consult with department leaders.

User Feedback

Relationship surveys: Tools like the End-User Application Satisfaction Diagnostic allow you to assess overall satisfaction with IT.

Focus groups and interviews: Gather unstructured feedback from users about their apps and devices.

User shadowing: Observe people as they use technology to identify improvement opportunities (e.g. shadow meetings, review video call recordings).

Ticket data: Identify apps or systems that users submit the most incidents about as well as high-volume requests that could be automated.

1.2.1 Organize roles based on how they work

Start by organizing roles into categories based on where they work and how they interact with information.

1. Define categories of where people work. Examples include:
   1. In office, at home, at client sites
   2. Stationary, sometimes mobile, always mobile
   3. Always in same location, sometimes in different locations, always in different locations within a site, mobile between sites
2. Define categories of how people interact with information. Examples include:
   1. Reads information, reads and writes information, creates information
   2. Cases, projects, relationships
3. Build a matrix. Use the location categories on one axis and the interaction categories on the other axis.
4. Place unique job roles on the matrix. Review each functional group’s organizational chart. It is okay if you don’t fill every spot. See the diagram on this page for an example.

1.2.2 Organize users into groups

Populate a user group worksheet for each in-scope group.

1. Within each quadrant, group similar roles together into “User Groups.” Consider similarities such as:
   1. Applications they use
   2. Data and files with which they interact
   3. Business capabilities they support
2. Document their high-level profile:
   1. Where they work
   2. Sensitivity of data they access
   3. Current device and app entitlements
3. Document the resulting user groups. Record each user group on a separate worksheet in the User Group Analysis Workbook.

Download the User Group Analysis Workbook.

1.2.3 Document the current offerings

For each user group, document:

• Primary and secondary computing devices: Their most frequently used computing devices.
• Acceptable use: Whether corporate-issued devices are personally enabled.
• BYOD: Whether this persona is authorized to use their personal devices.
• Standard equipment provided: Equipment that is offered to everyone in this persona.
• Additional devices and equipment offered: Equipment that is offered to a subset of this user group. These items can include more prestigious computers, additional monitors, and office equipment for users allowed to work remotely. This category can include items that require approval from budget owners.
• Top apps: What apps are most commonly used by this user group? What common nonstandard apps are used by this user group?

Standardize the nonstandard

When users such as VIP users want more than the standard offering, have a more prestigious option available. This approach will help you to proactively anticipate your users’ needs.

1.2.4 Brainstorm pain points and desired gains for each user group

Don’t focus only on their experiences with technology

Reference the common personas listed on the next page to help you brainstorm additional pain points and desired gains.

1. Brainstorm pain points. Answer these questions for each role:
   1. What do people find tedious about their day-to-day jobs?
   2. What takes the most effort for them to do?
   3. What about their current toolset makes this user frustrated?
   4. What makes working difficult? Consider their experiences working from a home office, attending meetings virtually or in person, and working in the office.
   5. What challenges does that role have with each process?
2. Brainstorm desired gains from their technology. Answer these questions for each role:
   1. For your end-user computing vision to become a reality for this persona, what outcomes or benefits are required?
   2. What benefits will this persona expect an end-user computing strategy to have?
   3. What improvements does this role desire?
   4. What unexpected benefits or outcomes would surprise this role?
   5. What would make this role’s day-to-day easier?
   6. What location-specific benefits are there (e.g. outcomes specific to working in the office or at home)?

Record each user group’s pain points and desired gains on their respective worksheet.

For additional questions you can ask, visit this Strategyzer blog post by Alexander Osterwalder.

Info-Tech Insight

Identify out-of-scope benefits?

If that desired gain is required for the vision to be achieved for a specific role, you have two options:

• Bring the benefit in scope. Ensure your metrics are updated.
• Bring this user group out of scope. End-user computing improvements will not be valuable to this role without that benefit.

Forcing a user group to use an unsatisfactory tool will severely undermine your chance of success, especially in the project’s early stages.

Consider these common personas when brainstorming challenges and desired gains

What unique challenges will these personas face within each of your user groups? What improvements would each of these personas expect out of an end-user computing strategy?

Early Adopters

• Like trying new ways of working and using the latest technology.
• Very comfortable solving their own issues.
• Enjoy exploring and creating new ways of handling challenges.

Late Adopters

• Prefer consistent ways of working, be it tech or business processes.
• React to tech issues with anxiety and need assistance to get issues fixed.

VIP

• Has a prestigious job and would like to use technology that communicates their status.
• Does not like to resolve their own issues.

Road Warriors

• Always on the go, running between work meetings and appointments.
• Value flexibility and want devices, apps, and tech support that can be used anywhere at any time.

Hoarders

• Want to keep all their devices, data, and apps.
• Will stall when they need to migrate devices or uninstall apps and become unresponsive any time there is a risk of losing something.

Step 1.3

Define the Vision

Activities

1.3.1 Prioritize which benefits you want to achieve

1.3.2 Identify how you will track performance

1.3.3 Craft a vision statement that demonstrates what you’re trying to create

1.3.4 Craft a mission statement for your end-user computing team

1.3.5 Define guiding principles

This step requires the following inputs:

• Goals cascade
• List of benefits
• List of critical success factors (CSFs)

This step involves the following participants:

• End-User Computing Manager
• CIO
• Help Desk Manager
• Infrastructure Manager

Outcomes of this step

• End-User computing KPIs and metrics
• Vision statement
• Mission statement

1.3.1 Prioritize which benefits you want to achieve

Use the MoSCoW sorting technique

Select benefits that appear multiple times in the goals cascade from Activity 1.1.3 as well as your challenges from your current-state assessment.

1. Record which benefits are “Must Haves.” Select benefits that are most important to your highest-priority stakeholders.
2. Record which benefits are “Should Haves.” These benefits are important but not critical.
3. Record which benefits are “Could Haves.” These are low-priority benefits.
4. Record the remaining benefits under “Won’t Have.” These benefits are out-of-scope but can be revisited in the future.

Record the output in your End-User Computing Strategy Template under “Benefit Prioritization” in the “Vision and Desired Benefits” section.

Sample output:

1.3.2 Identify how you will track performance

1. List each unique high-priority benefit from Activity 1.3.1 as a critical success factor (CSF).
2. For each CSF, identify key performance indicators (KPIs) that you can use to track how well you’re progressing on the CSF.
   1. Articulate that KPI as a SMART goal (specific, measurable, achievable, realistic, and timebound).
3. For each KPI, identify the metrics you will use to calculate it.
4. Identify how and when you will:
   1. Capture the current state of these metrics.
   2. Update changes to the metrics.
   3. Re-evaluate the CSFs.
   4. Communicate the progress to the project team and to stakeholders.

Record this information in your End-User Computing Strategy Template.

Sample output:

1.3.3 Craft a vision statement that demonstrates what you’re trying to create

The vision statement communicates a desired future state of the IT organization. The statement is expressed in the present tense. It seeks to articulate the desired role of IT and how IT will be perceived.

Strong IT vision statements have the following characteristics:

• Describes a desired future
• Focuses on ends, not means
• Communicates promise
• Is:
  • Concise; no unnecessary words
  • Compelling
  • Achievable
  • Inspirational
  • Memorable

Sample IT Vision Statements:

• To support an exceptional employee experience by providing best-in-class end-user devices.
• Securely enable access to corporate apps and data from anywhere, at any time, on any device.
• Enable business and digital transformation through secure and powerful virtualization technology.
• IT is a cohesive, proactive, and disciplined team that delivers innovative technology solutions while demonstrating a strong customer-oriented mindset.

1.3.4 Craft a mission statement for your end-user computing team

The IT mission statement specifies the function’s purpose or reason for being. The mission should guide each day’s activities and decisions. The mission statement should use simple and concise terminology and speak loudly and clearly, generating enthusiasm for the organization.

Strong IT mission statements have the following characteristics:

• Articulate the IT function’s purpose and reason for existence
• Describe what the IT function does to achieve its vision
• Define the customers of the IT function
• Can be described as:
  • Compelling
  • Easy to grasp
  • Sharply focused
  • Inspirational
  • Memorable
  • Concise

Sample IT Mission Statements:

• To provide infrastructure, support, and innovation in the delivery of secure, enterprise-grade information technology products and services that enable and empower the workforce at [Company Name].
• To help fulfill organizational goals, the IT department is committed to empowering business stakeholders with technology and services that facilitate effective processes, collaboration, and communication.
• The mission of the information technology (IT) department is to build a solid, comprehensive technology infrastructure; to maintain an efficient, effective operations environment; and to deliver high-quality, timely services that support the business goals and objectives of [Company Name].
• The IT group is customer-centered and driven by its commitment to management and staff. It oversees services in computing, telecommunications, networking, administrative computing, and technology training.

1.3.5 Define guiding principles

Select principles that align with your stakeholders’ goals and objectives

Use these examples as a starting point:

Phase 2

Define the Offering

Set the Direction

1.1 Identify Desired Benefits

1.2 Perform a User Group Analysis

1.3 Define the Vision

Define the Offering

2.1 Define the Standard Offerings

2.2 Outline Supporting Services

2.3 Define Governance and Policies

Build the Roadmap

3.1 Develop Initiatives

This phase will walk you through the following activities:

• Defining standard device entitlements and provisioning models for end-user devices and equipment
• Shifting end-user computing support left
• Identifying policy gaps

This phase involves the following participants:

• End-User Computing Team
• IT Leadership

Step 2.1

Define the Standard Offerings

Activities

2.1.1 Identify the provisioning models for each user group

2.1.2 Define the standard device offerings

2.1.3 Document each user group’s entitlements

This step requires the following inputs:

• Standard End-User Entitlements and Offerings Template
• List of persona groups
• Primary computing devices
• Secondary computing devices
• Supporting operating systems
• Applications and office equipment

This step involves the following participants:

• End-User Computing Manager
• CIO
• Help Desk Manager
• Infrastructure Manager

Outcomes of this step

• End-user device entitlements and offerings standard

This step will walk you through defining standard offerings

You will define the base offering for all users in each user group as well as additional items that users can request (but that require additional approvals).

