Align Projects With the IT Change Lifecycle

Increase the success of your changes by integrating project touchpoints in the change lifecycle.

Analyst Perspective

Executive Summary

Info-Tech Insight

Improvement can be incremental. You do not have to adopt every recommended improvement right away. Ensure every process change you make will create value, and slowly add improvements to ease buy-in.

Info-Tech’s approach

Use the change lifecycle to identify touchpoints.

The Info-Tech difference:

1. Start with your change lifecycle to define how change control can align with project management.
2. Make improvements to project-change alignment to benefit the relationship between the two practices and the practices individually.
3. Scope the alignment to your organization. Take on the improvements to the left one by one instead of overhauling your current process.

Use this research to improve your current process

This deck is intended to align established processes. If you are just starting to build IT change processes, see the related research below.

Successful change management will provide benefits to both the business and IT

Respond to business requests faster while reducing the number of change-related disruptions.

IT satisfaction with change management will drive business satisfaction with IT. Once the process is working efficiently, staff will be more motivated to adhere to the process, reducing the number of unauthorized changes. As fewer changes bypass proper evaluation and testing, service disruptions will decrease and business satisfaction will increase.

Change management improves core benefits to the business: the four Cs

Most organizations have at least some form of change control in place, but formalizing change management leads to the four Cs of business benefits:

1. Alignment at intake

Define what is a change and what is a project.

Both changes and projects will end up in change control in the end. Here, we define the intake.

Changes and projects will both go to change control when ready to go live. However, defining the governance needed at intake is critical.

A change should be governed by change control from beginning to end. It would typically be less than a week’s worth of work for a SME to build and come in at a nominal cost (e.g. <$20k over operating costs).

Projects on the other hand, will be governed by project management in terms of scope, scheduling, resourcing, etc. Projects typically take over a week and/or cost more. However, the project, when ready to go live, should still be scheduled through change control to avoid any conflicts at implementation. At triage and intake, a project can be further scoped based on projected scale.

This initial touchpoint between change control and project management is crucial to ensure tasks and request are executed with the proper governance. To distinguish between changes and projects at intake, list examples of each and determine what resourcing separates changes from projects.

Need help scoping projects? Download the Project Intake Classification Matrix

Info-Tech Insight

While effort and cost are good indicators of changes and projects, consider evaluating risk and complexity too.

1 Define what constitutes a change

1. As a group, brainstorm examples of changes and projects. If you wish, you may choose to also separate out additional request types such as service requests (user), operational tasks (backend), and releases.
2. Have each participant write the examples on sticky notes and populate the following chart on the whiteboard/flip chart.
3. Use the examples to draw lines and determine what defines each category.

• What makes a change distinct from a project?
• What makes a change distinct from a service request?
• What makes a change distinct from an operational task?
• When do the category workflows cross over with other categories? (For example, when does a project interact with change management?

Download the Change Management Standard Operating Procedure (SOP).

2. Alignment at build and test

Keep communications open by pre-defining and communicating project milestones.

CAB touchpoints

Consistently communicate the plan and timeline for hitting these milestones so CAB can prioritize and plan changes around it. This will give change control advanced notice of altered timelines.

RFCs

Projects may have multiple associated RFCs. Keeping CAB appraised of the project RFC or RFCs gives them the ability to further plan changes.

Change Calendar

Query and fill the change calendar with project timelines and milestones to compliment the CAB touchpoints.

Leverage the RFC to record and communicate project details

The request for change (RFC) form does not have to be a burden to fill out. If designed with value in mind, it can be leveraged to set standards on all changes (from projects and otherwise).

When looking at the RFC during the Build and Test phase of a project, prioritize the following fields to ensure the implementation will be successful from a technical and user-adoption point of view.

Filling these fields of the RFC and communicating them to the CAB at go-live approval gives the approvers confidence that the project will be implemented successfully and measures are known for when that implementation is not successful.

Download the Request for Change Form Template

Provide clear definitions of what goes on the change calendar and who’s responsible

Inputs

• Freeze periods for individual business departments/applications (e.g. finance month-end periods, HR payroll cycle, etc. – all to be investigated)
• Maintenance windows and planned outage periods
• Project schedules, and upcoming major/medium changes
• Holidays
• Business hours (some departments work 9-5, others work different hours or in different time zones, and user acceptance testing may require business users to be available)

Guidelines

• Business-defined freeze periods are the top priority.
• No major or medium normal changes should occur during the week between Christmas and New Year’s Day.
• Vendor SLA support hours are the preferred time for implementing changes.
• The vacation calendar for IT will be considered for major changes.
• Change priority: High > Medium > Low.
• Minor changes and preapproved changes have the same priority and will be decided on a case-by-case basis.

Roles

• The Change Manager will be responsible for creating and maintaining a change calendar.
• Only the Change Manager can physically alter the calendar by adding a new change after the CAB has agreed upon a deployment date.
• All other CAB members, IT support staff, and other impacted stakeholders should have access to the calendar on a read-only basis to prevent people from making unauthorized changes to deployment dates.

Info-Tech Insight

Make the calendar visible to as many parties as necessary. However, limit the number of personnel who can make active changes to the calendar to limit calendar conflicts.

3. Alignment at approval

How can project management effectively contribute to CAB?

As optional CAB members

Project SMEs may attend when projects are ready to go live and when invited by the change manager. Optional members provide details on change cross-dependencies, high-level testing, rollback, communication plans, etc. to inform prioritization and scheduling decisions.

As project management representatives

Project management should also attend CAB meetings to report in on changes to ongoing projects, implementation timelines, and project milestones. Projects are typically high-priority changes when going live due to their impact. Advanced notice of timeline and milestone changes allow the rest of the CAB to properly manage other changes going into production.

As core CAB members

The core responsibilities of CAB must still be fulfilled:

1. Protect the live environment from poorly assessed, tested, and implemented changes.

2. Prioritize changes in a way that fairly reflects change impact, urgency, and likelihood.

3. Schedule deployments in a way the minimizes conflict and disruption.

If you need to define the authority and responsibilities of the CAB, see Activity 2.1.3 of the Optimize IT Change Management blueprint.

4. Alignment at implementation

At this stage, the project or project phase is treated as any other change.

If you need to define transitioning changes to production, download Transition Projects to the Service Desk

5. Alignment at post-implementation

Tackle the most neglected portion of change management to avoid making the same mistake twice.

1. Define RFC statuses that need a PIR

Conduct PIRs for failed changes. Successful changes can simply be noted and transitioned to operations.

2. Conduct a PIR for every failed change

It’s best to perform a PIR once a change-related incident is resolved.

3. Avoid making the same mistake twice

Include a root-cause analysis, mitigation actions/timeline, and lessons learned in the documentation.

4. Report to CAB

Socialize the findings of the PIR at the subsequent CAB meeting.

5. Circle back on previous PIRs

If a similar change is conducted, append the related PIR to avoid the same mistakes.

Info-Tech Insight

Include your PIR documentation right in the RFC for easy reference.

Download the RFC template for more details on post-implementation reviews

2 Implement your alignments stepwise

1. As a group, decide on which implementations you need to make to align change management and project management.
2. For each improvement, list a timeline for implementation.
3. Update section 3.5 in the Change Management Standard Operating Procedure (SOP). to outline the responsibilities of project management within IT Change Management.

Download the Change Management Standard Operating Procedure (SOP).

Related Info-Tech Research

Build an ITSM Tool Implementation Plan

Plan ahead with a step-by-step approach to ensure the tool delivers business value.

EXECUTIVE BRIEF

Analyst perspective

Take control of the wheel or you might end up in a ditch.

An ITSM tool implementation is a complex project with direct impact on IT’s ability to support the business. With that level of risk, you need to take control early on.

Yes, your vendor will support or execute the technical implementation, but they depend on you to tell them how to configure ITSM parameters and workflows that affect user interface, the ability to manage incidents, and governance over assets and IT changes.

If you leave the configuration completely to the vendor, at best you might get the same setup as in your old tool (and not realize the benefits that leadership is expecting). At worst you end up with default values that don’t fit your process needs, i.e., confusion and not realizing expected benefits.

A successful implementation requires early planning from a wide range of resources including ITSM tool experts (supported by the vendor), process experts, and a project manager to methodically step through the hundreds of parameters you will need to define before implementation.

Frank Trovato
Research Director, Infrastructure and Operations
Info-Tech Research Group

Executive Summary

Info-Tech Insight

As with any large project, a key step is tackling it one bite at a time – but also understanding the size of the whole meal. This is where organizations often fail with ITSM implementations: not understanding upfront the volume of work required for a successful implementation.

Your Challenge

Organizations implementing a new ITSM tool often face these pitfalls:

• Selecting the Wrong Resources: You need ITSM technology and process experts, because this is not just a technology project but also a process improvement opportunity. You will need to configure ITSM parameters and workflows in the new tool – which directly affects processes. Take advantage of that opportunity to fix pain points. For example, if your existing ticket categories are not effective, implement a better categorization scheme rather than just configure the same old, ineffective scheme.
• Over-Reliance on the Vendor to Optimize Your Tool: Yes, the vendor will typically install and set up the tool but they will not fix your processes for you. On installation day, if you are not prepared with the categories, ticket templates, and so on that you wish to configure, your vendor will just go with the default or migrate your old parameters from your old ITSM tool.
• Not Preparing for Data Migration: Data migration is complex. You need to determine what data to migrate, if any, and how that data will be mapped to the new environment. That takes planning and must be defined well before the vendor is ready to implement your tool.
• Insufficient IT and End-User Training: A link to the ITSM tool manual is not enough. Staff and users need training on how your processes will be executed in the new tool.

A survey of implementation challenges for ServiceNow’s customers

26% Resistance to change

43% Lacked a clear roadmap

38% Planning for resources

Source: Acorio, 2019

Info-Tech’s approach

Divide the implementation project into controllable phases for an effective implementation.

STOP: Use this blueprint after you have selected an ITSM solution

Leverage our SoftwareReviews service and related blueprints to assist with ITSM tool selection, and then use this blueprint to plan the implementation.

Info-Tech’s methodology to build an ITSM Tool Implementation Plan

Insight summary

Blueprint deliverables

This blueprint includes tools and templates to help you accomplish your goals:

ITSM Tool Implementation Checklist Identify the most common decisions you will need to make and prepare for your implementation project.	ITSM Tool Project Charter Template Review and edit the template to suit your project requirements
	ITSM Tool Deployment Plan Template Prioritize and prepare tool rollout plan
	ITSM Tool Training Schedule Use the checklist to create your new tool training roadmap

Blueprint benefits

Measured value from using this blueprint

Use this guide as an example to calculate your total cost savings from the ITSM tool implementation project.

Info-Tech offers various levels of support to best suit your needs

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is between 6 to 8 calls over the course of 3 to 6 months.

Phase 1

Identify Stakeholders, Scope, and Preliminary Timeline

This phase will walk you through the following steps:

1. Define scope
2. Define roles and responsibilities
3. Identify preliminary timeline

Step 1.1

Define scope

Activities

This step will walk you through the following activities:

• Define the scope of the implementation project
• Establish the future processes and functionalities the tool will support

This step involves the following participants:

• CIO
• IT Director/Manager
• Service Manager
• Project Manager and the project team

Outcomes of this step

• Specifying the implementation project
• Identifying the business units that are needed to support the project
• Defining the ongoing and future service management processes the tool will support

1.1.1 Use the Project Charter Template to capture scope, stakeholders, and timeline as outlined in Phase 1

Follow the instructions in Phase 1 (step 1.1, 1.2, and 1.3) to gather information needed to create a project charter to define project parameters.

Specific subsections are listed below and described in more detail in the remainder of this phase.

1. Project Overview: Includes deliverables, scope, milestones, and success metrics.
2. Governance and Management: Includes roles, responsibilities, and resource requirements.
3. Project Risks, Assumptions, and Constraints: Includes risks and mitigation strategies as well as any assumptions and constraints.
4. Project Sign-Off: Includes IT and executive sign-off (if required).

Download the ITSM Tool Implementation Project Charter Template

1.1.2 Leverage the Implementation Checklist to guide your preparation

The checklist tabs align to each phase of this blueprint.

• Phase 1 (Tab 1) – Identify Stakeholders, Scope, and Preliminary Timeline
• Phase 2 (Tab 2) – Prepare to Implement Incident Management and Service Request Modules
• Phase 3 (Tabs 3+4) – Prepare to Implement Additional ITSM Modules (e.g. Change Management)
• Phase 4 (deployment section in each tab) – Create a Deployment Plan (Communication, Training, Rollout)

Download the ITSM Tool Implementation Checklist

1.1.3 Review goals that drove the ITSM tool purchase

Identify the triggers for the selection and implementation of your new ITSM tool.

Whether this is your first ITSM tool or a replacement for your old tool, the project was likely triggered by pain points that must be addressed by the new tool to improve your service desk. Having a clear understanding of these pain points throughout the implementation of your new tool will help to prevent them from reoccurring.

Common ITSM pain points include:

1. Poor communication with end users on ticket status.
2. Lack of SLA automation to escalate issues to the appropriate channels.
3. Poor self-service options for end users to perform simple requests on their own.
4. Undeveloped knowledgebase for users to find answers to common issues.
5. Lack of reporting or mistrust in reporting data.
6. Lack of automation, including ticket templates.
7. Overcomplicated ticket categories resulting in categories being misused.
8. Overconfiguration prevents future upgrades.
9. Lack of integration with other tools.

If you haven't already selected an ITSM tool, leverage the IT Service Management Selection Guide to select the right tool.

Download the IT Service Management Selection Guide

1.1.4 Plan to interview staff to support organizational change management

Identify challenges with the existing tool and processes as well as potential objections to the new tool.

Incorporate this feedback in the implementation to drive buy-in and a successful rollout.

Implementing a new ITSM tool will force changes in how IT staff do their work:

• At a minimum, it means learning a new interface.
• It could also mean leveraging features that improve IT operations but could change the process or tasks for the staff.
• Their input on the current tool and process challenges can be critical for the project.
• Solving at least some of their challenges can help bring them onboard to use this tool properly and follow associated process changes.

Info-Tech Insight

Keep management in the loop through every stage of the implementation process. They are the ones who are paying for the software, so they need to be informed throughout implementation and feel that their needs and feedback are being heard to prevent pushback further into the implementation.

1.1.5 Identify the modules and features you will plan to implement

Consider these factors when deciding what modules and features you want to implement:

• Specific ITSM modules based on the recommended order and any unique business requirements
• Key features that drove the tool purchase and address key issues
• High-level process changes needed to address challenges and realize expected benefits from the new ITSM tool (e.g. if a key goal was automated ticket routing based on categories, then the project needs to include developing a good categorization scheme)

Recommended order for implementation:

1. Incident Management and Service Request

This is the core of service management and typically has the highest impact on the organization. Include knowledgebase development as part of this implementation.

2. Change Management

A foundational component of service management, it allows organizations to minimize disruptions to IT services when making changes to services and critical systems.

3. Asset Management

A foundational component of service management, it allows organizations to track their assets’ locations, how they are used, and when changes are made to them.

1.1.6 Determine if data migration is required

If you are switching from a previous ITSM tool, carefully weigh the pros and cons as well as the necessity of migrating historical transactional data before deciding to import it into the new tool.

Importing your old transactional data will allow you to track metrics over time, which can be valuable for data analysis and reporting purposes.

However, ask yourself what the true value of your data is before you import it.

You will not get value out of migrating the old data if:

• You have incomplete or inaccurate data (a high percentage of incidents did not have tickets created in the old system).
• The categorization of your old tickets was not useful or was used inconsistently.
• You plan on changing the ticket categorization in the new system.

“Don’t debate whether you can import your old data until you’ve made sure that you should.”

– Barry Cousins, Practice Lead at Info-Tech Research Group

Info-Tech Insight

If you decide to migrate your data, keep in mind that it can be a complex process and proper time should be budgeted for planning, structuring the data, and importing and testing it.

Step 1.2

Define roles and responsibilities

Activities

This step involves the following participants:

• CIO
• IT Director/Manager
• Service Manager
• Project Manager and the project team

Outcomes of this step

• Decision on whether to hire professional services for the implementation
• Clearly defined roles and responsibilities for the project

1.2.1 Identify key internal roles and responsibilities

Review the tasks outlined in the Implementation Checklist to help you identify appropriate roles and specific staff that will be needed to execute this project.

RACI = Responsible, Accountable, Consulted, and Informed

Assign individuals to roles through each step of the implementation project in the governance and management chart in the Project Charter Template.

Download the Project Charter Template

1.2.2 Key external roles and responsibilities

Determine whether you will engage professional services for the implementation.

Step 1.3

Identify preliminary timeline

Activities

This step involves the following participants:

• CIO
• IT Director/Manager
• Service Manager
• Project Manager and the project team

Outcomes of this step

• Specifying the target dates for the implementation project

1.3.1 Identify preliminary internal target dates

Identify high-level start and end dates based on the following:

• Existing process maturity
• Process changes required (to address process issues or to realize targeted benefits from the new tool)
• Data migration requirements (if any)
• Information to prepare for the implementation (review the Checklist Tool)
• Vendor availability to support implementation
• Executive mandates that have established specific milestone dates

Create an initial project schedule:

• Review the remaining phases of this blueprint for more details on the implementation planning steps.
• Review and update the Checklist Tool to suit your implementation goals and requirements.
• Assign task owners and target dates in the Checklist Tool.

Note: This is a preliminary schedule. Monitor progress as well as requirement changes, and adjust the scope or schedule as needed.

Update the columns in the Checklist Tool to plan and keep track of your implementation project.

1.3.2 Identify target dates for vendor involvement

Plan when you'll be ready for the vendor and identify the key points for when the vendor will come in.

Are dates already scheduled for tool installation/configuration/customization?

If yes:

• Clarify vendor expectations for those target dates (i.e. what do you have to have prepared in advance?).
• Determine options to adjust dates if needed.

If no:

• Defer scheduling until you have reviewed and updated the Implementation Checklist. The checklist will help you determine your readiness for vendor involvement.

Consider if the vendor will implement the ITSM tool in one go or if they will help setup the tool in stages. Keep in mind that ITSM implementation projects typically take anywhere from 9 weeks to 16 months and plan accordingly depending on the maturity of your processes and the modules and features you plan to implement.

Use your internal target dates to estimate when you'll be ready for the vendor to set up the tool and implement the setting that you've defined.

Phase 2

Prepare to Implement Incident Management and Service Request Modules

This phase will walk you through the following steps:

• Review your existing solution and challenges
• Plan ticket management and workflow implementation
• Plan data migration, knowledgebase setup, and integrations
• Plan the module rollout

Additional Info-Tech Research

The Implementation Checklist Tool summarizes what you need to prepare for the implementation. If you need more assistance with developing the underlying ITSM processes, use the tools, templates, and guidance in these blueprints.

Standardize the Service Desk

Build core elements of service desk operations, including incident management and service request workflows, ticket categorization schemes, and ticket prioritization rules.

Optimize the Service Desk With a Shift-Left Strategy

Implement tools such as an improved knowledgebase and self-service portal to enable lower tier support staff and end users to resolve incidents or fulfill service requests.

Incident and Problem Management

Develop a critical incident management workflow and create standard operating procedures for problem management.

Step 2.1

Review your existing solution and challenges

Activities

This step involves the following participants:

1. Service Manager and Service Desk Team
2. Project Manager and Core Project Team
3. Subject Matter Experts and Tool Administrator, if applicable

2.1.1 Configure your tool, don’t customize it

Your tool may require at least some basic configurations to align with your processes, but in most cases customization of the tool is not recommended.

Case Study

Consider the consequences of over-customizing your solution.

INDUSTRY: Education

SOURCE: IT Director

2.1.2 Review your existing process to identify opportunities for improvement

Documenting your existing processes is an effective method for also reviewing those processes and identifying inefficiencies. Take advantage of this project to fix your process issues.

1. Document your existing workflows for incident management and service requests.
2. Review your workflows to identify opportunities to optimize through process refinement (e.g. clarifying escalation guidelines) or by leveraging features in your new ITSM tool (e.g. improved workflow automation).
3. Similarly, review the challenges identified through stakeholder interviews: is there an opportunity address those challenges through process changes or leveraging your new ITSM tool?
4. Address those challenge and issues as you execute the tasks outlined in the Implementation Checklist Tool. For example, if inconsistent ticket routing was identified as a challenge due to a vague categorization scheme, that’s a driver to review and update your scheme rather than just carry forward your existing scheme.

Regardless of your existing ITSM maturity, this is an opportunity to review and optimize existing processes. Even the most-mature organizations can typically find an area to improve.

Case Study

Reviewing and defining processes before the implementation can be a project in itself.

INDUSTRY: Defense

SOURCE: Anonymous

Step 2.2

Plan ticket management and workflow implementation

Activities

This step involves the following participants:

1. Service Manager and Service Desk Team
2. Project Manager and Core Project Team
3. Subject Matter Experts and Tool Administrator, if applicable

Outcomes of this step

Tool is designed and configured to support service desk processes and organization needs.

Checklist overview

The ITSM Tool Implementation Checklist will help you estimate resources required to support demand, based on your ticket volume.

TAB 2	TAB 3	TAB 4
Incident and Service Modules Checklist	Change Management Modules	Asset Management Modules

How to follow this section:

The following slides contain a table that explains why each task in the module matters and what needs to be considered. Complete the checklist modules referring to this section.

2.2.1 Define ticket classification values

Ticket classification improves reporting, workflow automation, and problem identification.

Review your existing ticket classification values to identify what to carry forward, drop, or change. For example, if your categorization scheme has become too complex, this is your opportunity to fix it; don’t perpetuate ineffective classification in the new tool.

2.2.2 Define ticket templates for common incident types and service requests

Ticket templates are the backbone of automation. A common complaint is that tickets take too much time. However, a little planning can reduce the time it takes to create a ticket to less than a minute.

2.2.3 Plan your ticket intake channels

Consider possible ticket intake channels and evaluate their relevance to your organization.

2.2.4 Design a self-service portal

Map your processes to the tool by defining your ticket input, categories, escalations, and workflows.

Don’t forget about the client-facing side of the solution. It is important to build a self-serve portal that has an easy-to-use interface where the user can easily find the category for the help they’re looking for. It is also necessary to educate the users on where to find the portal or how to access it.

2.2.5 Plan your knowledgebase (KB) implementation in the new tool

Evaluate how onerous KB migration will be for you. Is this an opportunity to improve how the KB is organized?

2.2.6 Design your ticket status notification processes and templates

2.2.7 Identify required user accounts, access levels, and skills/service groups

2.2.8 Review and update your workflows and escalation rules

2.2.9 Identify desired reporting and relevant metrics to track

Documentation of key metrics of service desk performance and end-user satisfaction that you wish to improve through the new solution is key to evaluate the success of your implementation.

Step 2.3

Plan data migration and integrations

Activities

This step involves the following participants:

1. Service Manager and Service Desk Team
2. Project Manager and Core Project Team
3. Subject Matter Experts and Tool Administrator, if applicable

Outcomes of this step

• Decisions made around data migration, integrations, automation, and reporting.
• ITSM Tool Implementation Checklist

2.3.1 Create a data migration and archiving plan

2.3.2 Identify and plan required integrations

Consider and plan for any necessary integrations with other systems.

A major component of the implementation that should be carefully considered throughout is if and how to integrate your ITSM tool with other applications in the environment.

Step 2.4

Plan the module rollout

Activities

This step involves the following participants:

1. Service Manager and Service Desk Team
2. Project Manager and Core Project Team
3. Subject Matter Experts and Tool Administrator, if applicable

Outcomes of this step

Identify and plan for additional modules and features to be implemented

2.4.1 Repeat the methodology for additional ITSM modules, using the Checklists as a guide

The preparation completed in Phase 1 and 2 to this point provide a foundation for additional ITSM modules.

This blueprint starts with the incident management and service request modules as those are typically implemented first since they are the most impactful to day-to-day IT service management.

In addition, the methodology outlined in Phase 1 and 2 to this point provides a model to follow for additional ITSM modules:

• If you did not already account for additional modules in Phase 1, then repeat the steps in Phase 1 to define scope, stakeholders, and timeline.
• The Implementation Checklist Tool provides tabs for Change Management and Asset Management to outline the specific details for those topic areas, but they follow the same high-level steps as Phase 2 (e.g. review existing processes, design relevant workflows).
• If you are planning to implement other modules (e.g. Problem Management), create additional tabs in the Implementation Checklist Tool as needed, using the existing tabs as a base.

2.4.2 Leverage these blueprints to help you implement change and asset management modules

The Implementation Checklist Tool summarizes what you need to prepare for the implementation. If you need more assistance with developing the underlying ITSM processes, use the tools, templates, and guidance in the blueprints below.

Optimize IT Change Management

Define change management workflows, key roles, and supporting elements such as request-for-change forms based on best practices.

Implement Hardware Asset Management

Create an SOP and associated process workflows to streamline and standardize hardware asset management.

Implement Software Asset Management

Build on a strong hardware asset management program to also properly track and manage software assets. This includes managing software licensing, finding opportunities to reduce costs, and improving your software audit readiness.

Phase 3

Create a Deployment Plan (Communication, Training, Rollout)

This phase will walk you through the following steps:

1. Create a communication plan (for IT, users, and business leaders)
2. Create a training plan
3. Plan how you will deploy, monitor, and maintain the solution

ITSM Tool Training Schedule		ITSM Tool Deployment Plan Template
Use the template to document and plan the communications and training needs prior to deployment of the new tool.		Use the deployment plan template to document the strategy and decisions made for making the transition to the new ITSM tool.
	Download the ITSM Tool Training Schedule		Download the ITSM Tool Deployment Plan Template

Step 3.1

Create a communication plan (for IT, users, and business leaders)

Activities

This step involves the following participants:

1. CIO/IT Director
2. IT Manager
3. Service Manager

Outcomes of this step

Plan for communicating the change with business executives, service desk agents, and end users.

3.1.1 Ensure there is strong communication from management throughout the implementation and deployment

A common contributing factor for unsuccessful implementation is a lack of communication around training, transitioning, and deploying the new tool.

Common Pitfall:

Organizational communication and change management should have been ongoing and tightly monitored throughout the project. However, cut-over is a time in which critical communication regarding deployment and proper user training can be derailed when last-minute preparations take priority. Not only will general user frustration increase, but unintended process workarounds will emerge, eroding system effectiveness.

Mitigating Actions:

Deliver training for end users that will be engaged in testing. For all other users, deliver training prior to go-live to avoid the risk of training too early (where materials may not be ready or users are likely to forget what was learned). If possible, host quick refresher training a week or two prior to go-live.

Aim to communicate the upcoming go-live. The purpose of communication here is to reiterate expectations, complexities, and ramifications on business going forward. Alleviate performance anxiety by clearly stating that temporary drops in productivity are to be expected and that there will be appropriate assistance throughout the transition period.

Transition: Have the project/program manager remain on the project team for some time after deployment to oversee and assure smooth transition for the organization.

Complete training: Have a clear plan for training those users that were missed in the first round of training as well as a plan for ongoing training for those that require refresher training, for new joiners to your organization, and for any training requirements that result from subsequent upgrades.

3.1.2 Base your communications timeline on a classic change curve

It’s important to communicate the change ahead of the implementation, but also to reinforce that communication after implementation to recover from any resistance that occurs through the implementation itself.

Stages in a typical change curve:

1. Change is announced. Some people are skeptical and resistant, but others are enthusiastic. Most people are fence sitters; if they trust senior leadership, they will give the benefit of the doubt and expect change to be good.
2. Positive sentiment declines as implementation approaches. Training and other disruptions take people’s time and energy away from their work. Project setbacks and delays take credibility away from project leaders and seem to validate the efforts of saboteurs and skeptics.
3. Overall sentiment begins to improve as people adjust and see real progress made. Ideally, early successes or quick wins neutralize saboteurs and convert skeptics. At the very least, people will begin to accept and adapt to new realities.
4. If the project is successful and communication is reinforced after implementation, sentiment will peak and level out over time as people move on to other projects.

1. Honeymoon of “Uninformed Optimism”: Tentative support and enthusiasm for change before people have really felt or understood what it involves.
2. Backlash of “Informed Pessimism” (leading to “Valley of Despair”): People realize they’ve overestimated the benefits (or how soon they’ll be achieved) and underestimated the difficulty of change.
3. Valley of Despair and beginning of “Hopeful Realism”: Sentiment bottoms out and people begin to accept the difficulty (or inevitability) of change.
4. Bounce of “Informed Optimism”: More optimism and support when people begin to see bright spots and early successes.
5. Contentment of “Completion”: Change has been successfully adopted and benefits are being realized.

3.1.3 Communicate new processes

1. Communicate with business unit leaders and users:

• Focus on the benefits for end users to encourage buy-in for the change.
• Include preliminary instructions with a date for training sessions.

• Teach users how to contact the service desk and submit a ticket.
• Set expectations for IT’s response.
• Record all your training sessions so it can used for recursive training.

• IT must point users toward the new process, but ad hoc requests should still be expected at first. Deal with these politely but encourage all employees to use the new service desk ticketing process, if applicable.

• Continue to adjust communications if processes aren’t being followed to ensure SLAs can be met and improved.

“Communicate with your end users in phase 1 to let them know what will be changing, get feedback and buy-in, and inform them that training will be happening, then ensure you train them once the tool is installed. A lot of times we’ll get our tool set up but people don’t know how to use it."

– Director of ITSM Tools

Info-Tech Insight

If there is a new process for ticket input, consider using a reward system for users who submit a ticket through the proper channel ;(e.g. email or self-serve portal) instead of their old method (e.g. phone). However, if a significant cultural change is required, don’t expect it to happen right away.

Step 3.2

Create a training plan

Activities

This step involves the following participants:

• IT Director
• Project Manager
• Service Desk Manager

Outcomes of this step

• Training modules for different users of the tool.
• Assignment of training modules to users and schedule for completion.

3.2.1 Target training session(s) to the specific needs of your service desk and IT staff

Create targeted role-based training programs for your service desk analysts; they care about the portion of the solution they are responsible for, not the functionality that is irrelevant to their job.

Create and execute a role-based training program by conducting training sessions for targeted groups of users, training them on the functions they require to perform their jobs.

Use a table like this one to help identify which roles should be trained on which tasks within the ITSM tool.

The need for targeted training:

• IT personnel may challenge the need for training. They may feel they don’t require training on the use of tools or that they don’t have time to dedicate to training when there is so much work to be done.
• Providing targeted training focused on only the functions of the solution that each tier is responsible for can help to overcome that resistance.
• Targeted training may include basic training for level 1 technicians and more advanced in-depth training for administrators, power users, or level 2/3 technicians.

Info-Tech Insight:

Properly trained users promote adoption and improve results. Always keep training materials updated and available. New employees, new software integration, and internal promotions create opportunities for training employees to align the ITSM tool with their roles and responsibilities.

3.2.2 Provide training

Training must take place before deployment to ensure that both your service desk agents and end users will use the tool in the way it was intended and improve end-user satisfaction.

• Implementing a new ITSM tool will likely bring with it at least some degree of organizational and cultural change. It’s important to manage that change through proper training. Your training needs will vary depending on the maturity of the organization and the amount of cultural and process change being implemented.
• If this is your first ITSM solution with many new changes for staff to take on board, it will be important to dedicate training time not only before deployment but also several months after the initial installation, to allow staff to gain more experience with the new tool and processes and formulate questions they may not think to ask during implementation.
• A training plan should take into account not only training needs for the implementation project but also any ongoing training requirements that may be required. This may include:
  • Training for new personnel.
  • Training on any changes to the tool.
  • Training on any new processes the tool will support.
• Better agent training will lead to better performance and improved end-user satisfaction.

The blue graph line charts new-agent training hours against first contact resolution and the orange graph line charts the trendline for the dataset.

Source: MetricNet, 2012

3.2.3 Choose an appropriate training delivery method

Training should include use cases that focus on not only how the tool’s interface works but also how the tool should be used to support process activities.

1. Training through use cases highlights how the tool will support the user in role-based tasks.
2. If new processes are being introduced along with the tool, training should cover both in an integrated way.
3. Team leadership and management commitment ensures that all agents take their training seriously and are prepared for all use cases by the deployment date.

Info-Tech Insight:

Ensure that the training demonstrates not only how the tool should be used, but also the benefits it will provide your staff in terms of improved efficiency and productivity. Users who can clearly see the benefits the tool will provide for their daily work will accept the tool more readily and promote it across the organization.

Step 3.3

Plan how you will deploy, monitor, and maintain the solution

Activities

This step involves the following participants:

• IT Director
• Project Manager
• Service Desk Manager

Outcomes of this step

Deployment plan, including a plan for cut-over from the old tool (if applicable), release of the new tool, and post-deployment support and maintenance of the tool.

3.3.1 Plan the transition from your old tool to ensure continual functionality

If you will have a transitional period during which the current tool will be used alongside the new tool, develop a clear plan for the transition to ensure continued service for your end users.

• If there will be an interim period during which only some aspects of the new ITSM tool are functional, you will need to determine how the new system and old systems will work together for that period of time. This may require creating interfaces as well as providing user documentation and/or SOPs on how the business processes will operate during the interim period.
• Cut-over is the period during which the changeover to the new system occurs. Cut-over activities need to be tightly choreographed for a successful deployment. If improperly planned, chaos may erupt when unforeseen issues are encountered during deployment, the deployment may be jeopardized, and the organization may encounter costly interruptions to its daily operations.
• Many organizations may leave any open tickets in the old tool until they are closed, which requires that tool run alongside the new tool for a transitional period. In this case, it is necessary to create guidelines around how long the open tickets will remain in the old system and ensure there is clear communication around these processes.