1. Primary Computing Device
   • The main device used by a worker to complete their job (e.g. laptop for knowledge workers, kiosk or shared tablet for frontline workers).
2. Secondary Computing Devices
   • Additional devices that supports a worker (e.g. a smartphone, tablet, personal computer).
3. Provisioning Models
   • Whether the equipment is corporate-issued versus personally owned and whether personal use of corporate resources is allowed.
4. Apps
   • The software used by the worker. Apps can be locally installed, cloud-based (e.g. SaaS), and/or virtualized and running remotely.
5. Peripherals
   • Additional equipment provisioned to the end user (e.g. monitors, docking station, mice, keyboards).

There is always a challenge of determining who gets what and when

The goal is balancing cost, risk, and employee engagement

The right balance will be different for every organization

• IT can’t always say no to new ideas from the business. For example, if the organization wants to adopt Macs, rather than resisting IT should focus on identifying how Macs can be safely implemented.
• Smartphones may not be necessary for a job, but they can be a valid employee perk. Not every employee may be entitled to the perk. There may be resentment between employees of the same level if one of the employees has a corporate-issued, business-only phone for their job function.
• The same laptop model may not work for everyone. Some employees may need more powerful computers. Some employees may want more prestigious devices. Other employees may require a suite of apps that is only available on non-Windows operating systems.

Action Item: Provide a defined set of standard options to the business to proactively address different needs.

A good end-user computing strategy will effectively balance:

• User Choice
• Risk
• Cost

Your standard offerings need to strike the right balance for your organization.

Review the End-User Computing Ideas Catalog

Compare pros and cons of computing devices and operating systems for better decision making

The catalog provides information about choices in:

• Provisioning models
• Operating systems
• Device form factors

Review the catalog to learn about items that can help your organization to achieve the desired vision from Phase 1.

As you review the catalog, think about these questions:

• What primary and secondary devices can you provide?
• What operating systems do these devices support?
• What are the provisioning models you will use, considering each model’s weaknesses and strengths?
• How can you more effectively balance user choice, risk, and cost?

Download the End-User Computing Ideas Catalog.

2.1.1 Identify the provisioning models for each user group

1. Review the definitions in the End-User Computing Ideas Catalog.
2. Build a table. List the major user groups along the top of the table and applications down the rows.
3. Brainstorm provisioning models that will be used for primary and secondary devices for each persona group.
4. Record your provisioning models in the Standard End-User Entitlements and Offerings Template.

Download the End-User Computing Ideas Catalog.

Download the Standard End-User Entitlements and Offerings Template.

Identify multiple device options

Offer standard, power, and prestigious offerings

Prioritize offering models and align them with your user groups.

• Standard device: This offering will work for most end users.
• Power device: This offering will provide additional RAM, processor speed, storage, etc., for users that require it. It is usually offered as an additional option that requires approval.
• Prestigious device: This offering will be provided to VIP users.
• Portable device: This offering is for employees within a user group that moves around more often than others. This type of offering is optional – consider having a separate user group for these users that get a more portable laptop as their standard device.

Standardize the nonstandard

When users such as VIP users want more than the standard offering, have a more prestigious option ready to offer. This approach will help you to proactively anticipate your users’ needs.

Who approves?

Generally, if it is a supported device, then the budget owner determines whether to allow the user to receive a more powerful or more prestigious device.

This decision can be based on factors such as:

• Business need – does the user need the device to do their job?
• Perk or benefit – is the device being offered to the end user as a means of increasing their engagement?

If IT gets this answer wrong, then it can result in shadow IT

Document your answer in the Device Entitlement Policy Template.

2.1.2 Define the standard device offerings

Consider all devices and their supporting operating systems.

1. On a flip chart or whiteboard, build a matrix of the supported form factors and operating systems.
2. For each cell, document the supported vendor and device model.
3. Identify where you will provide additional options.

2.1.3 Document each user groups’ entitlements

Not every persona needs to be entitled to every supported option

Use the Standard End-User Entitlements and Offerings Template as a starting point.

• Create a separate section in the document for each persona. Start by documenting the provisioning models for each type of device.
• Record the standard offering provided to members of each persona as well as additional items that can be provided with approval. Record this information for:
  • Primary computing devices
  • Secondary computing devices
• Optional: Document additional items that will be provided to members of each persona as well as additional items they can request, such as:
  • Apps
  • Office equipment

Download the Standard End-User Entitlements and Offerings Template.

Step 2.2

Outline Supporting Services

Activities

2.2.1 Review device management tools and capabilities

2.2.2 Identify common incidents and requests for devices

2.2.3 Record how you want to shift resolution

2.2.4 Define which IT groups are involved in supporting practices

Define the Offering

This step requires the following inputs:

• Standard End-User Entitlements and Offerings Template
• List of supporting devices
• Common incidents and requests
• List of supporting practices

This step involves the following participants:

• End-User Computing Manager
• CIO
• Help Desk Manager
• Infrastructure Manager

Outcomes of this step

• List of IT groups who are involved in supporting devices
• Responsibilities of each group for requests and incidents

2.2.1 Review device management tools and capabilities

Document the tools that you use to manage each OS and identify gaps

If there are different approaches to managing the same OS (e.g. Windows devices that are co-managed versus Windows devices that are only managed by Intune), then list those approaches on separate rows.

Document the results on the “IT Management Tools” slide in the “IT Support” section of your End-User Computing Strategy Template.

2.2.2 Identify common incidents and requests for devices

Analyze your service desk ticket data. Look for the following information:

• The most common incidents and service requests around end-user devices and business apps
• Incident categories and service requests that almost always involve escalations

Record the level at which these tickets can be resolved today. Ensure you include these groups:

• Tier 0 (i.e. end-user self-service)
• Tier 1 (i.e. user’s first point of contact at the service desk)
• Desk-side support and field-support groups
• End-user computing specialist teams (e.g. desktop engineering, mobile device management teams)
• Other specialist teams (e.g. security, enterprise applications, DevOps)

Record the desired state. For each incident and request, to where do you want to shift resolution?

Record this chart on the “Current State of IT Support” slide in the “IT Support” section of your End-User Computing Strategy Template.

2.2.3 Record how you want to shift resolution

Identify opportunities to improve self-service and first contact resolution.

Starting with the chart you created in Activity 2.2.2, record the desired state. For each incident and request, to where do you want to shift resolution?

• Identify quick wins. Where will it take low effort to shift resolution? Denote these items with a “QW” for quick win.
• Identify high-value, high-effort shifts. Where do you want to prioritize shifting resolution? Base this decision on the desired benefits, guiding principles, and vision statement built in Phase 1. Denote these items with an “H” for high.
• Identify low-value areas. Where would shifting provide low value to end users and/or would have low alignment to the benefits identified in Phase 1? Denote these items with an “L” for low.
• Identify where no shift can occur. Some items cannot be shifted to self-service or to tier 1 due to governance considerations, security factors, or technical complexity. Denote these items with an “OoS” for out of scope.

Use the “Opportunities to Provide Self-Service and Articles” and “Desired State” slides in the “IT Support” section of your End-User Computing Strategy Template to document quick wins and high-value, high-effort shifts.

2.2.4 Define which IT groups are involved in supporting practices

Repeat activities 2.2.2 and 2.2.3 with the following list of tasks

IT Asset Management

• Purchasing devices
• Purchasing software licenses
• Imaging devices
• Deploying devices
• Deploying software
• Recovering devices
• Recovering software

Release Management

• Testing patches
• Testing app updates
• Testing OS updates
• User acceptance testing

Managing Service Catalogs

• Defining standard device offerings
• Defining standard software offerings
• Defining device and software entitlements
• Updating published catalog entries

Knowledge Management

• Writing internal KB articles
• Writing user-facing articles
• Training specialists
• Training service desk agents
• Training users

Portfolio Management

• Prioritizing app upgrades or migrations
• Prioritizing OS migrations
• Prioritizing end-user computing projects

Step 2.3

Define Governance and Policies

Activities

2.3.1 Answer these organizational policy questions

2.3.2 Answer these security policy questions

Define the Offering

This step requires the following inputs:

• List of supporting devices
• List of persona groups
• List of use cases

This step involves the following participants:

• End-User Computing Manager
• CIO
• Help Desk Manager
• Infrastructure Manager

Outcomes of this step

• End-user computing organizational and security policies

Focus on organizational policies and enforcement

Policies set expectations and limits for mobile employees

Enforcement refers to settings on the devices, management and security tools, and process steps.

• Policies define what should and should not be done with user-facing technology. These policies define expectations about user and IT behavior.
• Enforcement ensures that policies are followed. User policies must often be enforced through human intervention, while technology policies are often enforced directly through infrastructure before any people get involved.

Use the “Policies” section in the End-User Computing Strategy Template to document the answers in this section. Activities 2.3.2 and 2.3.3 present links to policy templates. Use these templates to help address any gaps in your current policy suite.

2.3.1 Answer these organizational policy questions

Identify if there are different expectations for certain user groups, where exceptions are allowed, and how these policies will be enforced.

Entitlements

• Who is entitled to receive and use prestigious computers?
• Who is entitled to receive and use a smartphone?
• What users are entitled to a stipend for personal device use?

Personal Device Use

• What use cases are supported and are not supported on personal devices?
• What level of visibility and control does IT need over personal devices?