Be prepared for the transition:

1. Create a robust cut-over plan that includes when the old tool will be decommissioned, what activities are necessary during the cut-over, and what the contingency plan is in case of unforeseen issues.
2. Plan for and perform mock cut-overs to establish the timeline and dependencies for all steps that need to be performed to successfully complete the changeover. Do this to avoid any surprises or delays during the true cut-over period.
3. Establish cut-over logistics: Create a schedule for resources to work in shifts to avoid burn-out during cut-over, which can lead to lapses in judgment and easily avoidable mistakes. Allocate dedicated workspaces for cut-over activities, e.g. “war rooms” for the triage of issues.

3.3.2 Choose a cut-over approach that works for you

Approaches and insights from three case studies

3.3.3 Deploy the solution and any new processes simultaneously to ease the transition

Follow a deployment plan for introducing new processes alongside the new tool to ensure changes to both process and technology are adopted simultaneously.

If you’re introducing new processes alongside the new tool, it’s important to maintain the link between process and tool. Typically, the processes and tool should be deployed simultaneously unless there is a strong reason not to do so.

Deployment can be done as a big-bang or phased approach. The decision to employ a phased deployment depends on the number and size of business units the tool will support, as well as the organization’s geography and infrastructure (deployment locations).

Before deployment, conduct readiness assessments to understand whether:

The people are ready to accept the new system (have received the proper training and communications and understand how their jobs will change when the switch is flipped).

The technology is ready (test results are favorable, workarounds and a plan for closure have been identified for any open defects, and the system is performing as expected).

The data is ready (data for final conversion has been cleansed, and all conversions have been rehearsed).

The post-deployment support model is ready (infrastructure and technical support is in place, sites are ready, knowledge transfer has been conducted with the support organization, and end users understand procedures for escalation of issues).

3.3.4 Have a post-deployment support plan in place

Ensure that strong internal support for the project and tool will continue after deployment.

The stabilization period after a new software deployment can last between three and nine months, during which there may be continued training needs and fine-tuning of processes. Internal support from project leaders within your organization will be critical to recover from any dip in operational efficiency and deliver the benefits of the tool.

Consider the following to prepare better for your support plan:

What are the roles and responsibilities for ongoing tool administration support?

What level of support will exist to assist service desk staff after deployment?

How much time will project team resources devote to tackling upcoming issues and assisting with ongoing support?

Who will be responsible for ongoing training needs and documentation?

If your organization is spread across multiple locations, what level of support/assistance will be available at each site?

How will new code releases or system upgrades be managed and communicated?

Info-Tech Insight:

Deployment is only the first step in the system lifecycle. Full benefit realization from the tool requires ongoing investment and learning to be sustained. Unless processes and training are updated on an ongoing basis, benefits gained will start to decrease over time. If your service desk efficiency stagnates at the level it was at prior to implementation, the tool has failed to serve its objective.

Establish ongoing tool maintenance, improvement structures, and processes

People, processes, and organizations change over time, and your ITSM tool will need to change to meet expectations.

Develop and execute a plan for the maintenance of the solution and its infrastructure components.

Assign responsibility for ongoing maintenance. Hold regular meetings for the following activities:

1. Inspect data and reports.
2. Assess whether you’re meeting SLAs.
3. Predict any upcoming changes that may impact ticket volume (e.g. a new operating system or security patch).
4. Create new ticket templates for recurring or upcoming issues.
5. Create new knowledgebase articles.
6. Determine whether ticket categories are being used correctly.
7. Ask team if there are any problems with the tool.

3.3.5 Monitor success metrics defined in Project Charter

Revisit your goals for the solution and assess if they are being met by evaluating current metrics. If your goals have not yet been met, re-evaluate how to ensure the tool will deliver value.

Sample High-Level Goals:

1. Improved service desk efficiency
2. Improved end-user satisfaction
3. Improved self-service options for end users
4. Improved data and reporting capabilities

Related Info-Tech Research

Optimize IT Change Management

Define change management workflows, key roles, and supporting elements such as request-for-change forms based on best practices.

Standardize the Service Desk

Build core elements of service desk operations, including incident management and service request workflows, ticket categorization schemes, and ticket prioritization rules.

Optimize the Service Desk With a Shift-Left Strategy

Implement tools such as an improved knowledgebase and self-service portal to enable lower tier support staff and end users to resolve incidents or fulfill service requests.

Incident and Problem Management

Develop a critical incident management workflow and create standard operating procedures for problem management.

IT Service Management Selection Guide

Identify the best-of-breed solution to make the most of your investment and engage the right stakeholders to define success.

Analyze Your Service Desk Ticket Data

Develop a framework to track metrics, clean data, and put your data to use for pre-defined timelines.

Bibliography

Adiga, Siddanth. “10 Reasons Why ITSM Implementations Fail.” Could Strategy, 6 May 2015. Web.

Hastie, Shane, and Stéphane Wojewoda. “Standish Group 2015 Chaos Report.” InfoQ, 4 October 2015. Web.

“How to Manage Change in the Implementation of an ITSM Software.” C2, 20 April 2015. Web.

Lockwood, Meghan. “First Look: Annual ServiceNow Insight and Vision Executive Summary [eBook].” Acorio, 31 October 2019. Web.

Mainville, David. “7 Steps to a Successful ITSM Tool Implementation.” Navvia, 2012. Web.

Rae, Barclay. “Preparing for ITSM Tool Implementation.” Joe the IT Guy, 24 June 2015. Web.

Rae, Barclay. “Successful ITSM Tool Implementation.” BrightTALK, 9 May 2013. Webcast.

Rumburg, Jeffrey. “Metric of the Month: Agent Training Hours.” MetricNet, 2012. Web.

Build a Service-Based Security Resourcing Plan

Every security program is unique; resourcing allocations should reflect this.

Analyst Perspective

Start by looking inward.

		Organizations have a critical need for skilled cybersecurity resources as the cyberthreat landscape becomes more complex. This has put a strain on many security teams who must continue to meet demand for an increasing number of security services. To deliver services well, we first need to determine what are the organization’s key security requirements. While benchmarks can be useful for quick peer-to-peer comparisons to determine if we are within the average range, they tend to make all security programs seem the same. This can lead to misguided investments in security services and personnel that might be better used elsewhere. Security teams will be most successful when organizations take a personalized approach to security, considering what must be done to lower risk and operate more efficiently and effectively.
Logan Rohde Senior Research Analyst, Security Info-Tech Research Group	Isabelle Hertanto Principal Research Director, Security Info-Tech Research Group

Executive Summary

Info-Tech Insight

Not all security programs need to be the same. A service-aligned security resourcing strategy will put organizations in the best position to respond to current and future service demands and address business needs as they evolve over time.

Your challenge

This research is designed to help organizations who are looking to:

• Determine what and how many resources are needed to support the information security program.
• Identify the organization's key service offerings and the required resourcing to support delivery of such services.
• Estimate current staff utilization and required allocations to satisfy future demand for services.

Every organization is unique and will need different security research allocations aligned with their business needs.

“The number of priorities that CISOs have continues to grow, but if everything is a priority, nothing is. It’s important to focus on the ones that deliver the most value to your organization and that are synchronized with the overall business strategy.”

Paige H. Adams

Global CISO at Zurich

Insurance

Source: Proofpoint, 2021

Common obstacles

These barriers make this challenge difficult to address for many organizations:

• Security leaders sometimes try to cut to the chase and lean on staffing benchmarks to justify their requests for resources. However, while staffing benchmarks are useful for quick peer-to-peer validation and decision making, they tend to reduce security programs down to a set of averages, which can be misleading when used out of context.
• A more effective approach is to determine what security services need to be provided, the level of demand, and what it will take to meet that demand currently and in the coming years.
• With these details available, it becomes much easier to predict what roles need to be hired, what skills need to be developed, and whether outsourcing is an option.

Hiring delays and skills gaps can fuel resourcing challenges

59% of organizations report taking 3-6+ months to fill a vacant cybersecurity position.

Source: ISACA, 2020

30% report IT knowledge as the most prevalent skills gap in today’s cybersecurity professionals.

Source: ISACA, 2020

Info-Tech’s methodology for Building a Service-Based Security Resourcing Plan

Stay on top of resourcing demands with a security service portfolio

Blueprint deliverable

Use this tool to build your security services portfolio, estimate demand and hours needed, and determine FTE requirements.

Key deliverable:

Security Resources Planning Workbook

The Security Resources Planning Workbook will be used to:

• Build a security services portfolio.
• Estimate demand for security services and the efforts to deliver them.
• Determine full-time equivalent (FTE) requirements for each service.

Blueprint benefits

Measure the value of this blueprint

Use these metrics to realize the value of completing this blueprint.

47% of cybersecurity professionals said that stress and burnout has become a major issue due to overwork, with most working over 41 hours a week, and some working up to 90.

Source: Security Boulevard, 2021

Info-Tech offers various levels of support to best suit your needs

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

What does a typical GI on this topic look like?

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is 4 to 6 calls over the course of 2 to 3 months.

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com1-888-670-8889

Phase 1

Determine Security Service Portfolio Offerings

This phase involves the following participants:

• CISO
• Core Security Team
• Business Representative (optional)

Step 1.1

Gather Requirements and Define Roles

Activities

1.1.1 Assess Business Needs and Pressures

1.1.2 Define Security Roles

This step involves the following participants:

• CISO
• Core Security Team
• Business Representative (optional)

Outcomes of this step

• Security program requirements
• Security roles definitions

1.1.1 Assess security needs and pressures

1 hour

1. As a group, brainstorm the security requirements for your organization and any business pressures that exist within your industry (e.g. compliance obligations).

• To get started, consider examples of typical business pressures on the next slides. Determine how your organization must respond to these points (note: this is not an exhaustive list).
• You will likely notice that these requirements have already influenced the direction of your security program and the kinds of services it needs to provide to the business side of the organization.

Typical business pressures examples

The security services you will provide to the organization should be based on its unique business requirements and pressures, which will make certain services more applicable than others. Use this exercise to get an idea of what those business drivers might be.

1.1.2 Define security roles

1-2 hours

1. Using the link below, download the Security Resources Planning Workbook and review the examples provided on the next slide.
2. On tab 1 (Roles), review the example roles and identify which roles you have within your security team.

• If necessary, customize the roles and descriptions to match your security team’s current make up.
• If you have roles within your security team that do not appear in the examples, you can add them to the bottom of the table.

Download the Security Resources Planning Workbook

Calculating FTEs and defining security roles

1. Start by entering the current and planned headcount for each role
2. Then enter number of hours each role works per week
3. Estimate the number of administrative hours (e.g. team meetings, training) per week
4. Enter the average number of weeks per year that each role is available for service delivery
5. The tool uses the data from steps 2-4 to calculate the average number of hours each role has for service delivery per year (FTE)

Info-Tech Insight

Watch out for role creep. It may be tempting to assign tasks to the people who already know how to do them, but we should consider which role is most appropriate for each task. If all services are assigned to one or two people, we’ll quickly use up all their time.

Other considerations

Address your skills gap.

Cybersecurity is a rapidly evolving discipline and security teams from all over are reporting challenges related to training and upskilling needed to keep pace with the developments of the threat landscape.

95% Security leaders who agree the cybersecurity skills gap has not improved over the last few years.*

44% Security leaders who say the skills gap situation has only gotten worse.*

When defining roles, consider the competencies needed to deliver your security services. Use Info-Tech’s blueprint Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan to help you determine the required skillsets for each role.

* Source: ISSA, 2021

Info-Tech Insight

As the services in your portfolio mature and become more complex, remember to consider the skills you need and will need to be able to provide that service. Make sure to account for this need in your resource planning and keep in mind that we can only expect so much from one role. Therefore, hiring may be necessary to keep up with the diverse skills your services may require.

Download blueprint Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan

Step 1.2

Choose Security Service Offerings

Activities

1.2.1 Define Security Services and Role Assignments

This step involves the following participants:

• CISO
• Core Security Team

Outcomes of this step

• Service portfolio
• Service pipeline status
• Service ownership

1.2.1 Define security services and role assignments

2-4 hours

1. As a group, review the outputs from Step 1.1.1. These requirements will serve as the basis to prioritize the service offerings of your security portfolio.
2. Take these outputs, as well as any additional notes you’ve made, and put them side by side with the example service offerings on tab 3 of the Security Resources Planning Workbook so each service can be considered alongside these requirements (i.e. to determine if that service should be included in the security service portfolio at this time).
3. Using the following slides as a guide, work your way down the list of example services and choose the services for your portfolio. For each service selected, be sure to customize the definition of the service and state its outcome (i.e. what time is spent when providing this service, indicate if it is outsourced, which role is responsible for delivering it, and the service pipeline status (in use, plan to use, plan to retire)).

Download the Security Resources Planning Workbook

Service needs aligned with your control framework

Use Info-Tech's best-of-breed Security Framework to develop a comprehensive baseline set of security service areas.

Prioritize your security services

Example of a custom security services portfolio definition

Security Strategy and Governance Model

• Aligned Business Goals
• Security Program Objectives
• Centralized vs. Decentralized Governance Model

Compliance Obligations

• Penetration testing
• Annual security audits
• Data privacy and protection laws

CISO Accountabilities

• Security Policy
• Risk Management
• Application & Infrastructure Security
• Program Metrics and Reporting

Consider each of the requirement categories developed in Step 1.1.1 against the taxonomy and service domain here. If there is a clear need to add this service, use the drop-down list in the “Include in Catalog” column to indicate “Yes.” Mark un-needed services as “No.”

Assigning roles to services

1. If the service is being outsourced, use the drop-down list to select “Yes.” This will cause the formatting to change in the neighboring cell (Role), as this cell does not need to be completed.
2. For all in-sourced services, indicate the role assigned to perform the service.
3. Indicate the service-pipeline status for each of the services you include. The selection you make will affect the conditional formatting on the next tab, similar to what is described in step 1.

Info-Tech Insight

Make sure your portfolio reflects current state and approved plans. There’s nothing wrong with planning for the future, but we should avoid using the portfolio as a list of goals.

Phase 2

Plan for Mandatory Versus Discretionary Demand

This phase involves the following participants:

• CISO
• Core Security Team

Step 2.1

Assess Demand

Activities

2.1.1 Estimate Current and Future Demand

This step involves the following participants:

• CISO
• Core Security Team

Outcomes of this step

• Service demand estimates
• Total service hours required
• FTEs required per service

2.1.1 Estimate current and future demand

2-4 hours

1. Estimate the number of hours required to complete each of the services in your portfolio and how frequently it is performed. Remember the service-hour estimates should be based on the outcome of the service (see examples on the next slide).

• To do this effectively, think back over the last quarter and count how many times the members of your team performed each service and how many hours it took to complete.
• Then, think back over the last year and consider if the last quarter represents typical demand (i.e. you may notice that certain services have a greater demand at different parts of the year, such as annual audit) and arrive at your best estimate for both service hours and demand.
• See examples on next slide.

Note: For continuous services (i.e. 24/7 security log monitoring), use the length of the work shift for estimating the Hours to Complete and the corresponding number of shifts per year for Mandatory Demand estimates. Example: For an 8-hour shift, there are 3 shifts per day at 365 days/year, resulting in 1,095 total shifts per year.

Download the Security Resources Planning Workbook

Info-Tech Insight

Time estimates will improve over time. It may be difficult to estimate exactly how long it takes to carry out each service at first. But making the effort to time your activities each quarter will help you to improve the accuracy of your estimates incrementally.

Understanding mandatory versus discretionary demand

Every service may have a mix of mandatory and discretionary demands. Understanding and differentiating between these types of demand is critical to developing an efficient resourcing plan.

Mandatory Demand Mandatory demand refers to the amount of work that your team must perform to meet compliance obligations and critical business and risk mitigation requirements. Failure to meet mandatory demand levels will have serious consequences, such as regulatory fines or the introduction of risks that far exceed risk tolerances. This is work you cannot refuse.

Discretionary Demand Discretionary demand refers to the amount of work the security team is asked to perform that goes above and beyond your mandatory demand. Discretionary demand often comes in the form of ad hoc requests from business units or the IT department. Failure to meet discretionary demand levels usually has limited consequences, allowing you more flexibility to decide how much of this type of work you can accept.

Mandatory versus discretionary demand examples

Example of service demand estimations

1. For each service, describe the specific outcome or deliverable that the service produces. Modify the example deliverables as required.
2. Enter the number of hours required to produce one instance of the service deliverable. For example, if the deliverable for your security training service is an awareness campaign, it may require 40 person hours to develop and deliver.
3. Enter the number of mandatory and discretionary demands expected for each service within a given year. For instance, if you are delivering quarterly security awareness campaigns, enter 4 as the demand.