Acceptable Use

• Are people allowed to use corporate resources for personal use?
• What are the guidelines around personal use?
• Are users allowed to install personal apps on their corporate-issued computers and/or mobile devices?

Purchasing and Reimbursement

• Who is allowed to purchase devices? Apps?
• When can users file a reimbursement request?

Employee Monitoring

• What user information is monitored?
• When can that information be used and when can it not be used?

Use the “Policies” section of the End-User Computing Strategy Template to document these answers.

Identify organizational policy gaps

Use these templates as a starting point

Entitlements

Download the Mobile Device Connectivity & Allowance Policy template.

Purchasing & Reimbursement

Download the Purchasing Policy template.

Download the Mobile Device Reimbursement Policy template.

Download the Mobile Device Reimbursement Agreement template.

Acceptable Use

Download the General Security – User Acceptable Use Policy template.

Personal Device Use

Download the BYOD Acceptable Use Policy template.

Download the Mobile Device Remote Wipe Waiver template.

Employee Monitoring

Download the General Security – User Acceptable Use Policy template.

Visit the Reduce and Manage Your Organization’s Insider Threat Risk blueprint to address this gap.

2.3.2 Answer these security policy questions

Identify if there are different expectations for certain user groups, where exceptions are allowed, and how these policies will be enforced.

Use Cases

• What data and use cases are subject to stricter security measures?
• Are certain use cases or data prohibited on personal devices?
• Are there restrictions around where certain use cases are performed and by whom?

Patching

• Are users expected to apply OS and app updates and patches? Or does IT automate patching?

Physical Security

• What does the user need to do to secure their equipment?
• If a device is lost or stolen, who does the user contact to report the lost or stolen device?

Cybersecurity

• How will IT enforce security configuration baselines?
• What does the user need to do (or not do) to secure their device?
• Are certain users allowed to have local admin rights?
• What happens when a device doesn’t comply with the required security configuration baseline?

Use the “Policies” section of the End-User Computing Strategy Template to document these answers.

Identify security policy gaps

Use these templates as a starting point

Use Cases

Download the General Security – User Acceptable Use Policy template.

Visit the Discover and Classify Your Data blueprint to address this gap.

Patching

Download the General Security – User Acceptable Use Policy template.

Physical and Cyber Security

Download the General Security – User Acceptable Use Policy template.

Visit the Develop and Deploy Security Policies blueprint to address this gap.

For help defining your own security configuration baselines for each operating system, reference best practice documentation such as:

National Institute of Standards and Technology’s National Checklist Program.

Center for Internet Security’s solutions.

Microsoft’s security baseline settings for Windows 10 and 11 Configuration Service Providers.

Phase 3

Build the Roadmap

Set the Direction

1.1 Identify Desired Benefits

1.2 Perform a User Group Analysis

1.3 Define the Vision

Define the Offering

2.1 Define the Standard Offerings

2.2 Outline Supporting Services

2.3 Define Governance and Policies

Build the Roadmap

3.1 Develop Initiatives

This phase will walk you through the following activities:

• Defining initiatives for each EUC domain
• Building a customer journey map for any end-user computing migrations
• Building a roadmap for EUC initiatives

This phase involves the following participants:

• End-User Computing Team

Step 3.1

Develop Initiatives

Activities

3.1.1 Identify initiatives for each EUC practice

3.1.2 Build out the user’s migration journey map

3.1.3 Build out a list of initiatives

Build the Roadmap

This step requires the following inputs:

• User group workbook
• Migration initiatives

This step involves the following participants:

• Infrastructure Director
• Head of End-User Computing
• End-User Computing Team
• Project Manager (if applicable)

Outcomes of this step

• End-user computing roadmap
• Migration plan

3.1.1 Identify the gaps in each EUC area

Build a high-level profile of the changes you want to make

For each of the five areas, build a profile for the changes you want to implement. Record:

1. The owner of the area
2. The objective that you want to accomplish
3. The desired benefits from focusing on that area
4. Any dependencies to the work
5. Risks that can cause the objective and benefits to not be achieved

Identify the initiatives involved in each area.

Document these profiles and initiatives in the “Roadmap” section of your End-User Computing Strategy Template.

1. Devices
   • Corporate-issued devices
   • Standard offerings
2. User Support
   • Self-service
   • Tier 1 support
3. Use Cases
   • Providing value
   • Business apps
4. Policy & Governance
   • Personal device use
   • IT policy
5. Fitness for Use
   • Securing devices
   • Patching

Your initiatives may require a user migration

Plan the user’s migration journey

Consider each user group’s and each persona’s unique needs and challenges throughout the migration.

1. Preparing to migrate: The user may need to schedule the migration with IT and back up files.
2. Migrating: IT executes the migration (e.g. updates the OS, changes management tools).
3. Getting assistance: When a user experiences an error during the migration, how will they get help from IT?
4. Post-migration: How will IT and the user know that the migration was successful one week later?

Understand the three migration approaches

Online

Users execute the migrate on their own (e.g. Microsoft’s consumer migration to Windows 10).

In person

Users come in person, select a device, and perform the migration with a specialist. If the device needs support, they return to the same place (e.g. buying a computer from a store).

Hybrid

Users select a device. When the device is ready, they can schedule time to pick up the device and perform the migration with a specialist (e.g. purchasing an iPhone in advance from Apple’s website with in-store pick-up).

Be prepared to support remotely

Migrations to the new tool may fail. IT should check in with the user to confirm that the device successfully made the migration.

3.1.2 Build out the user’s migration journey map

Contemplate a roadmap to plan for end-user computing initiatives

• As a group, brainstorm migration initiatives.
• For each of the four phases, identify:
  • User activities: actions we need the user to do
  • IT activities: actions and processes that IT will perform internally
  • User touchpoints with IT: how the user will interact with the IT group
  • Opportunities: ideas for how IT can provide additional value to the end user in this phase.
• Use the example in the End-User Computing Strategy Template as a starting point.

Download the End-User Computing Strategy Template.

Embed requirements gathering throughout your roadmap

Use a combination of surveys, focus groups, and interviews

You’re doing more than eliciting opinions – you’re performing organizational change management.

• Use surveys to profile the demand for specific requirements. When a project is announced, develop surveys to gauge what users consider must-have, should-have, and could-have requirements.
• Interviews should be used with high-value targets. Those who receive one-on-one face time can help generate good requirements and allow for effective communication around requirements.
• Focus groups are used to get input from multiple people in a similar role. This format allows you to ask a few open-ended questions to groups of about five people.

The benefits of interviews and focus groups:

• Foster direct engagement: IT is able to hear directly from stakeholders about what they are looking to do with a solution and the level of functionality that they expect from it.
• Offer greater detail: With interviews, greater insight can be gained by leveraging information that traditional surveys wouldn’t uncover. Face-to-face interactions provide thorough answers and context that helps inform requirements.
• Remove ambiguity: Face-to-face interactions allow opportunities to follow up on ambiguous answers. Clarify what stakeholders are looking for and expect in a project.
• Enable stakeholder management: Interviews are a direct line of communication with project stakeholders. They provide input and insight and help to maintain alignment, plan next steps, and increase awareness within the IT organization.

Activity instructions:

1. Early requirements ideation: Identify who you want to interview through one-on-one meetings and focus groups.
2. Requirements validation and prioritization: Identify which user groups you plan to survey and when.
3. Usability testing: Plan to include usability testing during each phase. Build it into your release practices.

3.1.3 Build out a list of initiatives

Download a copy of the Roadmap Tool

On tab “1. Setup”:

• Update category 1 to be all the EUC areas (i.e. Devices, User Support).
• Update category 2 and category 3 with meaningful items (e.g. operating system, device model, persona group).

Use tab “2. Data Entry” to record your list of initiatives.

• Each initiative should have its own row. Write a high-level summary under “Roadmap Item” and include more detail under “Description and Rationale.”
• Enter each initiative’s effort, priority, and timeline for beginning. These are mandatory fields for tab “3. Roadmap” to work properly.

Use tab “3. Roadmap” to visualize your data. You will have to press “Refresh All” under Data in the ribbon for the PivotChart to update.

Copy the roadmap visual on tab “3. Roadmap” into your End-User Computing Strategy Template. You can also copy the list of initiatives over into the document.

Download the Roadmap Tool.

Summary of Accomplishment

Problem Solved

You built a strategy to improve the balance between user enablement, risk mitigation, and cost optimization. Throughout the blueprint, you identified opportunities to provide additional value to end users and stakeholders during these activities:

• Goals cascade
• User group analysis
• Definition of standard device types and platforms
• IT support shift-left analysis
• Policy gap analysis
• Roadmapping

If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

Contact your account representative for more information.

workshops@infotech.com

1-888-670-8889

Additional Support

If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

Contact your account representative for more information.

workshops@infotech.com 1-888-670-8889

To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

Identify User Groups

Identify each user group based on the business processes, tasks, and applications they use.

Define Standard Device Offerings

Record your provisioning models for each user group and the primary and secondary devices, apps, and peripherals that each group receives.

Related Info-Tech Research

Simplify Remote Deployment With Zero-Touch Provisioning

This project helps you align your zero-touch approach with stakeholder priorities and larger IT strategies. You will be able to build your zero-touch provisioning and patching plan from both the asset lifecycle and the end-user perspective to create a holistic approach that emphasizes customer service. Tailor deployment plans to more easily scope and resource deployment projects.

Implement Hardware Asset Management

This project will help you analyze the current state of your HAM program, define assets that will need to be managed, and build and involve the ITAM team from the beginning to help embed the change. It will also help you define standard policies, processes, and procedures for each stage of the hardware asset lifecycle, from procurement through to disposal.