Phase 3

Build Your Resourcing Plan

This phase involves the following participants:

• CISO
• Security Manager

Step 3.1

Determine Resourcing Status

Activities

3.1.1 Review Demand Summary

3.1.2 Fill Resource Gaps

This step involves the following participants:

• CISO
• Security Manager

Outcomes of this step

• The number of FTEs required to meet demand
• Resourcing gaps

3.1.1 Review demand summary

1-2 hours

1. On tab 5 of the Security Resourcing Planning Tool (Demand Summary), review the results. This tab will show you if you have enough FTE hours per role to meet the demand level for each service.

• Green indicates that there is a surplus of FTEs and the number displayed shows how many extra FTEs there are.
• Yellow text that you have adequate FTEs to meet all of your mandatory demand but may not have enough to meet all of your discretionary demand.
• Red text indicates that there are too few FTEs available, and the number displayed shows how many additional FTEs you will require.

Download the Security Resources Planning Workbook

Info-Tech Insight

Start recruiting well in advance of need. Security talent can be difficult to come by, so make sure to begin your search for a new hire three to six months before your demand estimates indicate the need will arise.

Example of demand planning summary (1/2)

Example of demand planning summary (2/2)

3.1.2 Fill resource gaps

2-4 hours

1. Now that you have a resourcing model for your security services, you will need to plan to close the gaps between available FTEs and required service hours. For each role that has been under/over committed to service delivery, review the services assignments on tab 3 and determine the viability of the following gap closure actions:
1. Reassign service responsibility to another role with fewer commitments
2. Create efficiencies to reduce required hours
3. Hire to meet the service demand
4. Outsource the service
2. Your resourcing shortages may not all be apparent at once. Therefore, build a roadmap to determine which needs must be addressed immediately and which can be scheduled for years two and three.

Consider outsourcing

Outsourcing provides access to tools and talent that would otherwise be prohibitively expensive. Typical reasons for outsourcing security operations include:

• Difficulty finding or retaining security staff with advanced and often highly specialized skillsets.
• The desire to transfer liability for high-risk operational activities such as 24/7 security monitoring.
• Workforce scalability to accommodate irregular or infrequent events such as incident response and incident-related forensic investigations.

Given the above, three different models have emerged for the operational security organization:

Once you have determined that further outsourcing is needed, go back and adjust the status in your service portfolio. Use Info-Tech's blueprint Develop Your Security Outsourcing Strategy to determine the right approach for your business needs.

“The workforce of the future needs to be agile and adaptable, enabled by strong partnerships with third-party providers of managed security services. I believe these hybrid models really are the security workforce of the future.”

– Senior Manager, Cybersecurity at EY

Download blueprint Develop Your Security Outsourcing Strategy

Info-Tech Insight

Choose the right model for your organization’s size, risk tolerance, and process maturity level. For example, it might make more sense for larger enterprises with low risk tolerance to grow their internal teams and build in-house capability.

Create efficiencies

Resourcing challenges are often addressed more directly by increased spending. However, for a lot of organizations, this just isn’t possible. While there is no magic solution to resolve resource constraints and small budgets, the following tactics should be considered as a means to reduce the hours required for the services your team provides.

Info-Tech Insight

Every minute counts. While using these strategies may not solve every resourcing crunch you have, they can help put you in the best position possible to deliver on your commitments for each service.

Plan for employee turnover

Cybersecurity skills are in high demand; practitioners are few. The reality is that experienced security personnel have a lot of opportunities. While we cannot control for the personal reasons employees leave jobs, we can address the professional reasons that cause them to leave.

Use Info-Tech’s blueprint Build a Strategic IT Workforce Plan to help staff your security organization for success.

Download blueprint Build a Strategic IT Workforce Plan

Summary of Accomplishment

Problem Solved

You have now successfully identified your business and security drivers, determined what services your security program will provide, and determined your resourcing plan to meet these demands over the next three years.

As needs change at your organization, don’t forget to re-evaluate the decisions you’ve made. Don’t forget that outsourcing a service may be the most reliable way to provide and resource it. However, this is just one tool among many that should be considered, along with upskilling, process improvement/familiarity, and process automation.

If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

Contact your account representative for more information.

workshops@infotech.com

1-888-670-8889

Research Contributors and Experts

	George Al-Koura CISO Ruby Life		Brian Barniner Head of Decision Science and Analytics ValueBridge Advisors
	Tracy Dallaire CISO / Director of Information Security McMaster University		Ricardo Johnson Chief Information Security Officer Citrix

Research Contributors and Experts

Ryan Rodriguez Senior Manager, Cyber Threat Management EY

Paul Townley VP Information Security and Personal Technology Owens Corning

13 Anonymous Contributors

Related Info-Tech Research

Cost-Optimize Your Security Budget

Develop Your Security Outsourcing Strategy

Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan

Bibliography

2021 Voice of the CISO Report.” Proofpoint, 2021. Web.

“2022 Voice of the CISO.” Proofpoint, 2022. Web.

Brook, Chris. “How to Find and Retain Skilled Cybersecurity Talent.” DigitalGuardian, 17 Sep. 2020. Web.

“Canadian Cybersecurity Skills Framework” TECHNATION Canada, April 2020. Web.

“Cybersecurity Skills Crisis Continues for Fifth Year, Perpetuated by Lack of Business Investment.” ISSA, 28 July 2021. Web.

“Cybersecurity Workforce, National Occupational Standard.” TECHNATION Canada, April 2020. Web.

Naden, Clare. “The Cybersecurity Skills Gap: Why Education Is Our Best Weapon against Cybercrime.” ISO, 15 April 2021. Web.

Purse, Randy. “Four Challenges in Finding Cybersecurity Talent And What Companies Can Do About It.” TECHNATION Canada, 29 March 2021. Web.

Social-Engineer. “Burnout in the Cybersecurity Community.” Security Boulevard, 8 Dec. 2021. Web.

“State of Cybersecurity 2020.” ISACA, 2020. Web.

2022 Tech Trends

Enabling the digital economy

Supporting the CEO for growth

The post-pandemic pace of change

The disruptions to the way we work caused by the pandemic haven’t bounced back to normal.

As part of its research process for the 2022 Tech Trends Report, Info-Tech Research Group conducted an open online survey among its membership and wider community of professionals. The survey was fielded from August 2021 through to September 2021, collecting 475 responses. We asked some of the same questions as last year’s survey so we can compare results as well as new questions to explore new trends.

How much do you expect your organization to change permanently compared to how it was operating before the pandemic?

• 7% – No change. We'll keep doing business as we always have.
• 33% – A bit of change. Some ways of working will shift long term
• 47% – A lot of change. The way we work will be differ in many ways long term. But our business remains...
• 13% – Transformative change. Our fundamental business will be different and we'll be working in new ways.

This year, about half of IT professionals expect a lot of change to the way we work and 13% expect a transformative change with a fundamental shift in their business. Last year, the same percentage expected a lot of change and only 10% expected transformative change.

30% more professionals expect transformative permanent change compared to one year ago.

47% of professionals expect a lot of permanent change; this remains the same as last year. (Info-Tech Tech Trends 2022 Survey)

The pandemic accelerated the speed of digital transformation

With the massive disruption preventing people from gathering, businesses shifted to digital interactions with customers.

Companies also accelerated the pace of creating digital or digitally enhanced products and services.

“The Digital Economy incorporates all economic activity reliant on or significantly enhanced by the use of digital inputs, including digital technologies, digital infrastructure, digital services and data.” (OECD Definition)

IT must enable participation in the digital economy

Consumer spending is tilting more digital.

Consumers have cut back spending on sectors where purchases are mostly made offline. That spending has shifted to digital services and online purchases. New habits formed during the pandemic are likely to stick for many consumers, with a continued shift to online consumption for many sectors.

Purchases on online platforms are projected to rise from 10% today to 33% by 2030.

Estimated online share of consumption

Changing customer expectations pose a risk.

IT practitioners agree that customer expectations are changing. They expect this to be more likely to disrupt their business in the next 12 months than new competition, cybersecurity incidents, or government-enacted policy changes.

Factors likely to disrupt business in next 12 months

This poses a challenge to IT departments below the “expand” level of maturity

CIOs must climb the maturity ladder to help CEOs drive growth.

Most IT departments rated their maturity in the “optimize” or “support” level on Info-Tech’s maturity ladder.

CIOs at the “optimize” level can play a role in digital transformation by improving back-office processes but should aim for a higher mandate.

CIOs achieving at the “expand” level can help directly improve revenues by improving customer-facing products and services, and those at the “transform” level can help fundamentally change the business to create revenue in new ways. CIOs can climb the maturity ladder by enabling new digital capabilities.

Maturity is heading in the wrong direction.

Only half of IT practitioners described their department’s maturity as “transform” compared to last year’s survey, and more than twice the number rated themselves as “struggle.”

48% rate their IT departments as low maturity.

Improve maturity by focusing on key capabilities to compete in the digital economy

Capabilities to unlock digital

Innovation: Identify innovation opportunities and plan how to use technology innovation to create a competitive advantage or achieve improved operational effectiveness and efficiency.

Human Resources Management: Provide a structured approach to ensure optimal planning, evaluation, and development of human resources.

Data Architecture: Manage the business’ data stores, including technology, governance, and people that manage them. Establish guidelines for the effective use of data.

Security Strategy: Define, operate, and monitor a system for information security management. Keep the impact and occurrence of information security incidents within risk appetite levels.

Business Process Controls and Internal Audit: Manage business process controls such as self-assessments and independent assurance reviews to ensure information related to and used by business processes meets security and integrity requirements. (ISACA, 2020)

5 Tech Trends for 2022

In this report, we explore five use cases for emerging technology that can improve on capabilities needed to compete in the digital economy. Use cases combine emerging technologies with new processes and strategic planning.

DIGITAL ECONOMY

TREND 01 | Human Resources Management

HYBRID COLLABORATION
Provide a digital employee experience that is flexible, contextual, and free from the friction of hybrid operating models.

TREND 02 | Security Strategy

BATTLE AGAINST RANSOMWARE
Prevent ransomware infections and create a response plan for a worst-case scenario. Collaborate with relevant external partners to access resources and mitigate risks.

TREND 03 | Business Process Controls and Internal Audit

CARBON METRICS IN ENERGY 4.0
Use internet of things (IoT) and auditable tracking to provide insight into business process implications for greenhouse gas emissions.

TREND 04 | Data Architecture

INTANGIBLE VALUE CREATION
Provide governance around digital marketplace and manage implications of digital currency. Use blockchain technology to turn unique intellectual property into saleable digital products

TREND 05 | Innovation

AUTOMATION AS A SERVICE
Automate business processes and access new sophisticated technology services through platform integration.

Hybrid Collaboration

TREND 01 | HUMAN RESOURCES MANAGEMENT

Provide a digital employee experience that is flexible, contextual, and free from the friction of hybrid operating models.

Emerging technologies:
Intelligent conference rooms; intelligent workflows, platforms

Introduction

Hybrid work models enable productive, diverse, and inclusive talent ecosystems necessary for the digital economy.

Hybrid work models have become the default post-pandemic work approach as most knowledge workers prefer the flexibility to choose whether to work remotely or come into the office. CIOs have an opportunity lead hybrid work by facilitating collaboration between employees mixed between meeting at the office and virtually.

IT departments rose to the challenge to quickly facilitate an all-remote work scenario for their organizations at the outset of the pandemic. Now they must adapt again to facilitate the hybrid work model, which brings new friction to collaboration but also new opportunities to hire a talented, engaged, and diverse workforce.

79% of organizations will have a mix of workers in the office and at home. (Info-Tech Tech Trends 2022 Survey)

35% view role type as a determining factor in the feasibility of the hybrid work model.

Return-to-the-office tensions

Only 18% of employees want to return to the office full-time.

But 70% of employers want people back in the office. (CNBC, April 2021)

Signals

IT delivers the systems needed to make the hybrid operating model a success.

IT has an opportunity to lead by defining the hybrid operating model through technology that enables collaboration. To foster collaboration, companies plan to invest in the same sort of tools that helped them cope during the pandemic.

As 79% of organizations envision a hybrid model going forward, investments into hybrid work tech stacks – including web conferencing tools, document collaboration tools, and team workspaces – are expected to continue into 2022.

Plans for future investment in collaboration technologies

Drivers

COVID-19

Vaccination rates around the world are rising and allowing more offices to welcome back workers because the risk of COVID-19 transmission is reduced and jurisdictions are lifting restrictions limiting gatherings.

Worker satisfaction

Most workers don't want to go to the office full-time. In a Bloomberg poll (2021), almost half of millennial and Gen Z workers say they would quit their job if not given an option to work remotely.

IT spending

Companies are investing more into IT budgets to find ways to support a mix of remote work and in-office resources to cope with work disruption. This extra spending is offset in some cases by companies saving money from having employees work from home some portion of the time. (CIO Dive, 2021)

Risks and Benefits

Benefits

Risks

“We have to be careful what we automate. Do we want to automate waste? If a company is accustomed to having a ton of meetings and their mode in the new world is to move that online, what are you going to do? You're going to end up with a lot of fatigue and disenchantment…. You have to rethink your methods before you think about the automation part of it." (Vijay Sundaram, Chief Strategy Officer, Zoho)

Listen to the Tech Insights podcast: Unique approach to hybrid collaboration

Case Study: Zoho

Situation

Zoho Corp. is a cloud software firm based in Chennai, India. It develops a wide range of cloud software, including enterprise collaboration software and productivity tools. Over the past decade, Zoho has used flexible work models to grant remote work options to some employees.

When the coronavirus pandemic hit, not only did the office have to shut down but also many employees had to relocate back with families in rural areas. The human costs of the pandemic experienced by staff required Zoho to respond by offering counseling services and material support to employees.

Complication

Zoho prides itself as an employee-centric company and views its culture as a community that's purpose goes beyond work. That sense of community was lost because of the disruption caused by the pandemic. Employees lost their social context and their work role models. Zoho had to find a way to recreate that without the central hub of the office or find a way to work with the limitations of it not being possible.

Resolution

To support employees in rural settings, Zoho sent out phones to provide redundant bandwidth. As lockdowns in India end, Zoho is taking a flexible approach and giving employees the option to come to the office. It's seeing more people come back each week, drawn by the strong community.

Zoho supports the hybrid mix of workers by balancing synchronous and asynchronous collaboration. It holds meetings when absolutely necessary through tools like Zoho Meet but tries to keep more work context to asynchronous collaboration that allows people to complete tasks quickly and move on. Its applications are connected to a common platform that is designed to facilitate workflows between employees with context and intelligence. (Interview with Vijay Sundaram, Chief Strategy Officer, Zoho)

“We tend to think of it on a continuum of synchronous to asynchronous work collaboration. It’s become the paramount norm for so many different reasons…the point is people are going to work at different times in different locations. So how do we enable experiences where everyone can participate?" (Jason Brommet, Head of Modern Work and Security Business Group at Microsoft)

Listen to the Tech Insights podcast: Microsoft on the ‘paradox of hybrid work’

Case Study: Microsoft

Situation

Before the pandemic, only 18% of Microsoft employees were working remotely. As of April 1, 2020, they were joined by the other 82% of non-essential workers at the company in working remotely.

As with its own customers, Microsoft used its own software to enable this new work experience, including Microsoft Teams for web conferencing and instant messaging and Office 365 for document collaboration. Employees proved just as productive getting their work done from home as they were working in the office.

Complication

At Microsoft, the effects of firm-wide remote work changed the collaboration patterns of the company. Even though a portion of the company was working remotely before the pandemic, the effects of everyone working remotely were different. Employees collaborated in a more static and siloed way, focusing on scheduled meetings with existing relationships. Fewer connections were made with more disparate parts of the organization. There was also a decrease in synchronous communication and an increase in asynchronous communication.

Resolution

Microsoft is creating new tools to break down the silos in organizations that are grappling with hybrid work challenges. For example, Viva Insights is designed to inform workers about their collaboration habits with analytics. Microsoft wants to provide workers with insights on their collaborative networks and whether they are creating new connections or deepening existing connections. (Interview with Jason Brommet, Head of Modern Work and Security Business Group, Microsoft; Nature Human Behaviour, 2021)

What's Next?

Distributed collaboration space:

International Workplace Group says that more companies are taking advantage of its full network deals on coworking spaces. Companies such as Standard Charter are looking to provide their workers with a happy compromise between working from home and making the commute all the way to the central office. The hub-and-spoke model gives employees the opportunity to work near home and looks to be part of the hybrid operating model mix for many companies. (Interview with Wayne Berger, CEO of IWG Canada & Latin America)

Optimized hybrid meetings:

Facilitating hybrid meetings between employees grouped in the office and remote workers will be a major pain point. New hybrid meeting solutions will provide cameras embedded with intelligence to put boardroom participants into independent video streams. They will also focus on making connecting to the same meeting from various locations as convenient as possible and capture clear and crisp audio from each speaker.

Uncertainties

Mix between office and remote work:

It's clear we're not going to work the way we used to previously with central work hubs, but full-on remote work isn't the right path forward either. A new hybrid work model is emerging, and organizations are experimenting to find the right approach.

Attrition:

Between April and September 2021, 15 million US workers quit their jobs, setting a record pace. Employees seek a renewed sense of purpose in their work, and many won’t accept mandates to go back to the office. (McKinsey, 2021)

Equal footing in meetings:

What are the new best practices for conducting an effective meeting between employees in the office and those who are remote? Some companies ask each employee to connect via a laptop. Others are using conference rooms with tech to group in-office workers together and connect them with remote workers.

Hybrid Collaboration Scenarios

Organizations can plan their response to the hybrid work context by plotting their circumstances across two continuums: synchronous to asynchronous collaboration approach and remote work to central hub work model.

Recommendations

Rethink technology solutions. Don't expect your pre-pandemic videoconference rooms to suffice. And consider how to optimize your facilities and infrastructure for hot-desking scenarios.

Optimize remote work. Shift from the collaboration approach you put together just to get by to the program you'll use to maximize flexibility.

Enable effective collaboration. Enable knowledge sharing no matter where and when your employees work and choose the best collaboration software solutions for your scenario.

Run better meetings. Successful hybrid workplace plans must include planning around hybrid meetings. Seamless hybrid meetings are the result of thoughtful planning and documented best practices.

89% of organizations invested in web conferencing technology to facilitate better collaboration, but only 43% invested in office meeting room solutions. (Info-Tech Tech Trends 2022 Survey)

Info-Tech Resources

• Rethink Technology Solutions
• Optimize Remote Work
• Enable Effective Collaboration
• Run Better Meetings

Battle Against Ransomware

TREND 02 | SECURITY STRATEGY

Prevent ransomware infections and create a response plan for a worst-case scenario. Collaborate with relevant external partners to access resources and mitigate risks.

Emerging technologies:
Open source intelligence; AI-powered threat detection

“It has been a national crisis for some time…. For every [breach] that hits the news there are hundreds that never make it.” (Steve Orrin, Federal Chief Technology Officer, Intel)

Listen to the Tech Insights podcast: Ransomware crisis and AI in military

Introduction

Between 2019 and 2020, ransomware attacks rose by 62% worldwide and by 158% in North America. (PBS NewsHour, 2021)

Security strategies are crucial for companies to control access to their digital assets and confidential data, providing it only to the right people at the right time. Now security strategies must adapt to a new caliber of threat in ransomware to avoid operational disruption and reputational damage.

In 2021, ransomware attacks exploiting flaws in widely used software from vendors Kaseya, SolarWinds, and Microsoft affected many companies and saw record-breaking ransomware payments made to state-sponsored cybercriminal groups.

After a ransomware attack caused Colonial Pipeline to shut down its pipeline operations across the US, the ransomware issue became a topic of federal attention with executives brought before Senate committees. A presidential task force to combat ransomware was formed.

62% of IT professionals say they are more concerned about being a victim of ransomware than they were one year ago. (Info-Tech Tech Trends 2022 Survey)

$70 million demanded by REvil gang in ransom to unlock firms affected by the Kaseya breach. (TechRadar, 2021)

Signals

Organizations are taking a multi-faceted approach to preparing for the event of a ransomware breach.

The most popular methods to prepare for ransomware are to buy an insurance policy or create offline backups and redundant systems. Few are making an effort to be aware of free decryption tools, and only 2% admit to budgeting to pay ransoms.

44% of IT professionals say they spent time and money specifically to prevent ransomware over the past year. (Info-Tech Tech Trends 2022 Survey)

Approaches to prepare for ransomware

(Info-Tech Tech Trends 2022 Survey)

Drivers

National security concerns

Attacks on US infrastructure and government agencies have prompted the White House to treat ransomware as a matter of national security. The government stance is that Russia supports the attacks. The US is establishing new mechanisms to address the threat. Plans include new funding to support ransomware response, a mandate for organizations to report incidents, and requirements for organizations to consider the alternatives before paying a ransom. (Institute for Security and Technology, 2021)

Advice from cybersecurity insurance providers

Increases in ransom payouts have caused cybersecurity insurance providers to raise premiums and put in place more security requirements for policyholders to try and prevent ransomware infection. However, when clients are hit with ransomware, insurance providers advise to pay the ransom as it's usually the cheapest option. (ProPublica, 2019)

Reputational damage

Ransomware attacks also often include a data breach event with hackers exfiltrating the data before encrypting it. Admitting a breach to customers can seriously damage an organization's reputation as trustworthy. Organizations may also be obligated to pay for credit protection of their customers. (Interview with Frank Trovato, Research Director – Infrastructure, Info-Tech Research Group)

Risks and Benefits

Benefits

Risks

Case Study: Victim to ransomware

Situation

In February 2020, a large organization found a ransomware note on an admin’s workstation. They had downloaded a local copy of the organization’s identity management database for testing and left a port open on their workstation. Hackers exfiltrated it and encrypted the data on the workstation. They demanded a ransom payment to decrypt the data.

Complication

Because private information of employees and customers was breached, the organization decided to voluntarily inform the state-level regulator. With 250,000 accounts affected, plans were made to require password changes en masse. A public announcement was made two days after the breach to ensure that everyone affected could be reached.

The organization decided not to pay the ransom because it didn’t need the data back, since it had a copy on an unaffected server.

Resolution

After a one-day news cycle for the breach, the story about the ransom was over. The organization also received praise for handling the situation well and quickly informing stakeholders.

The breach motivated the organization to put more protections in place. It implemented a deny-by-default network and turned off remote desktop protocol and secure shell. It mandated multi-factor authentication and put in a new endpoint-detection and response system. (Interview with CIO of large enterprise)

What's Next

AI for cybersecurity:

New endpoint protections using AI are being deployed to help defend against ransomware and other cybersecurity intrusions. The solutions focus on the prevention and detection of ransomware by learning about the expected behavior of an environment and then detecting anomalies that could be attack attempts. This type of approach can be applied to everything from reading the contents of an email to helping employees detect phishing attempts to lightweight endpoint protection deployed to an Internet of Things device to detect an unusual connection attempt.

Unfortunately, AI is a tool available to both the cybersecurity industry and hackers. Examples of hackers tampering with cybersecurity AI to bypass it have already surfaced. (Forbes, 23 Sept. 2021)

Uncertainties

Government response:

In the US, the Ransomware Task Force has made recommendations to the government but it's not clear whether all of them will be followed. Other countries such as Russia are reported to be at least tolerating ransomware operations if not supporting them directly with resources.

Supply chain security:

Sophisticated attacks using zero-day exploits in widely used software show that organizations simply can't account for every potential vulnerability.

Arms escalation:

The ransomware-as-a-service industry is doing good business and finding new ways to evade detection by cybersecurity vendors. New detection techniques involving AI are being introduced by vendors, but will it just be another step in the back-and-forth game of one-upmanship? (Interview with Frank Trovato)

Battle Against Ransomware Scenarios

Determine your organization’s threat profile for ransomware by plotting two variables: the investment made in cybersecurity and the sophistication level of attacks that you should be prepared to guard against.

Recommendations

Create a ransomware incident response plan. Assess your current security practices and identify gaps. Quantify your ransomware risk to prioritize investments and run tabletop planning exercises for ransomware attacks.

Reduce your exposure to ransomware. Focus on securing the frontlines by improving phishing awareness among staff and deploying AI tools to help flag attacks. Use multi-factor authentication. Take a zero-trust approach and review your use of RDP, SSH, and VPN.

Require security in contracts. Security must be built into vendor contracts. Government contracts are now doing this, elevating security to the same level as functionality and support features. This puts money incentives behind improving security. (Interview with Intel Federal CTO Steve Orrin)

42% of IT practitioners feel employees must do much more to help defend against ransomware. (Info-Tech Tech Trends 2022 Survey)

Info-Tech Resources

• Create a Ransomware Incident Response Plan
• Defend Against the Evolving Threat of Ransomware

Carbon Metrics in Energy 4.0

TREND 03 | BUSINESS PROCESS CONTROLS AND INTERNAL AUDIT

Use Internet of Things (IoT) and auditable tracking to provide insight into business process implications for greenhouse gas emissions.

Emerging technologies:
IoT

Introduction

Making progress towards a carbon-neutral future.

A landmark report published in 2021 by the United Nations Intergovernmental Panel on Climate Change underlines that human actions can still determine the future course of climate change. The report calls on governments, individuals, and organizations to stop putting new greenhouse gas emissions into the atmosphere no later than 2050, and to be at the halfway point to achieving that by 2030.

With calls to action becoming more urgent, organizations are making plans to reduce the use of fossil fuels, move to renewable energy sources, and reduce consumption that causes more emissions downstream. As both voluntary and mandatory regulatory requirements task organizations with reducing emissions, they will first be challenged to accurately measure the size of their footprint.

CIOs in organizations are well positioned to make conscious decisions to both influence how technology choices impact carbon emissions and implement effective tracking of emissions across the entire enterprise.

Canada’s CIO strategy council is calling on organizations to sign a “sustainable IT pledge” to cut emissions from IT operations and supply chain and to measure and disclose emissions annually. (CIO Strategy Council, Sustainable IT Pledge)

SCOPE 3 – Indirect Consumption

• Goods and services
• Fuel, travel, distribution
• Waste, investments, leased assets, employee activity

SCOPE 2 – Indirect Energy

• Electricity
• Heat and cooling

SCOPE 1 – Direct

• Facilities
• Vehicles

Signals

Emissions tracking requires a larger scope.

About two-thirds of organizations have a commitment to reduce greenhouse gas emissions. When asked about what tactics they use to reduce emissions, the most popular options affect either scope 1 emissions (retiring older IT equipment) or scope 2 emissions (using renewable energy sources). Fewer are using tactics that would measure scope 3 emissions such as using IoT to track or using software or AI.

68% of organizations say they have a commitment to reduce greenhouse gas emissions. (Info-Tech Tech Trends 2022 Survey)

Approaches to reducing carbon emissions

(Info-Tech Tech Trends 2022 Survey)

Drivers

Investor pressure

The world’s largest asset manager, at $7 trillion in investments, says it will move away from investing in firms that are not aligned to the Paris Agreement. (The New York Times, 2020)

Compliance tipping point

International charity CDP has been collecting environmental disclosure from organizations since 2002. In 2020, more than 9,600 of the world’s largest companies – representing over 50% of global market value – took part. (CDP, 2021)

International law

In 2021, six countries have net-zero emissions policies in law, six have proposed legislations, and 20 have policy documents. (Energy & Climate Intelligence Unit, 2021)

Employee satisfaction

In 2019, thousands of workers walked out of offices of Amazon, Google, Twitter, and Microsoft to demand their employers do more to reduce carbon emissions. (NBC News, 2021)

High influence factors for carbon reduction

• 25% – New government laws or policies
• 9% – External social pressures
• 9% – Pressure from investors
• 8% – International climate compliance efforts
• 7% – Employee satisfaction

(Info-Tech Tech Trends 2022 Survey)

Risks and Benefits

Benefits

Risks

“When you can take technology and embed that into management change decisions that impact the environment, you can essentially guarantee that [greenhouse gas] offset. Companies that are looking to reduce their emissions can buy those offsets and it creates value for everybody.” (Wade Barnes, CEO and founder of Farmers Edge)

Listen to the Tech Insights podcast: The future of farming is digital

Case Study

Situation

The Alberta Technology Innovation and Emissions Reduction Regulation is Alberta’s approach to reduce emissions from large industrial emitters. It prices GHG and provides a trading system.

No-till farming and nitrogen management techniques sequester up to 0.3 metric tons of GHG per year.

Complication

Farmers Edge offers farmers a digital platform that includes IoT and a unified data warehouse. It can turn farm records into digital environmental assets, which are aggregated and sold to emitters.

Real-time data from connected vehicles, connected sensors, and other various inputs can be verified by third-party auditors.

Resolution

Farmers Edge sold aggregated carbon offsets to Alberta power producer Capital Power to help it meet regulatory compliance.

Farmers Edge is expanding its platform to include farmers in other provinces and in the US, providing them opportunity to earn revenue via its Smart Carbon program.

The firm is working to meet standards outlined by the U.S. Department of Agriculture’s Natural Resources Conservation Service. (Interview with Wade Barnes, CEO, Farmers Edge)

What's Next

Global standards:

The International Sustainability Standards Board (ISSB) has been formed by the International Financial Reporting Standards Foundation and will have its headquarters location announced in November at a United Nations conference. The body is already governing a set of global standards that have a roadmap for development through 2023 through open consultation. The standards are expected to bring together the multiple frameworks for sustainability standards and offer one global set of standards. (Business Council of Canada, 2021)

CIOs take charge:

The CIO is well positioned to take the lead role on corporate sustainability initiatives, including measuring and reducing an organization’s carbon footprint (or perhaps even monetizing carbon credits for an organization that is a negative emitter). CIOs can use their position as facilities managers and cross-functional process owners and mandate to reduce waste and inefficiency to take accountability for this important role. CIOs will expand their roles to deliver transparent and auditable reporting on environmental, social, and governance (ESG) goals for the enterprise.

Uncertainties

International resolve:

Fighting the climate crisis will require governments and private sector collaboration from around the world to commit to creating new economic structures to discourage greenhouse gas emissions and incentivize long-term sustainable thinking. If some countries or private sector forces continue to prioritize short-term gains over sustainability, the U.N.’s goals won’t be achieved and the human costs as a result of climate change will become more profound.

Cap-and-trade markets:

Markets where carbon credits are sold to emitters are organized by various jurisdictions around the world and have different incentive structures. Some are created by governments and others are voluntary markets created by industry. This type of organization for these markets limits their size and makes it hard to scale the impact. Organizations looking to sell carbon credits at volume face the friction of having to navigate different compliance rules for each market they want to participate in.

Carbon Metrics in Energy 4.0 Scenarios

Determine your organization’s approach to measuring carbon dioxide and other greenhouse gas emissions by considering whether your organization is likely to be a high emitter or a carbon sink. Also consider your capability to measure and report on your carbon footprint.

Recommendations

Measure the whole footprint. Devise a plan to measure scope 1, 2, and 3 greenhouse gas emissions at a level that is auditable by a third party.

Gauge the impact of Industry 4.0. New technologies in Industry 4.0 include IoT, additive manufacturing, and advanced analytics. Make sustainability a core part of your focus as you plan out how these technologies will integrate with your business.

Commit to net zero. Make a clear commitment to achieve net-zero emissions by a specific date as part of your organization’s core strategy. Take a continuous improvement approach to make progress towards the goal with measurable results.

New laws from governments will have the highest degree of influence on an organization’s decision to reduce emissions. (Info-Tech Tech Trends 2022 Survey)

Info-Tech Resources

• Durable Goods Manufacturing Industry 4.0 Report
• Getting to Zero
• Green IT Is Now a Key Component of Sustainability and Competitiveness

Intangible Value Creation

TREND 04 | DATA ARCHITECTURE

Use blockchain technology to turn unique intellectual property into saleable digital products. Provide governance around marketplaces where sales are made.

Emerging technologies:
Blockchain, Distributed Ledger Technology, Virtual Environments

Introduction

Decentralized technologies are propelling the digital economy.

As the COVID-19 pandemic has accelerated our shift into virtual social and economic systems, blockchain technology poses a new technological frontier – further disrupting digital interactions and value creation by providing a modification of data without relying on third parties. New blockchain software developments are being used to redefine how central banks distribute currency and to track provenance for scarce digital assets.

Tokenizing the blockchain

Non-fungible tokens (NFTs) are distinct cryptographic tokens created from blockchain technology. The rarity systems in NFTs are redefining digital ownership and being used to drive creator-centric communities.

Not crypto-currency, central currency

Central Bank Digital Currencies (CBDC) combine the same architecture of cryptocurrencies built on blockchain with the financial authority of a central bank. These currencies are not decentralized because they are controlled by a central authority, rather they are distributed systems. (Decrypt, 2021)

80% of banks are working on a digital currency. (Atlantic Council, 2021)

Brands that launched NFTs

NBA, NFL, Formula 1, Nike, Stella Artois, Coca-Cola, Mattel, Dolce & Gabbana, Ubisoft, Charmin

Banks that launched digital currencies

The Bahamas, Saint Kitts and Nevis, Antigua and Barbuda, Saint Lucia, Grenada

Signals

ID on the blockchain

Blockchains can contain smart contracts that automatically execute given specific conditions, protecting stakeholders involved in a transaction. These have been used by central banks to automate when and how currency can be spent and by NFT platforms to attribute a unique identity to a digital asset. Automation and identity verification are the most highly valued digital capabilities of IT practitioners.