Govern Office 365

This project will help you conduct a goals exercise and capability assessment for Office 365. You will be able to refine governance objectives, build out controls, formalize governance, build out one pagers, and finalize a communication plan.

Research Contributors and Experts

• Steve Fox, Deputy IT Director, Virginia State Corporation Commission
• Mazen Joukhadar, TransForm Shared Service Organization
• Nathan Schlaud, PMO Senior Director, RPC Inc.
• Rebecca Mountjoy, Infrastructure Systems Manager, BlueScope Buildings
• DJ Robins, Director of Information Technology, Mohawk MedBuy
• Jason Jenkins, Tech. Specialist, Michal Baker Corp.
• Brad Wells, IT Infrastructure Solutions Architect, London Police Service
• Danelle Peddell, Director, Project Management Office, Emco Corporation
• John Annand, Principal Research Director, Info-Tech Research Group
• Allison Kinnaird, Research Director and Research Lead, Info-Tech Research Group
• Sandi Conrad, Principal Research Director, Info-Tech Research Group
• Andrew Kum-Seun, Senior Research Analyst, Info-Tech Research Group
• Mark Tauschek, Vice President IT Infrastructure & Operations Research, Info-Tech Research Group

A special thank-you to 6 anonymous contributors

Bibliography

“2020 Annual Report and Proxy.” Citrix, 2020. Accessed Oct. 2021.

“2021 BYOD Security Report.” Cybersecurity Insiders, 2021. Web.

Anderson, Arabella. “12 Remote Work Statistics to Know in 2022.” NorthOne, 2021. Accessed Oct. 2021.

Bayes, Scarlett. “ITSM: 2021 & Beyond.” Service Desk Institute, 14 April 2021, p. 14. Web.

Belton, Padraig. “Intel: Chip shortage will extend to at least 2023.” Light Reading, 22 Oct. 2021. Web.

Beroe Inc. “Demand for PC Components Saw a Surge Due to COVID-19, Says Beroe Inc.” Cision PR Newswire, 2 Sept. 2021. Web.

Devaraj, Vivekananthan. “Reference Architecture: Remote PC Access.” Citrix, 2021. Accessed Aug. 2021.

“Elements of the Project Charter and Project Scope Statement.” A Guide to PMBOK, 7th edition, PMI, 2021. Accessed Sept. 2021.

Elliott, Christopher. “This Is How The Pandemic Improved Customer Service.” Forbes, 2021. Accessed Oct. 2021.

“Enable TMP 2.0 on your PC.” Microsoft, Support, Aug. 2021. Web.

“End User Computing Trends to Look Out for in 2021.” Stratodesk, 30 Oct. 2020. Accessed September 2021.

“Global State of Customer Service: The Transformation of Customer Service from 2015 to Present Day.” Microsoft, 2019. Web.

Goodman, Elizabeth et al. “Observing the User Experience” A Practitioner's Guide to User Research, 2nd edition. Elsevier, 2012. Accessed Sept. 2021.

Govindarajulu, Chittibabu. “An Instrument to Classify End-Users Based On the User Cube” Informing Science, June 2002. Accessed September 2021.

Griffith, Eric. “Remote Employees to Bosses: Our PCs Suck!” PCMag, 11 Oct. 2021. Web.

Hutchings, Jeffrey D., and Craig A. de Ridder. “Impact of Remote Working on End User Computing Solutions and Services.” Pillsbury, 2021. Accessed Sept. 2021

“ITIL4 Create, Deliver, and Support.” Axelos, 2020. Accessed Sept. 2021.

“ITIL4 Drive Stakeholder Value” Axelos, 2020. Accessed Sept. 2021.

Mcbride, Neil, and Trevor Wood-Harper. “Towards User-Oriented Control of End-User Computing in Large Organizations” Journal of Organizational and End User Computing, vol. 14, no. 1, pp. 33-41, 2002. Accessed September 2021.

““Microsoft Endpoint Configuration Manager Documentation.” Microsoft Docs, Microsoft, 2021. Accessed Sept. 2021.

“Microsoft Intune documentation.” Microsoft Docs, Microsoft. Accessed Sept. 2021.

“Mobile Cellular Subscriptions (per 100 People).” The World Bank, International Telecommunication Union (ITU) World Telecommunication/ICT Indicators Database, 2020. Web.

Morgan, Jacob. “The Employee Experience Advantage: How to Win the War for Talent by Giving Employees the Workspaces they Want, the Tools they Need, and a Culture They Can Celebrate.” Wiley, 2017. Accessed Sept. 2021.

Murphy, Anna. “How the pandemic has changed customer support forever.” Intercom, 2021. Accessed Sept. 2021.

“Operating System Market Share Worldwide, Jan 2021-Jan 2022.” StatCounter GlobalStats, 2022. Web.

“Operating System Market Share Worldwide, Jan-Dec 2011.” StatCounter GlobalStats, 2012. Web.

Pereira, Karla Susiane, et al. “A Taxonomy to Classify Risk End-User Profile in Interaction with the Computing Environment.” In: Tryfonas T. (eds.) Human Aspects of Information Security, Privacy, and Trust. HAS 2016. Lecture Notes in Computer Science, vol. 9750. Accessed Sept. 2021.

Perrin, Andrew. “Mobile Technology and Home Broadband 2020.” Pew Research Center, 3 June 2021. Web.

Quan-Haase, Anabel. “Technology and Society: Social Networks, Power, and Inequality” Oxford University Press, 2012. Accessed Aug. 2021.

Reed, Karin, and Joseph Allen. “Suddenly Virtual: Making Remote Meetings Work.” Wiley, 2021. Accessed Aug. 2021.

Rockart, John F., and Lauren S. Flannery. “The management of end user computing.” Communications of the ACM, vol. 26, no. 10, Oct. 1983. Accessed September 2021.

Turek, Melanie. “Employees Say Smartphones Boost Productivity by 34 Percent: Frost & Sullivan Research.” Samsung Insights, 3 Aug. 2016. Web.

Vladimirskiy, Vadim. “Windows 365 vs. Azure Virtual Desktop (AVD) – Comparing Two DaaS Products.” Nerdio, 2021. Accessed Aug. 2021.

“VMware 2021 Annual Report.” VMware, Financial Document Library, 2021. Web.

VMworld 2021, Oct. 2021.

Vogels, Emily A. “Digital divide persists even as americans with lower incomes make gains in tech adoption.” Pew Research Center, 22 June 2021. Web.

“What is End-User computing?” VMware, 2021. Accessed Aug. 2021.

“Windows 10 Home and Pro.” Microsoft, Docs, 2021. Web.

Zibreg, Christian. “Microsoft 365 Now Boasts Over 50 Million Subscribers.” MUD, 29 April 2021. Web.

Enterprise Architecture Trends

Supporting Executives to Digitally Transform the Enterprise

Analyst Perspective

Enterprise architecture, seen as the glue of the organization, aligns business goals with all the other aspects of the organization, providing additional effectiveness and efficiencies while also providing guardrails for safety.

In an accelerated path to digitization, the increasingly important role of enterprise architecture (EA) is one of collaboration across siloes, inside and outside the enterprise, in a configurable way that allows for quick adjustment to new threats and conditions while embracing unprecedented opportunities to scale, stimulating innovation to increase the organization’s competitive advantage.

Milena Litoiu Principal/Senior Director, Enterprise Architecture Info-Tech Research Group

Accelerated digital transformation elevates the importance of EA

The Digital transformation journey brings Business and technology increasingly closer.

Because the two become more and more intertwined, the role OF Enterprise Architecture increases in importance, aligning the two in providing additional efficiencies.

THE Current need for an accelerated Digital transformation elevates the importance of Enterprise Architecture.

More than 70% of organizations revamp their enterprise architecture programs. (Info-Tech Tech Trends 2022 Survey)

Most organizations still see a significant gap between the business and IT.

Enterprise Architecture (EA) is impacted and has an increasing role in the following areas

Accelerated Digital Transformation

• Business agility Business agility, needed more that ever, increases reliance on enterprise strategies.
  EA creates alignment between business and IT to improve business nimbleness.
• Security More sophisticated attacks require more EA coordination.
  EA helps adjust to the increasing sophistication of external threats. Partnering with the CISO office to develop strategies to protect the enterprise becomes a prerequisite for survival.
• Innovation EA's role in an innovation increases synergies at the enterprise level.
  EA plays an increasingly stronger role in innovation, from business endeavors to technology, across business units, etc.
• Collaborative EA Collaborative EA requires new ways of working.
  Enterprise collaboration gains new meaning, replacing stiff governance.
• Tools & automation Tools-based automation becomes increasingly common.
  Tools support as well as new artificial intelligence or machine- learning- powered approaches help achieve tools-assisted coordination across viewpoints and teams.

Info-Tech Insight

EA's role in brokering and negotiating overlapping areas can lead to the creation of additional efficiencies at the enterprise level.

EA Enabling Business Agility

Trend 01 — Business Agility is needed more than ever and THIS increases reliance on enterprise Strategies. to achieve nimbleness, organizations need to adapt timely to changes in the environment.

Approaches:
A plethora of approaches are needed (e.g. architecture modularity, data integration, AI/ML) in addition to other Agile/iterative approaches for the entire organization.

Optimize Lead Generation With Lead Scoring

In today’s competitive environment, optimizing Sales’ resources by giving them qualified leads is key to B2B marketing success.

EXECUTIVE BRIEF

Analyst Perspective

Improve B2B seller win rates with a lead scoring methodology as part of your modern lead generation engine.

As B2B organizations emerge from the lowered demands brought on by COVID-19, they are eager to convert marketing contacts to sales-qualified leads with even the slightest signal of intent, but many sales cycles are wasted when sellers receive unqualified leads. Delivering highly qualified leads to sellers is still more art than science, and it is especially challenging without a way to score a contact profile and engagement. While most marketers capture some profile data from contacts, many will pass a contact over to Sales without any engagement data or schedule a demo with a contact without any qualifying profile data. Passing unqualified leads to Sales suboptimizes Sales’ resources, raises the costs per lead, and often results in lost opportunities. Marketers need to develop a lead scoring methodology that delivers better qualified leads to Field Sales scored against both the ideal customer profile (ICP) and engagement that signals lower-funnel buyer interest. To be successful in building a compelling lead scoring solution, marketers must work closely with key stakeholders to align the ICP asset/activity with the buyer journey. Additionally, working early in the design process with IT/Marketing Operations to implement lead management and analytical tools in support will drive results to maximize lead conversion rates and sales wins.

Jeff Golterman

Managing Director

SoftwareReviews Advisory

Executive Summary

Your Challenge

The affordability and ease of implementation of digital marketing tools have driven global adoption to record levels. While many marketers are fine-tuning the lead generation engine components of email, social media, and web-based advertising to increase lead volumes, just 32% of companies pass well-qualified leads over to outbound marketers or sales development reps (SDRs). At best, lead gen costs stay high, and marketing-influenced win rates remain suboptimized. At worst, marketing reputation suffers when poorly qualified leads are passed along to sellers.

Common Obstacles

Most marketers lack a methodology for lead scoring, and some lack alignment among Marketing, Product, and Sales on what defines a qualified lead. In their rush to drive lead generation, marketers often fail to “define and align” on the ICP with stakeholders, creating confusion and wasted time and resources. In the rush to adopt B2B marketing and sales automation tools, many marketers have also skipped the important steps to 1) define the buyer journey and map content types to support, and 2) invest in a consistent content creation and sourcing strategy. The wrong content can leave prospects unmotivated to engage further and cause them to seek alternatives.

Info-Tech’s Approach

To employ lead scoring effectively, marketers need to align Sales, Marketing, and Product teams on the definition of the ICP and what constitutes a Sales-accepted lead. The buyer journey needs to be mapped in order to identify the engagement that will move a lead through the marketing lead generation engine. Then the project team can score prospect engagement and the prospect profile attributes against the ICP to arrive at a lead score. The marketing tech stack needs to be validated to support lead scoring, and finally Sales needs to sign off on results.

SoftwareReviews Advisory Insight:

Lead scoring is a must-have capability for high-tech marketers. Without lead scoring, marketers will see increased costs of lead gen, decreased SQL to opportunity conversion rates, decreased sales productivity, and longer sales cycles.

Who benefits from a lead scoring project?

This Research Is Designed for:

• Marketers and especially campaign managers who are:
• Looking for a more precise way to score leads and deploy outbound marketing resources to optimize contacts-to-MQL conversion rates.
• Looking for a more effective way to profile contacts raised by your lead gen engine.
• Looking to use their lead management software to optimize lead scoring.
• Starting anew to strengthen their lead generation engine and want examples of a typical engine, ways to identify buyer journey, and perform lead nurturing.

This Research Will Help You:

• Explain why having a lead scoring methodology is important.
• Identify a methodology that will call for identifying an ICP against which to score prospect profiles behind each contact that engages your lead generation engine.
• Create a process of applying weightings to score activities during contact engagement with your lead generation engine. Apply both scores to arrive at a contact/lead score.
• Compare your current lead gen engine to a best-in-class example in order to identify gaps and areas for improvement and exploration.

This Research Will Also Assist:

• CMOs, Marketing Operations leaders, heads of Product Marketing, and regional Marketing leads who are stakeholders in:
  • Finding alternatives to current lead scoring approaches.
  • Altering current or evaluating new marketing technologies to support a refreshed lead scoring approaches.

This Research Will Help Them:

• Align stakeholders on an overall program of identifying target customers, building common understanding of what constitutes a qualified lead, and determining when to use higher-cost outbound marketing resources.
• Deploy high-value applications that will improve core marketing metrics.

Insight summary

Continuous adjustment and improvement of your lead scoring methodology is critical for long-term lead generation engine success.

• Building a highly functioning lead generation engine is an ongoing process and one that requires continual testing of new asset types, asset design, and copy variations. Buyer profiles change over time as you launch new products and target new markets.
• Pass better qualified leads to Field Sales and improve sales win rates by taking these crucial steps to implement a better lead generation engine and a lead scoring methodology:
• Make the case for lead scoring in your organization.
• Establish trigger points that separate leads to ignore, nurture, qualify, or outreach/contact.
• Identify your buyer journey and ICP through collaboration among Sales, Marketing, and Product.
• Assess each asset and activity type across your lead generation engine and apply a weighting for each.
• Test lead scenarios within our supplied toolkit and with stakeholders. Adjust weightings and triggers that deliver lead scores that make sense.
• Work with IT/Marketing Operations to emulate your lead scoring methodology within your marketing automation/campaign management application.
• Explore advanced methods including nurturing.
• Use the Lead Scoring Workbook collaboratively with other stakeholders to design your own methodology, test lead scenarios, and build alignment across the team.

Leading marketers who successfully implement a lead scoring methodology develop it collaboratively with stakeholders across Marketing, Sales, and Product Management. Leaders will engage Marketing Operations, Sales Operations, and IT early to gain support for the evaluation and implementation of a supporting campaign management application and for analytics to track lead progress throughout the Marketing and Sales funnels. Leverage the Marketing Lead Scoring Toolkit to build out your version of the model and to test various scenarios. Use the slides contained within this storyboard and the accompanying toolkit as a means to align key stakeholders on the ICP and to weight assets and activities across your marketing lead generation engine.

What is lead scoring?

Lead scoring weighs the value of a prospect’s profile against the ICP and renders a profile score. The process then weighs the value of the prospects activities against the ideal call to action (CTA) and renders an activity score. Combining the profile and activity scores delivers an overall score for the value of the lead to drive the next step along the overall buyer journey.

EXAMPLE: SALES MANAGEMENT SOFTWARE

• For a company that markets sales management software the ideal buyer is the head of Sales Operations. While the ICP is made up of many attributes, we’ll just score one – the buyer’s role.
• If the prospect/lead that we wish to score has an executive title, the lead’s profile scores “High.” Other roles will score lower based on your ICP. Alongside role, you will also score other profile attributes (e.g. company size, location).
• With engagement, if the prospect/lead clicked on our ideal CTA, which is “request a proposal,” our engagement would score high. Other CTAs would score lower.

SoftwareReviews Advisory Insight:

A significant obstacle to quality lead production is disagreement on or lack of a documented definition of the ideal customer profile. Marketers successful in lead scoring will align key stakeholders on a documented definition of the ICP as a first step in improving lead scoring.

Use of lead scoring is in the minority among marketers

The majority of businesses are not practicing lead scoring!

Up to 66% of businesses don’t practice any type of lead scoring.

Source: LeadSquared, 2014

“ With lead scoring, you don’t waste loads of time on unworthy prospects, and you don’t ignore people on the edge of buying.”

Source: BigCommerce

“The benefits of lead scoring number in the dozens. Having a deeper understanding of which leads meet the qualifications of your highest converters and then systematically communicating with them accordingly increases both ongoing engagement and saves your internal team time chasing down inopportune leads.”

– Joey Strawn, Integrated Marketing Director, in IndustrialMarketer.com

Key benefit: sales resource optimization

Many marketing organizations send Sales too many unqualified leads

• Leads – or, more accurately, contacts – are not all qualified. Some are actually nothing more than time-wasters for sellers.
• Leading marketers peel apart a contact into at least two dimensions – “who” and “how interested.”
• The “who” is compared to the ICP and given a score.
• The “how interested” measures contact activity – or engagement – within our lead gen engine and gives it a score.
• Scores are combined; a contact with a low score is ignored, medium is nurtured, and high is sent to sellers.
• A robust ICP, together with engagement scoring and when housed within your lead management software, prioritizes for marketers which contacts to nurture and gets hot leads to sellers more quickly.

Optimizing Sales Resources Using Lead Scoring

Lead scoring drives greater sales effectiveness

When contacts are scored as “qualified leads” and sent to sellers, sales win rates and ROI climb

• Contacts can be scored properly once marketers align with Sales on the ICP and work closely with colleagues in areas like product marketing and field marketing to assign weightings to lead gen activities.
• When more qualified leads get into the hands of the salesforce, their win rates improve.
• As win rates improve, and sellers are producing more wins from the same volume of leads, sales productivity improves and ROI on the marketing investment increases.

“On average, organizations that currently use lead scoring experience a 77% lift in lead generation ROI, over organizations that do not currently use lead scoring.”

– MarketingSherpa, 2012

Average Lead Generation ROI by Use of Lead Scoring

Source: 2011 B2B Marketing Benchmark Survey, MarketingSherpa

Methodology: Fielded June 2011, N=326 CMOs

SoftwareReviews’ Lead Scoring Approach

Key Deliverable: Lead Scoring Workbook

The workbook walks you through a step-by-step process to:

• Identify your team.
• Identify the lead scoring thresholds.
• Define your IPC.
• Weight the activities within your lead generation engine.
• Run tests using lead scenarios.

Tab 1: Team Composition

Consider core functions and form a cross-functional lead scoring team. Document the team’s details here.

Tab 2: Threshold Setting

Set your initial threshold weightings for profile and engagement scores.

Tab 3:

Establish Your Ideal Customer Profile

Identify major attributes and attribute values and the weightings of both. You’ll eventually score your leads against this ICP.

Record and Weight Lead Gen Engine Activities

Identify the major activities that compose prospect engagement with your lead gen engine. Weight them together as a team.