$69.3 million – The world’s most expensive NFT artwork sale, for Beeple’s “Everydays: The First 5,000 Days” (The New York Times, Mar. 2021)

Digital capabilities that provide high value to the organization

(Info-Tech Tech Trends 2022 Survey)

Drivers

Financial autonomy

Central banks view cryptocurrencies as "working against the public good" and want to maintain control over their financial system to maintain the integrity of payments and provide financial crime oversight and protections against money laundering. (Board of Governors of the Federal Reserve System, 2021)

Bitcoin energy requirements and greenhouse gas emissions

Annual energy consumption of the Bitcoin blockchain in China is estimated to peak in 2024 at 297 TwH and generate 130.5 million metric tons of carbon emissions. That would exceed the annual GHG of the Czech Republic and Qatar and rank in the top 10 among 182 cities and 42 industrial sectors in China. This is motiving cryptocurrency developers and central banks to move away from the energy-intensive "Proof of Work" mining approach and towards the "Proof of Stake" approach. (Nature Communications, 2021)

Digital communities

During the pandemic, people spent more time exploring digital spaces and interacting in digital communities. Asset ownership within those communities is a way for individuals to show their own personal investment in the community and achieve a status that often comes with additional privileges. The digital assets can also be viewed as an investment vehicle or to gain access to exclusive experiences.

“The pillars of the music economy have always been based on three things that the artist has never had full control of. The idea of distribution is freed up. The way we are going to connect to fans in this direct to fan value prop is very interesting. The fact we can monetize it, and that money exchange, that transaction is immediate. And on a platform like S!NG we legitimately have a platform to community build…. Artists are getting a superpower.” (Raine Maida, Chief Product Officer, S!NG Singer, Our Lady Peace)

Listen to the Tech Insights podcast: Raine Maida's startup is an NFT app for music

Case Study

Situation

Artists can create works and distribute them to a wide audience more easily than ever with the internet. Publishing a drawing or a song to a website allows it to be infinitely copied. Creators can use social media accounts and digital advertisements to build up a fan base for their work and monetize it through sales or premium-access subscriber schemes.

Complication

The internet's capacity for frictionless distribution is a boon and a burden for artists at the same time. Protecting copyright in a digital environment is difficult because there is no way to track a song or a picture back to its creator. This devalues the work because it can be freely exchanged by users.

Resolution

S!NG allows creators to mint their works with a digital token that stamps its origin to the file and tracks provenance as it is reused and adapted into other works. It uses the ERC 721 standard on the Ethereum blockchain to create its NFT tokens. They are portable files that the user can create for free on the S!NG platform and are interoperable with other digital token platforms. This enables a collaboration utility by reducing friction in using other people's works while giving proper attribution. Musicians can create mix tracks using the samples of others’ work easily and benefit from a smart-contract-based revenue structure that returns money to creators when sales are made. (Interview with Geoff Osler and Raine Maida, S!NG Executives)

Risks and Benefits

Benefits

Risks

What's Next

Into the Metaverse:

Digital tokens are finding new utility in virtual environments known as the Metaverse. Decentraland is an example of a virtual reality environment that can be accessed via a web browser. Based on the Ethereum blockchain, it's seen sales of virtual land plots for hundreds of thousands of dollars. Sotheby's is one buyer, building a digital replica of its New Bond Street gallery in London, complete with commissionaire Hans Lomuldur in avatar form to greet visitors. The gallery will showcase and sell Sotheby's digital artworks. (Artnet News, 2021)

Bitcoin as legal tender:

El Salvador became the first country in the world to make Bitcoin legal tender in September 2021. The government intended for this to help citizens avoid remittance fees when receiving money sent from abroad and to provide a way for citizens without bank accounts to receive payments. Digital wallet Chivo launched with technical glitches and in October a loophole that allowed “price scalping” had to be removed to stop speculators from using the app to trade for profit. El Salvador’s experiment will influence whether other countries consider using Bitcoin as legal tender. (New Scientist, 2021)

Uncertainties

Stolen goods at the mint:

William Shatner complained that Twitter account @tokenizedtweets had taken his content without permission and minted tokens for sale. In doing so, he pointed out there’s no guarantee a minted digital asset is linked to the creator of the attached intellectual property.

Decentralized vs. distributed finance:

Will blockchain-based markets be controlled by a single platform operator or become truly open? For example, Dapper Labs centralizes the minting of NFTs on its Flow blockchain and controls sales through its markets. OpenSea allows NFTs minted elsewhere to be brought to the platform and sold.

Supply and demand:

Platforms need to improve the reliability of minting technology to create tokens in the future. Ethereum's network is facing more demand than it can keep up with and requires future upgrades to improve its efficiency. Other platforms that support minting tokens are also awaiting upgrades to be fully functional or have seen limited NFT projects launched on their platform.

Intangible Value Creation Scenarios

Determine your organization’s strategy by considering the different scenarios based on two main factors. The design decisions are made around whether digital assets are decentralized or distributed and whether the assets facilitate transactions or collections.

Recommendations

Determine your role in the digital asset ecosystem.

• Becoming a platform provider for digital tokens will require a minting capability to create blockchain-based assets and a marketplace for users to exchange them.
• Issuing digital tokens to a platform through a sale will require making partnerships and marketing.
• Investing in digital assets will require management of digital wallets and subject-matter expert analysis of the emerging markets.

Track the implications of digital currencies.

Track what your country’s central bank is planning for digital currency and determine if you’ll need to prepare to support it. Be informed about payment partner support for cryptocurrency and consider any complications that may introduce.

$1 billion+ – The amount of cryptocurrency spent by consumers globally through crypto-linked Visa cards in first half of 2021. (CNBC, July 2021)

Info-Tech Resources

• Demystify Blockchain: How Can It Bring Value to Your Organization?
• The Obvious Case: Blockchain in Financial Services
• Build a Platform-Based Organization

Automation as a Service

TREND 05 | INNOVATION

Automate business processes and access new sophisticated technology services through platform integration.

Emerging technologies:
Cloud platforms, APIs, Generative AI

Introduction

The glue for innovation

Rapidly constructing a business model that is ready to compete in a digital economy requires continuous innovation. Application programming interfaces (APIs) can accelerate innovation by unlocking marketplaces of ready-to-use solutions to business problems and automating manual tasks to make more time for creativity. APIs facilitate a microarchitecture approach and make it possible to call upon a new capability with a few lines of code. This is not a new tool, as the first API was specified in 1951, but there were significant advances of both scale and capability in this area in 2021.

In the past 18 months, API adoption has exploded and even industries previously considered as digital laggards are now integrating them to reinvent back-office processes. Technology platforms specializing in API management are attracting record-breaking investment. And sophisticated technology services such as artificial intelligence are being delivered by APIs.

APIs can play a role in every company’s digital strategy, from transforming back-office processes to creating revenue as part of a platform.

$500,000 was invested in API companies in 2016. (Forbes, May 2021)

$2,000,000,000+ was invested in API companies in 2020. (Forbes, May 2021)

69% of IT practitioners say digital transformation has been a high priority for their organization during the pandemic. (Info-Tech Tech Trends 2022 Survey)

51% of developers used more APIs in 2020 than in 2019. (InsideHPC, 2021)

71% of developers planned to use even more APIs in 2021. (InsideHPC, 2021)

Signals

IT practitioners indicate that digital transformation was a strong focus for their organization during the pandemic and will remain so during the period afterwards, and one-third say their organizations were “extremely focused” on digital transformation.

When it came to shifting processes from being done manually to being completed digitally, more than half of IT practitioners say they shifted at least 21% of their processes during the past year. More than one in five say that at least 60% of their processes were shifted from manual to digital in the past year.

3.5 trillion calls were performed on API management platform Apigee, representing a 50% increase year over year. (SiliconANGLE, 2021)

Processes shifted from manual to digital in the past year

Drivers

Covid-19

The pandemic lockdowns pushed everyone into a remote-work scenario. With in-person interaction not an option, even more traditional businesses had to adapt to digital processes.

Customer Expectations

The success of digital services in the consumer space is causing expectations to rise in other areas, such as professional services. Consumers now want their health records to be portable and they want to pay their lawyer through e-transfer, not by writing a cheque. (Interview with Mik Lernout)

Standardization

Technology laggard industries such as legal and healthcare are recognizing the pain of working with siloed systems. New standardization efforts are driving the adoption of open APIs at a rapid rate. (Interview with Jennifer Jones, Research Director – Industry, Info-Tech Research Group)

Risks and Benefits

Benefits

Risks

“When we think about what the pandemic did, we had this internal project called 'back to the future.' It kind of put the legal industry in a time machine and it kind of accelerated the legal industry 5, maybe even 10 years. A lot of the things we saw with the innovators became table stakes.” (Mik Lernout, Vice President of Product, Clio)

Listen to the Tech Insights podcast: Clio drives digital transformation to redefine the legal industry

Case Study

Situation

The COVID-19 pandemic required the legal industry to shift to remote work. A typically change-resistant industry was now holding court hearings over videoconference, taking online payments, and collecting e-signatures on contracts. For Clio, a software-as-a-service software vendor that serves the legal industry, its client base grew and its usage increased. It previously focused on the innovators in the legal industry, but now it noticed laggards were going digital too.

Complication

Law firms have very different needs depending on their legal practice area (e.g. family law, corporate law, or personal injury) and what jurisdiction they operate in.

Clients are also demanding more from their lawyers in terms of service experience. They don't want to travel to the law office to drop off a check but expect digital interactions on par with service they receive in other areas.

Resolution

Since its inception, Clio built its software product so that all of its functions could be called upon by an API as well. It describes its platform as the "operating system for the legal industry." Its API functions include capabilities like managing activities, billing, and contracts. External developers can submit applications to the Clio Marketplace to add new functionality. Its platform approach enables it to find solutions for its 150,000+ users. During the pandemic, Clio saw its customers rely on its APIs more than ever before. It expects this accelerated adoption to be the way of working in the future. (ProgrammableWeb, 2021; Interview with Mik Lernout)

What's Next

GOOGLE’S API-FIRST APPROACH:

Google is expanding its Apigee API management platform so enterprises will be able to connect existing data and applications and access them via APIs. It's part of Google's API-first approach to digital transformation, helping enterprises with their integration challenges. The new release includes tools and a framework that's needed to integrate services in this way and includes pre-built connectors for common business apps and services such as Salesforce, Cloud SQL, MySQL, and BigQuery. (SiliconANGLE, 2021)

Uncertainties

API SECURITY:

APIs represent another potential vulnerability for hackers to exploit and the rise in popularity has come with more security incidents. Companies using APIs have leaked data through APIs, with one research report on the state of API security finding that 91% of organizations have suffered an API security incident. Yet more than a quarter of firms running production APIs don’t have an API security strategy. (VentureBeat, 2021)

For low IT maturity organizations moving onto platforms that introduce API capabilities, education is required about the consequences of creating more integrations. Platforms must bear some responsibility for monitoring for irregular activity. (Interview with Mik Lernout)

Automation as a Service Scenarios

Determine your organization’s platform strategy from the basis of your digital maturity – from that of a laggard to a native – and whether it involves monetized APIs vs. freely available public APIs. A strategy can include both the consumption of APIs and the creation of them.

Recommendations

Leverage APIs to connect your systems. Create a repeatable process to improve the quality, reusability, and governance of your web APIs.

Transform your business model with digital platforms. Use the best practices of digital native enterprises and leverage your core assets to compete in a digital economy.

Deliver sophisticated new capabilities with APIs. Develop an awareness of new services made available through API integration, such as artificial intelligence, and take advantage of them.

4.5 billion words per day generated by the OpenAI natural language API GPT-3, just nine months after launch. (OpenAI, 2021)

Info-Tech Resources

• Develop APIs That Work Properly for the Organization
• Build a Data Integration Strategy
• Design Data-as-a-Service

Behind the design

Inspiration provided by the golden ratio

The golden ratio has long fascinated humans for its common occurrence in nature and inspired artists who adopted its proportions as a guiding principle for their creations. A new discovery of the golden ratio in economic cycles was published in August 2021 by Bert de Groot, et al. As the boundaries of value creation blur between physical and digital and the pace of change accelerates, these digital innovations may change our lives in many ways. But they are still bound by the context of the structure of the economy. Hear more about this surprising finding from de Groot and from this report’s designer by listening to our podcast. (Technological Forecasting and Social Change, 2021)

“Everything happening will adapt itself into the next cycle, and that cycle is one phi distance away.” (Bert de Groot, professor of economics at Erasmus University Rotterdam)

Listen to the Tech Insights podcast: New discovery of the golden ratio in the economy

Contributing Experts

Vijay Sundaram Chief Strategy Officer, Zoho		Jason Brommet Head of Modern Work and Security Business Group, Microsoft
Steve Orrin Federal Chief Technology Officer, Intel		Wade Barnes CEO and Founder, Farmers Edge

Contributing Experts

Raine Maida Chief Product Officer, S!NG Singer, Our Lady Peace		Geoff Osler CEO, S!NG
Mik Lernout Vice President of Product, Clio		Bert de Groot Professor of Economics, Erasmus University Rotterdam

Bibliography – Enabling the Digital Economy

“2021 Canada Dealer Financing Satisfaction Study.” J.D. Power, 13 May 2021. Accessed 27 May 2021.

Brown, Sara. “The CIO Role Is Changing. Here’s What’s on the Horizon.” MIT Sloan, 2 Aug. 2021. Accessed 16 Aug. 2021.

de Groot, E. A., et al. “Disentangling the Enigma of Multi-Structured Economic Cycles - A New Appearance of the Golden Ratio.” Technological Forecasting and Social Change, vol. 169, Aug. 2021, pp. 120793. ScienceDirect, https://doi.org/10.1016/j.techfore.2021.120793.

Hatem, Louise, Daniel Ker, and John Mitchell. “Roadmap toward a common framework for measuring the Digital Economy.” Report for the G20 Digital Economy Task Force, OECD, 2020. Accessed 19 Oct. 2021.

LaBerge, Laura, et al. “How COVID-19 has pushed companies over the technology tipping point—and transformed business forever.” McKinsey, 5 Oct. 2020. Accessed 14 June 2021.

Pomeroy, James. The booming digital economy. HSBC, Sept. 2020. Web.

Salman, Syed. “Digital Transformation Realized Through COBIT 2019.” ISACA, 13 Oct. 2020. Accessed 25 Oct. 2021.

Bibliography – Hybrid Collaboration

De Smet, Aaron, et al. “Getting Real about Hybrid Work.” McKinsey Quarterly, 9 July 2021. Web.

Herskowitz, Nicole. “Brace Yourselves: Hybrid Work Is Hard. Here’s How Microsoft Teams and Office 365 Can Help.” Microsoft 365 Blog, 9 Sept. 2021. Web.

Melin, Anders, and Misyrlena Egkolfopoulou. “Employees Are Quitting Instead of Giving Up Working From Home.” Bloomberg, 1 June 2021. Web.

Spataro, Jared. “Microsoft and LinkedIn Share Latest Data and Innovation for Hybrid Work.” The Official Microsoft Blog, 9 Sept. 2021. Web.

Subin, Samantha. “The new negotiation over job benefits and perks in post-Covid hybrid work.” CNBC, 23 Apr. 2021. Web.

Torres, Roberto. “How to Sidestep Overspend as Hybrid Work Tests IT.” CIO Dive, 26 July 2021. Accessed 16 Sept. 2021.

Wong, Christine. “How the hybrid workplace will affect IT spending.” ExpertIP, 15 July 2021. Web.

Yang, Longqi, et al. “The Effects of Remote Work on Collaboration among Information Workers.” Nature Human Behaviour, Sept. 2021, pp. 1-12. Springer Nature, https://doi.org/10.1038/s41562-021-01196-4.

Bibliography – Battle Against Ransomware

Berg, Leandro. “RTF Report: Combatting Ransomware.” Institute for Security and Technology (IST), 2021. Accessed 21 Sept. 2021.

Dudley, Renee. “The Extortion Economy: How Insurance Companies Are Fueling a Rise in Ransomware Attacks.” ProPublica, 27 Aug. 2019. Accessed 22 Sept. 2021.

Durbin, Steve. “Council Post: Artificial Intelligence: The Future Of Cybersecurity?” Forbes, 23 Sept. 2021. Accessed 21 Oct. 2021.

“FACT SHEET: Ongoing Public U.S. Efforts to Counter Ransomware.” The White House, 13 Oct. 2021. Web.

Jeffery, Lynsey, and Vignesh Ramachandran. “Why ransomware attacks are on the rise — and what can be done to stop them.” PBS NewsHour, 8 July 2021. Web.

McBride, Timothy, et al. Data Integrity: Recovering from Ransomware and Other Destructive Events. NIST Special Publication (SP) 1800-11, National Institute of Standards and Technology, 22 Sept. 2020. NIST Computer Security Resource Center (CSRC), https://doi.org/10.6028/NIST.SP.1800-11.

Mehrotra, Karitkay, and Jennifer Jacobs. “Crypto Channels Targeted in Biden’s Fight Against Ransomware.” BNN Bloomberg, 21 Sept. 2021. Web.

Sharma, Mayank. “Hackers demand $70m ransom after executing massive Solar Winds-like attack.” TechRadar, 5 July 2021. Web.

“Unhacked: 121 Tools against Ransomware on a Single Website.” Europol, 26 July 2021. Web.

Bibliography – Carbon Metrics in Energy 4.0

“The A List 2020.” CDP, 2021. Web.