Test Lead Profile Scenarios

Test actual lead profiles to see how they score against where you believe they should score. Adjust threshold settings in Tab 2.

Test Activity Engagement Scores

Test scenarios of how contacts navigate your lead gen engine. See how they score against where you believe they should score. Adjust thresholds on Tab 2 as needed.

Review Combined Profile and Activity Score

Review the combined scores to see where on your lead scoring matrix the lead falls. Make any final adjustments to thresholds accordingly.

Several ways we help you build your lead scoring methodology

Guided Implementation

What does a typical GI on this topic look like?

A Guided Implementation (GI) is series of calls with a SoftwareReviews Advisory analyst to help implement our best practices in your organization. For guidance on marketing applications, we can arrange a discussion with an Info-Tech analyst. Your engagement managers will work with you to schedule analyst calls.

Workshop Overview

Accelerate your project with our facilitated SoftwareReviews Advisory workshops

Phase 1

Drive an Aligned Vision for Lead Scoring

This phase will walk you through the following activities:

• Solidify your vision for lead scoring.
• Achieve stakeholder alignment.
• Assess your tech stack.

This phase involves the following stakeholders:

• Field Marketing/Campaign Manager
• CMO
• Product Marketing
• Product Management
• Sales Leadership/Sales Operations
• Inside Sales leadership
• Marketing Operations/IT
• Digital Platform leadership

Step 1.1

Establish a Cross-Functional Vision for Lead Scoring

Activities

1.1.1 Identify stakeholders critical to success

1.1.2 Outline the vision for lead scoring

1.1.3 Select your lead scoring team

This step will walk you through the following activities:

• Discuss the reasons why lead scoring is important.
• Review program process.
• Identify stakeholders and team.

This step involves the following participants:

• Stakeholders
• Project sponsors and leaders

Outcomes of this step

• Stakeholder alignment on vision of lead scoring
• Stakeholders described and team members recorded
• A documented buyer journey and map of your current lead gen engine

1.1.1 Identify stakeholders critical to success

1 hour

1. Meet to identify the stakeholders that should be included in the project’s steering committee.
2. Finalize selection of steering committee members.
3. Contact members to ensure their willingness to participate.
4. Document the steering committee members and the milestone/presentation expectations for reporting project progress and results

SoftwareReviews Advisory Insight:

B2B marketers that lack agreement among Marketing, Sales, Inside Sales, and lead management supporting staff of what constitutes a qualified lead will squander precious time and resources throughout the customer acquisition process.

1.1.2 Outline the vision for lead scoring

1 hour

1. Convene a meeting of the steering committee and initiative team members who will be involved in the lead scoring project.

• Using slides from this blueprint, understand the definition of lead scoring, the value of lead scoring to the organization, and the overall lead scoring process.
• Understand the teams’ roles and responsibilities and help your Marketing Operations/IT colleagues understand some of the technical requirements needed to support lead scoring.
• This is important because as the business members of the team are developing the lead scoring approach on paper, the technical team can begin to evaluate lead management apps within which your lead scoring model will be brought to life.

SoftwareReviews Advisory Insight:

While SMBs can implement some form of lead scoring when volume is very low and leads can be scored by hand, lead scoring and effective lead management cannot be performed without investment in digital platforms and lead management software and integration with customer relationship management (CRM) applications in the hands of inside and field sales staff. Marketers should plan and budget for the right combination of applications and tools to be in place for proper lead management.

Lead scoring stakeholders

Developing a common stakeholder understanding of the ICP, the way contact profiles are scored, and the way activities and asset engagement in your lead generation engine are scored will strengthen alignment between Marketing, Sales and Product Management.

SoftwareReviews Advisory Insight:

Marketers managing the lead scoring initiative must include Product Marketing, Sales, Inside Sales, and Product Management. And given that world-class B2B lead generation engines cannot run without technology enablement, Marketing Operations/IT – those that are charged with enabling marketing and sales – must also be part of the decision making and implementation process of lead scoring and lead generation.

1.1.3 Select your lead scoring team

30 minutes

1. The CMO and other key stakeholders should discuss and determine who will be involved in the lead scoring project.

• Business leaders in key areas – Product Marketing, Field Marketing, Digital Marketing, Inside Sales, Sales, Marketing Ops, Product Management, and IT – should be involved.

• The size of the team will vary depending on your initiative and size of your organization.

Download the Lead Scoring Workbook

Lead scoring team

Consider the core team functions when composing the lead scoring team. Form a cross-functional team (i.e. across IT, Marketing, Sales, Service, Operations) to create a well-aligned lead management/scoring strategy. Don’t let your core team become too large when trying to include all relevant stakeholders. Carefully limit the size of the team to enable effective decision making while still including functional business units.

Step 1.2 (Optional)

Assess Your Tech Stack for Lead Scoring

Our model assumes you have:

1.2.1 A marketing application/campaign management application in place that accommodates lead scoring.

1.2.2 Lead management software integrated with the sales automation/CRM tool in the hands of Field Sales.

1.2.3 Reporting/analytics that spans the entire lead generation pipeline/funnel.

Refer to the following three slides if you need guidance in these areas.

This step will walk you through the following activities:

• Confirm that you have your tech stack in place.
• Set up an inquiry with an Info-Tech analyst should you require guidance on evaluating lead pipeline reporting, CRM, or analytics applications.

This step involves the following participants:

• Stakeholders
• Project sponsors and leaders

Outcomes of this step

• Understanding of what new application and technology support is required to support lead scoring.

SoftwareReviews Advisory Insight:

Marketers that collaborate closely with Marketing Ops/IT early in the process of lead scoring design will be best able to assess whether current marketing applications and tools can support a full lead scoring capability.

1.2.1 Plan technology support for marketing management apps

Work with Marketing Ops and IT early to evaluate application enablement for lead management, including scoring

A thorough evaluation takes months – start early

• Work closely with Marketing Operations (or the team that manages the marketing apps and digital platforms) as early as possible to socialize your approach to lead scoring.
• Work with them on a set of updated requirements for selecting a marketing management suite or for changes to existing apps and tools to support your lead scoring approach that includes lead tracking and marketing funnel analytics.
• Access the Info-Tech blueprint Select a Marketing Management Suite, along with analyst inquiry support during the requirements definition, vendor evaluation, and vendor selection phases. Use the SoftwareReviews Marketing Management Data Quadrant during vendor evaluation and selection.

SoftwareReviews Marketing Management Data Quadrant

1.2.2 Plan technology support for sales opportunity management

Work with Marketing Ops and IT early to evaluate applications for sales opportunity management

A thorough evaluation takes months – start early

• Work closely with Sales Operations as early as possible to socialize your approach to lead scoring and how lead management must integrate with sales opportunity management to manage the entire marketing and sales funnel management process.
• Work with them on a set of updated requirements for selecting a sales opportunity management application that integrates with your marketing management suite or for changes to existing apps and tools to support your lead management and scoring approach that support the entire marketing and sales pipeline with analytics.

Access the Info-Tech blueprint Select and Implement a CRM Platform, along with analyst inquiry support during the requirements definition, vendor evaluation, and vendor selection phases. Use the SoftwareReviews CRM Data Quadrant during vendor evaluation and selection.

SoftwareReviews Customer Relationship Management Data Quadrant

1.2.3 Plan analytics support for marketing pipeline analysis

Work with Marketing Ops early to evaluate analytics tools to measure marketing and sales pipeline conversions

A thorough evaluation takes weeks – start early

• Work closely with Marketing and Sales Operations as early as possible to socialize your approach to measuring the lifecycle of contacts through to wins across the entire marketing and sales funnel management process.
• Work with them on a set of updated requirements for selecting tools that can support the measurement of conversion ratios from contact to MQL, SQL, and opportunity to wins. Having this data enables you to measure improvement in component parts to your lead generation engine.
• Access the Info-Tech blueprint Select and Implement a Reporting and Analytics Solution, along with analyst inquiry support during the requirements definition, vendor evaluation and vendor selection phases. Use the SoftwareReviews Best Business intelligence & Analytics Software Data Quadrant as well during vendor evaluation and selection.

SoftwareReviews Business Intelligence Data Quadrant

Step 1.3

Catalog Your Buyer Journey and Lead Gen Engine Assets

Activities

1.3.1 Review marketing pipeline terminology

1.3.2 Describe your buyer journey

1.3.3 Describe your awareness and lead generation engine

This step will walk you through the following activities:

• Discuss marketing funnel terminology.
• Describe your buyer journey.
• Catalog the elements of your lead generation engine.

This step involves the following participants:

• Stakeholders

Outcomes of this step

• Stakeholder alignment on terminology, your buyer journey, and elements of your lead generation engine

1.3.1 Review marketing pipeline terminology

30 minutes

1. We assume for this model the following:
1. Our primary objective is to deliver more, and more-highly qualified, sales-qualified leads (SQLs) to our salesforce. The salesforce will accept SQLs and after further qualification turn them into opportunities. Sellers work opportunities and turn them into wins. Wins that had first/last touch attribution within the lead gen engine are considered marketing-influenced wins.
2. This model assumes the existence of sales development reps (SDRs) whose mission it is to take marketing-qualified leads (MQLs) from the lead generation engine and further qualify them into SQLs.
3. The lead generation engine takes contacts – visitors to activities, website, etc. – and scores them based on their profile and engagement. If the contact scores at or above the designated threshold, the lead generation engine rates it as an MQL and passes it along to Inside Sales/SDRs. If the contact scores above a certain threshold and shows promise, it is further nurtured. If the contact score is low, it is ignored.
2. If an organization does not possess a team of SDRs or Inside Sales, you would adjust your version of the model to, for example, raise the threshold for MQLs, and when the threshold is reached the lead generation engine would pass the lead to Field Sales for further qualification.