Baazil, Diedrik, Hugo Miller, and Laura Hurst. “Shell loses climate case that may set precedent for big oil.” Australian Financial Review, 27 May 2021. Web.

“BlackRock’s 2020 Carbon Footprint.” BlackRock, 2020. Accessed 25 May 2021.

“CDP Media Factsheet.” CDP, n.d. Accessed 25 May 2021.

Glaser, April, and Leticia Miranda. “Amazon workers demand end to pollution hitting people of color hardest.” NBC News, 24 May 2021. Accessed 25 May 2021.

Little, Mark. “Why Canada should be the home of the new global sustainability standards board.” Business Council of Canada, 1 Oct. 2021. Accessed 22 Oct. 2021.

McIntyre, Catherine. “Canada vying for global headquarters to oversee sustainable-finance standards.” The Logic, 22 July 2021. Web.

“Net Zero Scorecard.” Energy & Climate Intelligence Unit, 2021. Accessed 25 May 2021.

Sayer, Peter. “Greenhouse gas emissions: The next big issue for CIOs.” CIO, 13 Oct. 2021. Web.

“Scope 1 and Scope 2 Inventory Guidance.” US EPA, OAR. 14 Dec. 2020. Web.

Sorkin, Andrew Ross. “BlackRock C.E.O. Larry Fink: Climate Crisis Will Reshape Finance.” The New York Times, 14 Jan. 2020. Web.

“Sustainable IT Pledge.” CIO Strategy Council, 2021. Accessed 22 Oct. 2021.

Bibliography – Intangible Value Creation

Areddy, James T. “China Creates Its Own Digital Currency, a First for Major Economy.” Wall Street Journal, 5 Apr. 2021. Web.

Boar, Codruta, et al. Impending arrival - a sequel to the survey on central bank digital currency. BIS Papers No 107, Jan. 2020. Web.

Brainard, Lael. “Speech by Governor Brainard on Private Money and Central Bank Money as Payments Go Digital: An Update on CBDCs.” Board of Governors of the Federal Reserve System, 24 May 2021. Accessed 28 May 2021.

Howcroft, Elizabeth, and Ritvik Carvalho. “How a 10-second video clip sold for $6.6 million.” Reuters, 1 Mar. 2021. Web.

“Central Bank Digital Currency Tracker.” Atlantic Council, 2021. Accessed 10 Sept. 2021.

“Expert Comment From Warwick Business School: Problems With El Salvador’s Bitcoin Experiment Are Unsurprising.” Mondo Visione, 8 Sept. 2021. Accessed 10 Sept. 2021.

Goldstein, Caroline. “In Its Ongoing Bid to Draw Crypto-Collectors, Sotheby’s Unveils a Replica of Its London H.Q. in the Blockchain World Decentraland.” Artnet News, 7 June 2021. Web.

Hamacher, Adriana. “Taco Bell to Charmin: 10 Big Brands Jumping On The NFT Bandwagon.” Decrypt, 22 Mar. 2021. Web.

Hazan, Eric, et al. “Getting tangible about intangibles: The future of growth and productivity?” McKinsey. 16 June 2021. Web.

Bibliography – Intangible Value Creation

Herrera, Pedro. “Dapp Industry Report: Q3 2021 Overview.” DappRadar, 1 Oct. 2021. Web.

Holland, Frank. “Visa Says Crypto-Linked Card Usage Tops $1 Billion in First Half of 2021.” CNBC, 7 July 2021. Web.

Jiang, Shangrong, et al. “Policy Assessments for the Carbon Emission Flows and Sustainability of Bitcoin Blockchain Operation in China.” Nature Communications, vol. 12, no. 1, Apr. 2021, p. 1938. Springer Nature, https://doi.org/10.1038/s41467-021-22256-3.

Reyburn, Scott. “JPG File Sells for $69 Million, as ‘NFT Mania’ Gathers Pace.” The New York Times, 11 Mar. 2021. Web.

Taylor, Luke. “Bitcoin: El Salvador’s Cryptocurrency Gamble Hit by Trading Loophole.” New Scientist, 25 Oct. 2021. Web.

Bibliography – Automation as a Service

Belsky, Scott. “The Furry Lisa, CryptoArt, & The New Economy Of Digital Creativity.” Medium, 21 Feb. 2021. Web.

Culbertson, Joy. “10 Top Law APIs.” ProgrammableWeb, 14 Feb. 2021. Web.

Caballar, Rina Diane. “Programming by Voice May Be the Next Frontier in Software Development - IEEE Spectrum.” IEEE Spectrum: Technology, Engineering, and Science News, 22 Mar 2021. Accessed 23 Mar. 2021.

Gonsalves, Chris. “The Problem with APIs.” VentureBeat, 7 May 2021. Web.

Graca, Joao. “Council Post: How APIs Are Democratizing Access To AI (And Where They Hit Their Limits).” Forbes, 24 Sept 2021. Accessed 28 Sept. 2021.

Harris, Tony. “What is the API Economy?” API Blog: Everything You Need to Know, 4 May 2021. Web.

Kitsing, Meelis. Scenarios for Digital Platform Ecosystems, 2020, pp. 453-57. ResearchGate, https://doi.org/10.1109/ICCCS49078.2020.9118571.

Pilipiszyn, Ashley. “GPT-3 Powers the Next Generation of Apps.” OpenAI, 25 Mar. 2021. Web.

Rethans, John. “So You Want to Monetize Your APIs?” APIs and Digital Transformation, 29 June 2018. Web.

Bibliography – Automation as a Service

Salyer, Patrick. “API Stack: The Billion Dollar Opportunities Redefining Infrastructure, Services & Platforms.” Forbes, 4 May 2021. Accessed 27 Oct. 2021.

staff. “RapidAPI Raises $60M for Expansion of API Platform.” InsideHPC, 21 Apr. 2021. Web.

Taulli, Tom. “API Economy: Is It The Next Big Thing?” Forbes, 18 Jan. 2021. Accessed 5 May 2021.

Warren, Zach. “Clio Taking 2021 Cloud Conference Virtual, Announces New Mission Among Other News.” Legaltech News, 11 Mar. 2021. Web.

Wheatley, Mike. “Google Announces API-First Approach to Application Data Integration with Apigee.” SiliconANGLE, 28 Sept. 2021. Web.

About the research

Tech trends survey

As part of its research process for the 2022 Tech Trends Report, Info-Tech Research Group conducted an open online survey among its membership and wider community of professionals. The survey was fielded from August 2021 to September 2021, collecting 475 responses.

The underlying metrics are diverse, capturing 14 countries and regions and 16 Industries.

Industry

Department

Role

IT Spend

Respondents on average spent 35 million per year on their IT budget.

Accounting for the outlier responses – the median spend sits closer to 4.5 million per year. The highest spend on IT was within the Government, Healthcare, and Retail & Wholesale sectors.

Data and Analytics Trends Report 2023

SOONER OR LATER, YOU WILL BE IN THE DATA BUSINESS!

Nine Data Trends for 2023

In this report, we explore nine data use cases for emerging technologies that can improve on capabilities needed to compete in the data-driven economy. Use cases combine emerging data trends and modernization of existing capabilities.

1. VOLUME
   • Data Gravity
2. VELOCITY

• Democratizing Real-Time Data

• Augmented Data Management

• Identity Authenticity

• Data Monetization

• Adaptive Data Governance

• AI-Driven Storytelling & Augmented Analytics

• Data Marketplace

• DevOps – DataOps – XOps

VOLUME

Data Gravity

Trend 01 Demand for storage and bandwidth continues to grow

When organizations begin to prioritize data, they first consider the sheer volume of data, which will influence data system design. Your data systems must consider the existing and growing volume of data by assessing industry initiatives such as digital transformation, Industry 4.0, IoT, consumer digital footprint, etc.

VOLUME

Data Gravity

Data attracts more data and an ecosystem of applications and services

SharePoint, OneDrive, Google Drive, and Dropbox offer APIs and integration opportunities for developers to enhance their products.

Social media platforms thought about this early by allowing for an ecosystem of filters, apps, games, and effects that engage their users with little to no additional effort from internal resources.

VOLUME

Data Gravity

Focus on data gravity and avoid cloud repatriation

Data gravity is the tendency of data to attract applications, services, and other data. A growing number of cloud migration decisions will be made based on the data gravity concept. It will become increasingly important in data strategies, with failure potentially resulting in costly cloud repatriations.

Emerging technologies and capabilities:

Data Lakehouse, Data Mesh, Data Fabric, Hybrid Data, Cloud Data, Edge Computing

Source: CIO, 2022

VOLUME

Data Gravity

What worked for terabytes is ineffective for petabytes

When compared to on-premises infrastructure, cloud computing is less expensive and easier to implement. However, poor data replication and data gravity can significantly increase cloud costs to the point of failure. Data gravity will help organizations make better cloud migration decisions.

It is also critical to recognize changes in the industry landscape. The goal of data processing and analytics is to generate the right data for users to act on. In most cases, the user is a human being, but in the case of autonomous driving (AD), the car takes on the role of the user (DXC Technology).

To avoid cloud repatriation, it will become prudent for all organizations to consider data gravity and the timing of cloud migration.

VELOCITY

Democratizing Real-Time Data

Trend 02 Real-time analytics presents an important differentiator

The velocity element of data can be assessed from two standpoints: the speed at which data is being generated and how fast the organization needs to respond to the incoming information through capture, analysis, and use. Traditionally data was processed in a batch format (all at once or in incremental nightly data loads). There is a growing demand to process data continuously using streaming data-processing techniques.

Emerging technologies and capabilities:

Edge Computing

VELOCITY

Democratizing Real-Time Data

Make data accessible to everyone in real time

• 90% of an organization’s data is replicated or redundant.
• Build API and web services that allow for live access to data.
• Most social media platforms, like Twitter and Facebook, have APIs that offer access to incredible amounts of data and insights.

VELOCITY

Democratizing Real-Time Data

Trend in Data Velocity

Data democratization means data is widely accessible to all stakeholders without bottlenecks or barriers. Success in data democratization comes with ubiquitous real-time analytics. Google highlights a need to address democratization in two different frames:

1. Democratizing stream analytics for all businesses to ensure real-time data at the company level.
2. Democratizing stream analytics for all personas and the ability of all users to generate real-time insights.

Emerging technologies and capabilities:

Data Lakehouse, Streaming API Ecosystem, Industry 4.0, Zero-Copy Cloning

Nearly 70% of all new vehicles globally will be connected to the internet by 2023.

Source: “Connected light-duty vehicles,” Statista, 2022

VELOCITY

Democratizing Real-Time Data

Enable real-time processing with API

In the past, data democratization has largely translated into a free data set and open data portals. This has allowed the government to freely share data with the public. Also, the data science community has embraced the availability of large data sets such as weather data, stock data, etc. In the future, more focus will be on the combination of IoT and steaming analytics, which will provide better responsiveness and agility.

Many researchers, media companies, and organizations now have easy access to the Twitter/Facebook API platform to study various aspects of human behavior and sentiments. Large technology companies have already democratized their data using real-time APIs.

Thousands of sources for open data are available at your local municipalities alone.

6G will push Wi-Fi connectivity to 1 terabyte per second! This is expected to become commercially available by 2030.

VARIETY

Augmented Data Management

Trend 03 Need to manage unstructured data

The variety of data types is increasingly diverse. Structured data often comes from relational databases, while unstructured data comes from several sources such as photos, video, text documents, cell phones, etc. The variety of data is where technology can drive business value. However, unstructured data also poses a risk, especially for external data.

VARIETY

Augmented Data Management

Employ AI to automate data management

New tools will enhance many aspects of data management:

• Data preparation, integration, cataloging, and quality
• Metadata management
• Master data management

Enabling AI-assisted decision-making tools

VARIETY

Augmented Data Management

Trend in Data Variety

Augmented data management will enhance or automate data management capabilities by leveraging AI and related advanced techniques. It is quite possible to leverage existing data management tools and techniques, but most experts have recognized that more work and advanced patterns are needed to solve many complex data problems.

Emerging technologies and capabilities:

Data Factory, Data Mesh, Data Fabric, Artificial Intelligence, Machine Learning

VARIETY

Augmented Data Management

Data Fabric vs. Data Mesh: The Data Journey continues at an accelerated pace

More Unstructured Data

95% of businesses cite the need to manage unstructured data as a problem for their business.

VERACITY

Identity Authenticity

Trend 04 Veracity of data is a true test of your data capabilities

Data veracity is defined as the accuracy or truthfulness of a data set. More and more data is created in semi-structured and unstructured formats and originates from largely uncontrolled sources (e.g. social media platforms, external sources). The reliability and quality of the data being integrated should be a top concern. The veracity of data is imperative when looking to use data for predictive purposes. For example, energy companies rely heavily on weather patterns to optimize their service outputs, but weather patterns have an element of unpredictability.

VERACITY

Identity Authenticity

Veracity of data is a true test of your data capabilities

• Stop creating your own identity architectures and instead integrate a tried-and-true platform.
• Aim for a single source of truth for digital identity.
• Establish data governance that can withstand scrutiny.
• Imagine a day in the future where verified accounts on social media platforms are available.
• Zero-trust architecture should be used.

VERACITY

Identity Authenticity

Trend in Data Veracity

Veracity is a concept deeply linked to identity. As the value of the data increases, a greater degree of veracity is required: We must provide more proof to open a bank account than to make friends on Facebook. As a result, there is more trust in bank data than in Facebook data. There is also a growing need to protect marginalized communities.

Emerging technologies and capabilities:

Zero Trust, Blockchain, Data Governance, IoT, Cybersecurity

VERACITY

Identity Authenticity

The identity discussion is no longer limited to people or organizations. The development of new technologies, such as the IoT phenomenon, will lead to an explosion of objects, from refrigerators to shipping containers, coming online as well. If all these entities start communicating with each other, standards will be needed to establish who or what they are.

The IoT market is expected to grow 18% to 14.4 billion in 2022 and 27 billion by 2025.

Source: IoT Analytics, 2022

VALUE

Data Monetization

Trend 05 Not Many organization know the true value of their data

Data can be valuable if used effectively or dangerous if mishandled. The rise of the data economy has created significant opportunities but also has its challenges. It has become urgent to understand the value of data, which may vary for stakeholders based on their business model and strategy. Organizations first need to understand ownership of their data by establishing a data strategy, then they must improve data maturity by developing a deeper understanding of data value.

VALUE

Data Monetization

Start developing your data business

• Blockbuster ran its business well, but Netflix transformed the video rental industry overnight!
• Big players with data are catching up fast.
• You don’t have to be a giant to monetize data.
• Data monetization is probably closer than you think.
• You simply need to find it, catalog it, and deliver it.

VALUE

Data Monetization

Trend in Data Value

Data monetization is the transformation of data into financial value. However, this does not imply selling data alone. Monetary value is produced by using data to improve and upgrade existing and new products and services. Data monetization demands an organization-wide strategy for value development.

Emerging technologies and capabilities:

Data Strategy, Data Monetization Strategy, Data Products

Netflix uses big data to save $1 billion per year on customer retention.

Source: Logidots, 2021

VALUE

Data Monetization

Data is a strategic asset

Data is beyond currency, assets, or commodities and needs to be a category
of its own.

• Data always outlives people, processes, and technology. They all come and go while data remains.
• Oil is a limited resource. Data is not. Unlike oil, data is likely to grow over time.
• Data is likely to outlast all other current popular financial instruments, including currency, assets, or commodities.
• Data is used internally and externally and can easily be replicated or combined.

Data monetization is currently in the speculative territory, which is unacceptable. It should instead be guided by sound data management theory.

VIRTUE

Adaptive Data Governance

Trend 06 Five Core Virtues: Resilience, Humility, Grit, Liberal Education, Empathy (Forbes, 2020)

We have become more and more dependent on data, analytics, and organizational protection policies. Data virtue is about leveraging data securely and ethically. This topic has become more critical with the advent of GDPR, the right to be forgotten, and related regulations. Data governance, which seeks to establish an oversight framework that manages the creation, acquisition, integrity, security, compliance, and quality of data, is essential for any organization that makes decisions about data.

VIRTUE

Adaptive Data Governance

Encourage noninvasive and automated data governance

• Data governance affects the entire organization, not just data.
• The old model for data governance was slow and clumsy.
• Adaptive data governance encourages faster decision making and a more collaborative approach to governance.
• Agile data governance allows for faster and more flexible decision making.
• Automated data governance will simplify execution across the organization.
• It is great for compliance, quality, impact tracking, and cross-referencing and offers independence to data users.

VIRTUE

Adaptive Data Governance

Trend in Data Virtue

Adaptive data governance encourages a flexible approach that allows an organization to employ multiple data governance strategies depending on changing business situations. The other aspect of adaptive data governance is moving away from manual (and often slow) data governance and toward aggressive automation.