SoftwareReviews Advisory Insight:

Score leads in a way that makes it crystal clear whether they should be ignored, further nurtured, further qualified, or go right into a sellers’ hands as a super hot lead.

1.3.2 Describe your buyer journey

1. Understand the concept of the buyer journey:
1. Typically Product Marketing is charged with establishing deep understanding of the target buyer for each product or solution through a complete buyer persona and buyer journey map. The details of how to craft both are covered in the upcoming SoftwareReviews Advisory blueprint Craft a More Comprehensive Go-to-Market Strategy. However, we share our Buyer Journey Template here (on the next slide) to illustrate the connection between the buyer journey and the lead generation and scoring processes.
2. Marketers and campaigners developing the lead scoring methodology will work closely with Product Marketing, asking them to document the buyer journey.
3. The value of the buyer journey is to guide asset/content creation, nurturing strategy and therefore elements of the lead generation engine such as web experience, email, and social content and other elements of engagement.
4. The additional value of having a buyer persona is to also inform the ICP, which is an essential element of lead scoring.
5. For the purposes of lead scoring, use the template on the next slide to create a simple form of the buyer journey. This will guide lead generation engine design and the scoring of activities later in our blueprint.

2 hours

On the following slide:

1. Tailor this template to suit your buyer journey. Text in green is yours to modify. Text in black is instructional.
2. Your objective is to use the buyer journey to identify asset types and a delivery channel that once constructed/sourced and activated within your lead gen engine will support the buyer journey.
3. Keep your buyer journey updated based on actual journeys of sales wins.
4. Complete different buyer journeys for different product areas. Complete these collaboratively with stakeholders for alignment.

SoftwareReviews Advisory Insight:

Establishing a buyer journey is one of the most valuable tools that, typically, Product Marketing produces. Its use helps campaigners, product managers, and Inside and Field Sales. Leading marketers keep journeys updated based on live deals and characteristics of wins.

Buyer Journey Template

Personas: [Title] e.g. “BI Director”

[Persona name] ([levels it includes from arrows above]) Buyer’s Journey for [solution type] Vendor Selection

1.3.3 Describe Your Awareness and Lead Gen Engine

1. Understand the workings of a typical awareness and lead generation engine. Reference the image of a lead gen engine on the following slide when reviewing our guidance below:
1. In our lead scoring example found in the Lead Scoring Workbook, tab 3, “Weight and Test,” we use a software company selling a sales automation solution, and the engagement activities match with the Typical Awareness and Lead Gen Engine found on the following slide. Our goal is to match a visual representation of a lead gen and awareness engine with the activity scoring portion of lead scoring.
2. At the top of the Typical Awareness and Lead Generation Engine image, the activities are activated by a team of various roles: digital manager (new web pages), campaign manager (emails and paid media), social media marketer (organic and paid social), and events marketing manager (webinars).
3. “Awareness” – On the right, the slide shows additional awareness activities driven by the PR/Corporate Comms and Analyst Relations teams.*
4. The calls to action (CTAs) found in the outreach activities are illustrated below the timeline. The CTAs are grouped and are designed to 1) drive profile capture data via a main sales form fill, and 2) drive engagement that corresponds to the Education, Solution, and Selection buyer journey phases outlined on the prior slide. Ensure you have fast paths to get a hot lead – request a demo – directly to Field Sales when profiles score high.

* For guidance on best practices in engaging industry analysts, contact your engagement manager to schedule an inquiry with our expert in this area. during that inquiry, we will share best practices and recommended analyst engagement models.

Lead Scoring Workbook

2 hours

On the following slide:

1. Tailor the slide to describe your lead generation engine as you will use it when you get to latter steps to describe the activities in your lead gen engine and weight them for lead scoring.
2. Use the template to see what makes up a typical lead gen and awareness building engine. Record your current engine parts and see what you may be missing.
3. Note: The “Goal” image in the upper right of the slide is meant as a reminder that marketers should establish a goal for SQLs delivered to Field Sales for each campaign.

SoftwareReviews Advisory Insight:

Marketing’s primary mission is to deliver marketing-influenced wins (MIWs) to the company. Building a compelling awareness and lead gen engine must be done with that goal in mind. Leaders are ruthless in testing – copy, email subjects, website navigation, etc. – to fine-tune the engine and staying highly collaborative with sellers to ensure high value lead delivery.

Typical Awareness and Lead Gen Engine

Understand how a typical lead generation engine works. Awareness activities are included as a reference. Use as a template for campaigns.

Phase 2

Build and Test Your Lead Scoring Model

This phase will walk you through the following activities:

1. Understand the Lead Scoring Grid and establish thresholds.
2. Collaborate with stakeholders on your ICP, apply weightings to profile attributes and values, and test.
3. Identify the key activities and assets of your lead gen engine, weight attributes, and run tests.

This phase involves the following participants:

• Field Marketing/Campaign Manager
• Product Marketing
• Sales Leadership/Sales Operations
• Inside Sales leadership
• Marketing Operations/IT
• Digital Platform leadership

Step 2.1

Start Building Your Lead Scoring Model

Activities

2.1.1 Understand the Lead Scoring Grid

2.1.2 Identify thresholds

This step will walk you through the following activities:

• Discuss the concept of the thresholds for scoring leads in each of the various states – “ignore,” “nurture,” “qualify,” “send to sales.”
• Open the Lead Scoring Workbook and validate your own states to suit your organization.
• Arrive at an initial set of threshold scores.

This step involves the following participants:

• Stakeholders

Outcomes of this step

• Stakeholder alignment on stages
• Stakeholder alignment on initial set of thresholds

2.1.1 Understand the Lead Scoring Grid

30 minutes

1. Understand how lead scoring works and our grid is constructed.
2. Understand the two important areas of the grid and the concept of how the contact’s scores will increase as follows:
1. Profile – as the profile attributes of the contact approaches that of the ICP we want to score the contact/prospect higher. Note: Step 1.3 walks you through creating your ICP.
2. Engagement – as the contact/prospect engages with the activities (e.g. webinars, videos, events, emails) and assets (e.g. website, whitepapers, blogs, infographics) in our lead generation engine, we want to score the contact/prospect higher. Note: You will describe your engagement activities in this step.
3. Understand how thresholds work:
1. Threshold percentages, when reached, trigger movement of the contact from one state to the next – “ignore,” “nurture,” “qualify with Inside Sales,” and “send to sales.”

2.1.2 Identify thresholds

30 minutes

We have set up a model Lead Scoring Grid – see Lead Scoring Workbook, tab 2, “Identify Thresholds.”

Set your thresholds within the Lead Scoring Workbook:

• Set your threshold percentages for ”Profile” and “Engagement.”
• You will run test scenarios for each in later steps.
• We suggest you start with the example percentages given in the Lead Scoring Workbook and plan to adjust them during testing in later steps.
• Define the “Send to Sales,” “Qualify With Inside Sales,” “Nurture,” and “Ignore” zones.

SoftwareReviews Advisory Insight:

Clarify that all-important threshold for when a lead passes to your expensive and time-starved outbound sellers.

Lead Scoring Workbook

Step 2.2

Identify and Verify Your Ideal Customer Profile and Weightings

Activities

2.2.1 Identify your ideal customer profile

2.2.2 Run tests to validate profile weightings

This step will walk you through the following activities:

• Identify the attributes that compose the ICP.
• Identify the values of each attribute and their weightings.
• Test different contact profile scenarios against what actually makes sense.
• Adjust weightings if needed.

This step involves the following participants:

• Stakeholders

Outcomes of this step

• Stakeholder alignment on ICP
• Stakeholder alignment on weightings given to attributes
• Tested results to verify thresholds and cores

2.2.1 Identify your ideal customer profile

Collaborate with stakeholders to understand what attributes best describe your ICP. Assign weightings and subratings.

2 hours

1. Choose attributes such as job role, organization type, number of employees/potential seat holders, geographical location, interest area, etc., that describe the ideal profile of a target buyer. Best practice sees marketers choosing attributes based on real wins.
2. Some marketers compare the email domain of the contact to a target list of domains. In the Lead Scoring Workbook, tab 3, “Weight and Test,” we provide an example profile for a “Sales Automation Software” ICP.
3. Use the workbook as a template, remove our example, and create your own ICP attributes. Then weight the attributes to add up to 100%. Add in the attribute values and weight them. In the next step you will test scenarios.

SoftwareReviews Advisory Insight:

Marketers who align with colleagues in areas such as Product Marketing, Sales, Inside Sales, Sales Training/Enablement, and Product Managers and document the ICP give their organizations a greater probability of lead generation success.

Lead Scoring Workbook

2.2.2 Run tests to validate profile weightings

Collaborate with stakeholders to run different profile scenarios. Validate your model including thresholds.

SoftwareReviews Advisory Insight:

Keep your model simple in the interest of fast implementation and to drive early learnings. The goal is not to be perfect but to start iterating toward success. You will update your scoring model even after going into production.

2 hours

1. Choose scenarios of contact/lead profile attributes by placing a “1” in the “Attribute” box shown at left.
2. Place your estimate of how you believe the profile should score in the box to the right of “Estimated Profile State.” How does the calculated state, beneath, compare to the estimated state?
3. In cases where the calculated state differs from your estimated state, consider weighting the profile attribute differently to match.
4. If you find estimates and calculated states off dramatically, consider changing previously determined thresholds in tab 2, “Identify Thresholds.” Test multiple scenarios with your team.

Lead Scoring Workbook

Step 2.3

Establish Key Lead Generation Activities and Assets

Activities

2.3.1 Establish activities, attribute values, and weights

2.3.2 Run tests to evaluate activity ratings

This step will walk you through the following activities:

• Identify the activities/asset types in your lead gen engine.
• Weight each attribute and define values to score for each one.
• Run tests to ensure your model makes sense.

This step involves the following participants:

• Stakeholders
• Project sponsors and leaders

Outcomes of this step

• Final stakeholder alignment on which assets compose your lead generation engine
• Scoring model tested

2.3.1 Establish activities, attribute values, and weights

2 hours

1. Catalog the assets and activities that compose your lead generation engine outlined in Activity 1.3.3. Identify their attribute values and weight them accordingly.
2. Consider weighting attributes and values according to how close that asset gets to conveying your ideal call to action. For example, if your ideal CTA is “schedule a demo” and the “click” was submitted in the last seven days, it scores 100%. Take time decay into consideration. If that same click was 60 days ago, it scores less – maybe 60%.
3. Different assets convey different intent and therefore command different weightings; a video comparing your offering against the competition, considered a down funnel asset, scores higher than the company video, considered a top-of-the-funnel activity and “awareness.”

Lead Scoring Workbook

2.3.2 Run tests to validate activity weightings

Collaborate with stakeholders to run different engagement scenarios. Validate your model including thresholds.

SoftwareReviews Advisory Insight:

Use data from actual closed deals and the underlying activities to build your model – nothing like using facts to inform your key decisions. Use common sense and keep things simple. Then update further when data from new wins appears.

2 hours

1. Test scenarios of contact engagement by placing a “1” in the “Attribute” box shown at left.
2. Place your estimate of how you believe the engagement should score in the box to the right of “Estimated Engagement State.” How does the calculated state, beneath, compare to the estimated state?
3. In cases where the calculated state differs from your estimated state, consider weighting the activity attribute differently to match.
4. If you find that the estimates and calculated states are off dramatically, consider changing previously determined thresholds in tab 2, “Identify Thresholds.” Test multiple scenarios with your team.

Lead Scoring Workbook

Phase 3

Apply Your Model to Marketing Apps and Go Live With Better Qualified Leads

This phase will walk you through the following activities:

1. Apply model to your marketing management/campaign management software.
2. Get better qualified leads in the hands of sellers.
3. Apply lead nurturing and other advanced methods.

This phase involves the following participants:

• Field Marketing/Campaign Manager
• Sales Leadership/Sales Operations
• Inside Sales leadership
• Marketing Operations/IT
• Digital Platform leadership

Step 3.1

Apply Model to Your Marketing Management Software

Activities

3.1.1 Apply final model to your lead management software

This step will walk you through the following activities:

• Apply the details of your scoring model to the lead management software.

This step involves the following participants:

• Stakeholders
• Project sponsors and leaders

Outcomes of this step

• Marketing management software or campaign management application is now set up/updated with your lead scoring approach.

3.1.1 Apply final model to your lead management software

Now that your model is complete and ready to go into production, input your lead scoring parameters into your lead management software.

3 hours

1. Go to the Lead Scoring Workbook, tab 4, “Model Summary” for a formatted version of your lead scoring model. Double-check print formatting and print off a copy.
2. Use the copy of your model to show to prospective technology providers when asking them to demonstrate their lead scoring capabilities.
3. Once you have finalized your model, use the printed output from this tab to ease your process of transposing the corresponding model elements into your lead management software.

Lead Scoring Workbook

Step 3.2

Test the Quality of Sales-Accepted Leads

Activities

3.2.1 Achieve sales lead acceptance

3.2.2 Measure and optimize

This step will walk you through the following activities:

• Suggest that the Inside Sales and Field Sales teams should assess whether to sign off on quality of leads received.
• Campaign managers and stakeholders should now be able to track lead status more effectively.

This step involves the following participants:

• Stakeholders
• Project sponsors and leaders

Outcomes of this step

• Sales leadership should be able to sign off that leads are better qualified.
• With marketing pipeline analytics in place, campaigners can start to measure lead flow and conversion rates.

3.2.1 Achieve sales lead acceptance

Collaborate with sellers to validate your lead scoring approach.

1 hour

1. Gather a set of SQLs – leads that have been qualified by Inside Sales and delivered to Field Sales. Have Field Sales team members convey whether these leads were properly qualified.
2. Where leads are deemed not properly qualified, determine if the issue was a) a lack of proper qualification by the Inside Sales team, or b) the lead generation engine, which should have further nurtured the lead or ignored it outright.
3. Work collaboratively with Inside Sales to update your lead scoring model and/or Inside Sales practice.

SoftwareReviews Advisory Insight:

Marketers that collaborate with Sales – and in this case, a group of sellers as a sales advisory team – well in advance of sales acceptance to design lead scoring will save time during this stage, build trust with sellers, and make faster decisions related to lead management/scoring.

3.2.2 Measure and optimize

Leverage analytics that help you optimize your lead scoring methodology.

Ongoing

1. Work with Marketing Ops/IT team to design and implement analytics that enable you to:
2. Meet frequently with your stakeholder team to review results.
3. Learn from the wins: see how they actually scored and adjust thresholds and/or asset/activity weightings.
4. Learn from losses: fix ineffective scoring, activities, assets, form-fill strategies, and engagement paths.
5. Test from both wins and losses if demographic weightings are delivering accurate scores.
6. Analyze those high scoring leads that went right to sellers but did not close. This could point to a sales training or enablement challenge.

Analytics will also drive additional key insights across your lead gen engine:

• Are volumes increasing or decreasing? What percentage of leads are in what status (A1-D4)?
• What nurturing will re-engage stalled leads that score high in profile but low in engagement (A3, B3)?
• Will additional profile data capture further qualify leads with high engagement (C1, C2)?
• And beyond all of the above, what leads move to Inside Sales and convert to SQLs, opportunities, and eventually marketing-influenced wins?

Step 3.3

Apply Advanced Methods

Activities

3.3.1 Employ lead nurturing strategies

3.3.2 Adjust your model over time to accommodate more advanced methods

This step will walk you through the following activities:

• Apply lead nurturing to your lead gen engine.
• Adjust your engine over time with more advanced methods.

This step involves the following participants:

• Stakeholders
• Project sponsors and leaders

Outcomes of this step

• Marketers can begin to test lead nurturing strategies and other advanced methods.

3.3.1 Employ lead nurturing strategies

A robust content marketing competence with compelling assets and the capture of additional profile data for qualification are key elements of your nurturing strategy.

SoftwareReviews Advisory Insight:

Nurturing success combines the art of crafting engaging copy/experiences and the science of knowing just where a prospect is within your lead gen engine. Great B2B marketers demonstrate the discipline of knowing when to drive engagement and/or additional profile attribute capture using intent while not losing the prospect to over-profiling.

Ongoing

1. The goal of lead nurturing is to move the collection of contacts/leads that are scoring, for example, in the A3, B3, C1, C2, and C3 cells into A2, B2, and B1 cells.
2. How is this best done? To nurture leads that are A3 and B3, entice the prospect with engagement that leads to the bottom of funnel – e.g. “schedule a demo” or “schedule a consultation” via a compelling asset. See the example on the following slide.
3. To nurture C1 and C2, we need to qualify them further, so entice with an asset that leads to deeper profile knowledge.
4. For C3 leads, we need both profile and activity nurturing.

Lead nurturing example

SoftwareReviews Advisory Insight:

When nurturing, choose/design content as to what “intent” it satisfies. For example, a head-to-head comparison with a key competitor signals “Selection” phase of the buyer journey. Content that helps determine what app-type to buy signals “Solution”. A company video, or a webinar replay, may mean your buyer is “educating themselves.

3.3.2 Adjust your model over time to accommodate more advanced methods

When getting started or within a smaller marketing team, focus on the basics outlined thus far in this blueprint. Larger and/or more experienced teams are able to employ more advanced methods.

Ongoing

Advanced Methods

• Invest in technologies that interpret lead scores and trigger next-step actions, especially outreach by Inside and/or Field Sales.
• Use the above to route into nurturing environments where additional engagement will raise scores and trigger action.
• Recognize that lead value decays with time to time additional outreach/activities and to reduce lead scores over time.
• Always be testing different engagement, copy, and subsequent activities to optimize lead velocity through your lead gen engine.
• Build intent sensitivity into engagement activities; e.g. test if longer demo video engagement times imply ”contact me for a demo” via a qualification outreach. Update scores manually to drive learnings.
• Vary engagement paths by demographics to deliver unique digital experiences. Use firmographics/email domain to drive leads through a more tailored account-based marketing (ABM) experience.
• Reapply learnings from closed opportunities/wins to drive updates to buyer journey mapping and your ICP.

Frequently used acronyms

Works cited

Arora, Rajat. “Mining the Real Gems from you Data – Lead Scoring and Engagement Scoring.” LeadSquared, 27 Sept. 2014. Web.

Doyle, Jen. “2012 B2B Marketing Benchmark Report: Research and insights on attracting and converting the modern B2B buyer.” MarketingSherpa, 2012. Web.

Doyle, Jen, and Sergio Balegno. “2011 MarketingSherpa B2B Marketing Benchmark Survey: Research and Insights on Elevating Marketing Effectiveness from Lead Generation to Sales Conversion.” MarketingSherpa, 2011.

Kirkpatrick, David. “Lead Scoring: CMOs realize a 138% lead gen ROI … and so can you.” marketingsherpa blog, 26 Jan 2012. Web.

Moser, Jeremy. “Lead Scoring Is Important for Your Business: Here’s How to Create Scoring Model and Hand-Off Strategy.” BigCommerce, 25 Feb. 2019. Web.

Strawn, Joey. “Why Lead Scoring Is Important for B2Bs (and How You Can Implement It for Your Company.” IndustrialMarketer.com, 17 Aug. 2016. Web.