Emerging technologies and capabilities:

AI-Powered Data Catalog and Metadata Management,
Automated Data Policy Enforcement

VIRTUE

Data Governance Automation

Simple and easy Data Governance

Tools are not the ultimate answer to implementing data governance. You will still need to secure stakeholders' buy-in and engagement in the data process. Data governance automation should be about simplifying the execution of roles and responsibilities.

“When you can see where your data governance strategy can be improved, it’s time to put in place automation that help to streamline processes.”

Source: Nintex, 2021

VISUALIZATION

AI-Driven Storytelling & Augmented Analytics

Trend 07 Automated and augmented data storytelling is not that far away

Today, data storytelling is led by the user. It’s the manual practice of combining narrative with data to deliver insights in a compelling form to assist decision makers in engaging with data and analytics. A story backed by data is more easily consumed and understood than a dashboard, which can be overwhelming. However, manual data storytelling has some major shortcomings.

Problem # 1: Telling stories on more than just the insights noticed by people

Problem # 2: Poor data literacy and the limitations of manual self-service

Problem # 3: Scaling data storytelling across the business

VISUALIZATION

AI-Driven Storytelling & Augmented Analytics

Use AI to enhance data storytelling

• Tableau, Power BI, and many other applications already use
  AI-driven analytics.
• Power BI and SharePoint can use AI to generate visuals for any SharePoint list in a matter of seconds.

VISUALIZATION

AI-Driven Storytelling & Augmented Analytics

Trend in Data Visualization

AI and natural language processing will drive future visualization and data storytelling. These tools and techniques are improving rapidly and are now designed in a streamlined way to guide people in understanding what their data means and how to act on it instead of expecting them to do self-service analysis with dashboards and charts and know what to do next. Ultimately, being able to understand how to translate emotion, tropes, personal interpretation, and experience and how to tell what’s most relevant to each user is the next frontier for augmented and automated analytics

Emerging technologies and capabilities:

AI-Powered Data Catalog and Metadata Management,
Automated Data Policy Enforcement

VISUALIZATION

Data Storytelling

Augmented data storytelling is not that far away

Emotions are a cornerstone of human intelligence and decision making. Mastering the art of storytelling is not easy.

Industry experts predict the combination of data storytelling with augmented and automated techniques; these capabilities are more than capable of generating and automating parts of a data story’s creation for end users.

The next challenge for AI is translating emotion, tropes, personal interpretation, and experience into what is most essential to end users.

Source: Yellowfin, 2021

VIRALITY

Data Marketplace

Trend 08 Missing data marketplace

Data virality measures data spread and popularity. However, for data virality to occur, an ecosystem comparable to that of traditional or modern digital marketplaces is required. Organizations must reevaluate their data strategies to ensure investment in appropriate data domains by understanding data virality. Data virality is the exact opposite of dark data.

Dark data is “all the information companies collect in their regular business processes, don’t use, have no plans to use, but will never throw out.”

Source: Forbes, 2019

VIRALITY

Data Marketplace

Make data easily accessible

• Making data accessible to a broader audience is the key to successful virality.
• Data marketplaces provide a location for you to make your data public.
• Why do this? Contributing to public data marketplaces builds credibility, just like contributing to public GitHub projects.
• Big players like Microsoft, Amazon, and Snowflake already do this!
• Snowflake introduced zero-copy cloning, which allows users to interact with source data without compromising the integrity of the original source.

VIRALITY

Data Marketplace

Trend in Data Virality

The data marketplace can be defined as a dynamic marketplace where users decide what has the most value. Companies can gauge which data is most popular based on usage and decide where to invest. Users can shop for data products within the marketplace and then join these products with other ones they’ve created to launch truly powerful data-driven projects.

Emerging technologies and capabilities:

AI-Powered Data Catalog and Metadata Management,
Automated Data Policy Enforcement

“Data is like garbage. You’d better know what you are going to do with it before you collect it.”

– Mark Twain

VIRALITY

Data Marketplace

Journey from siloed data platforms to dynamic data marketplaces

Data remains a complex topic due to many missing foundational components and infrastructure. Interoperability, security, quality, discoverability, speed, and ease are some of those missing foundational components that most organizations face daily.

Data lacks an ecosystem that is comparable to those of traditional assets or commodities. Data must be available in open or closed data marketplaces to measure its value. These data marketplaces are still in their infancy.

“Data markets are an important component of the data economy that could unleash the full potential of data generated by the digital economy and human activity in general.”

Source: ITU Journal, 2018

VISCOSITY

DevOps – DataOps – XOps

Trend 09 Increase efficiency by removing bottlenecks

Compared to water, a fluid with a high viscosity flows more slowly, like honey. Data viscosity measures the resistance to flow in a volume of data. The data resistance may come from other Vs (variety, velocity, etc.).

VISCOSITY

DevOps – DataOps – XOps

Increase efficiency by removing bottlenecks

Consider XOps for a second. It makes no difference what X is. What's important is matching operational requirements to enterprise capabilities.

• For example, Operations must meet the demands of Sales – hence SalesOps
  or S&Op.
• Development resources must meet the demands of Operations – hence DevOps.
• Finally, Data must also meet the demand of Operations.

These Operations guys are demanding!!

VISCOSITY

DevOps – DataOps – XOps

Trend in Data Viscosity

The merger of development (Dev) and IT Operations (Ops) started in software development with the concept of DevOps. Since then, new Ops terms have formed rapidly (AIOps, MLOps, ModelOps, PlatformOps, SalesOps, SecOps, etc.). All these methodologies come from Lean manufacturing principles, which seek to identify waste by focusing on eliminating errors, cycle time, collaboration, and measurement. Buzzwords are distractions, and the focus must be on the underlying goals and principles. XOps goals should include the elimination of errors and improving efficiencies.

Emerging technologies and capabilities:

Collaborative Data Management, Automation Tools

VISCOSITY

DataOps → Data Observability

Data observability, a subcomponent of DataOps, is a set of technical practices, cultural norms, and architecture that enables low error rates. Data observability focuses on error rates instead of only measuring data quality at a single point in time.

What’s next? Go beyond the buzzwords.

Avoid following trends solely for the sake of following them. It is critical to comprehend the concept and apply it to your industry. Every industry has its own set of problems and opportunities.

Highlight the data trends (or lack thereof) that have been most beneficial to you in your organizations. Follow Info-Tech’s approach to building a data practice and platform to develop your data capabilities through the establishment of data goals.

Research Authors

Rajesh Parab Director, Research & Advisory Data and Analytics	Chris Dyck Research Lead Data and Analytics

“Data technologies are rapidly evolving. Understanding what’s possible is critical. Adapting to these upcoming data trends requires a solid data management foundation.”

– Rajesh Parab

Contributing Experts

Carlos Thomas Executive Counselor Info-Tech Research Group	John Walsh Executive Counselor Info-Tech Research Group

Bibliography

Bean, Randy. “Why Becoming a Data-Driven Organization Is So Hard.” Harvard Business Review, 24 Feb. 2022. Accessed Oct. 2022.
Brown, Annie. “Utilizing AI And Big Data To Reduce Costs And Increase Profits In Departments Across An Organization.” Forbes, 13 April 2021.
Accessed Oct. 2022.
Burciaga, Aaron. “Five Core Virtues For Data Science And Artificial Intelligence.” Forbes, 27 Feb. 2020. Accessed Aug. 2022.
Cadwalladr, Carole, and Emma Graham-Harrison. “Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach.”
The Guardian, 17 March 2018. Accessed Aug. 2022.
Carlier, Mathilde. “Connected light-duty vehicles as a share of total vehicles in 2023.” Statista, 31 Mar. 2021. Accessed Oct. 2022.
Carter, Rebekah. “The Ultimate List of Big Data Statistics for 2022.” Findstack, 22 May 2021. Accessed Oct. 2022.
Castelvecchi, Davide. “Underdog technologies gain ground in quantum-computing race.” Nature, 6 Nov. 2023. Accessed Feb. 2023.
Clark-Jones, Anthony, et al. “Digital Identity:” UBS, 2016. Accessed Aug 2022.
“The Cost of Bad Data – Infographic.” Pragmatic Works, 25 May 2017. Accessed Oct. 2022.
Demchenko, Yuri, et al. “Data as Economic Goods: Definitions, Properties, Challenges, Enabling Technologies for Future Data Markets.“ ITU Journal: ICT Discoveries, Special Issue, no. 2, vol. 23, Nov. 2018. Accessed Aug 2022.
Feldman, Sarah. ”20 Years of Quantum Computing Growth.” Statista, 6 May 2019. Accessed Oct. 2022.
“Genomic Data Science.” NIH, National Human Genome Research Institute, 5 April 2022. Accessed Oct. 2022.

Bibliography

Hasbe, Sudhir, and Ryan Lippert. “The democratization of data and insights: making real-time analytics ubiquitous.” Google Cloud, 15 Jan. 2021.
Accessed Aug. 2022.
Helmenstine, Anne. “Viscosity Definition and Examples.” Science Notes, 3 Aug. 2021. Accessed Aug. 2022.
“How data storytelling and augmented analytics are shaping the future of BI together.” Yellowfin, 19 Aug. 2021. Accessed Aug. 2022.
“How Netflix Saves $1B Annually using AI?” Logidots, 24 Sept. 2021. Accessed Oct. 2022
Hui, Kenneth. “The AWS Love/Hate Relationship with Data Gravity.” Cloud Architect Musings, 30 Jan. 2017. Accessed Aug 2022.
ICD. “The Growth in Connected IoT Devices Is Expected to Generate 79.4ZB of Data in 2025, According to a New IDC Forecast.” Business Wire, 18 June 2019. Accessed Oct 2022.
Internet of Things (IoT) and non-IoT active device connections worldwide from 2010 to 2025” Statista, 27 Nov. 2022. Accessed Nov. 2022.
Koch, Gunter. “The critical role of data management for autonomous driving development.” DXC Technology, 2021. Accessed Aug. 2022.
Morris, John. “The Pull of Data Gravity.” CIO, 23 Feb. 2022. Accessed Aug. 2022.
Nield, David. “Google's Quantum Computer Is 100 Million Times Faster Than Your Laptop.” ScienceAlert, 9 Dec. 2015. Accessed Oct. 2022.
Redman, Thomas C. “Seizing Opportunity in Data Quality.” MIT Sloan Management Review, 27 Nov. 2017. Accessed Oct. 2022.
Segovia Domingo, Ana I., and Álvaro Martín Enríquez. “Digital Identity: the current state of affairs.” BBVA Research, 2018. Accessed Aug. 2022.

Bibliography

“State of IoT 2022: Number of connected IoT devices growing 18% to 14.4 billion globally.” IOT Analytics, 18 May 2022. Accessed. 14 Nov. 2022.
Strod, Eran. “Data Observability and Monitoring with DataOps.” DataKitchen, 10 May 2021. Accessed Aug. 2022.
Sujay Vailshery, Lionel. “Edge computing market value worldwide 2019-2025.” Statista, 25 Feb. 2022. Accessed Oct 2022.
Sujay Vailshery, Lionel. “IoT and non-IoT connections worldwide 2010-2025.” Statista, 6 Sept. 2022. Accessed Oct. 2022.
Sumina, Vladimir. “26 Cloud Computing Statistics, Facts & Trends for 2022.” Cloudwards, 7 June 2022. Accessed Oct. 2022.
Taulli, Tom. “What You Need To Know About Dark Data.” Forbes, 27 Oct. 2019. Accessed Oct. 2022.
Taylor, Linnet. “What is data justice? The case for connecting digital rights and freedoms globally.“ Big Data & Society, July-Dec 2017. Accessed Aug 2022.
“Twitter: Data Collection With API Research Paper.” IvyPanda, 28 April 2022. Accessed Aug. 2022.
“Using governance automation to reduce data risk.” Nintex, 15 Nov. 2021. Accessed Oct. 2022
“Volume of data/information created, captured, copied, and consumed worldwide from 2010 to 2020, with forecasts from 2021 to 2025.” Statista, 8 Sept. 2022. Accessed Oct 2022.
Wang, R. “Monday's Musings: Beyond The Three V's of Big Data – Viscosity and Virality.” Forbes, 27 Feb. 2012. Accessed Aug 2022.
“What is a data fabric?” IBM, n.d. Accessed Aug 2022.
Yego, Kip. “Augmented data management: Data fabric versus data mesh.” IBM, 27 April 2022. Accessed Aug 2022.

Formalize Your Digital Business Strategy

Stay relevant in an evolving digital economy

Executive Summary

Info-Tech Insight

Turn your existing digital strategy into a compelling change story that will create a unified vision of how you want to transform your business.

Info-Tech’s Digital Transformation Journey

Your journey: An IT roadmap for your Digital Business Strategy

By now, you understand your current business context and capabilities

Since 2020, market dynamics have forced organizations to reassess their strategies

The unprecedented pace of global disruptions has become both a curse and a silver lining for many CIOs. The ability to maximize the value of digital will be vital to remain relevant in the new digital economy.

Formalize your digital strategy to address industry trends and market dynamics

The goal of this phase is to ensure the scope of the current digital strategy reflects the right opportunities to allocate capital to resources, assets, and capabilities to drive strategic growth and operational efficiency.

There are three key activities outlined in this deck that that can be undertaken by industry members to help evolve their current digital business strategy.

1. Identify New Digitally Enabled Growth Opportunities
   • Host an ideation session to identify new leapfrog ideas
   • Discuss assumptions, value drivers, and risks
   • Translate ideas into opportunities and consolidate
2. Evaluate New Digital Opportunities and Business Capabilities
   • Build an opportunity profile
   • Identify business capabilities for transformation
3. Transform Stakeholder Journeys
   • Understand the impact of opportunities on value-chains
   • Identify stakeholder personas
   • Build a stakeholder journey map
   • Compile your new list of digital opportunities

Info-Tech’s approach

1. Identify New Digital Opportunities
   • Conduct an ideation session
   • Identify leapfrog ideas from trends
   • Evaluate each leapfrog idea to define opportunity
2. Evaluate Opportunities and Business Capabilities
   • Build Opportunity Profile
   • Understand the impact of opportunities on business capabilities
3. Transform Stakeholder Journeys
   • Analyze value chains
   • Map your Stakeholder Journey
   • Breakdown opportunities into initiatives

Overview of Key Activities

Glossary of Terms

LEAPFROG IDEAS

The concept was originally developed in the area of industrial organizations and economic growth. Leapfrogging is the notion that organizations can identify opportunities to skip one or several stages ahead of their competitors.

DIGITAL OPPORTUNITIES

Opening of new possibilities to transform or change your business model and create operational efficiencies and customer experiences through the adoption of digital platforms, solutions, and capabilities.

INITIATIVES

Breakdown of opportunities into actionable initiatives that creates value for organizations through new or changes to business models, operational efficiencies, and customer experiences.

1. LEAPFROG IDEAS:
   • Precision medicine
2. DIGITAL OPPORTUNITY:
   • Machine Learning to sniff out pre-cancer cells
3. INITIATIVES:
   1. Define genomic analytics capabilities and recruit
   2. Data quality and cleansing review
   3. Implement Machine Learning SW

Identify Digitally Enabled Opportunities

Host an ideation session to turn trends into growth opportunities with new leapfrog ideas.

Phase 1

Host an Ideation Session to Identify New Digital Opportunities

Host an Ideation Session

1.1 Executive Stakeholder Engagement

Assemble Executive Stakeholders

Set yourself up for success with these three steps.

1.2 Guiding Principles

Set the Guiding Principles

Guiding principles help define the parameters of your digital strategy. They act as priori decisions that establish the guardrails to limit the scope of opportunities from the perspective of people, assets, capabilities, and budgets that are aligned with the business objectives. Consider these components when brainstorming guiding principles:

Consider these three components when brainstorming

1.2 Guiding Principles

Examples of Guiding Principles

1.3 Trend-Analysis

Leverage strategic foresight to identify growth opportunities

What is Strategic Foresight?

In times of increasing uncertainty, rapid change, market volatility, and complexity, the development of strategies can be difficult. Strategic foresight offers a solution.
Strategic foresight refers to an approach that uses a range of methodologies, such as scanning the horizon for emerging changes and signals, analyzing megatrends, and developing multiple scenarios to identify opportunities (source: OECD, 2022). However, it cannot predict the future and is distinct from:

• Forecasting tools
• Strategic planning
• Scenario planning (only)
• Predictive analyses of the future

Why is Strategic Foresight useful?

• Reduce uncertainties about the future
• Better anticipate changes
• Future-proof to stress test proposed strategies
• Explore innovation to reveal new products, services, and approaches

Explore Info-Tech’s Strategic Foresight Process Tool

“When situations lack analogies to the past, it’s hard to envision the future.”

- J. Peter Scoblic, HBR, 2020

1.3 Trend-Analysis

Leverage industry roundtables and trend reports to understand the art of the possible

1.3 Trend-Analysis

Scan the Horizon

Understand how the environment is evolving in your industry

Scan the horizon to detect early signs of future changes or threats.

Horizon scanning involves scanning, analyzing, and communicating changes in an organization’s environment to prepare for potential threats and opportunities. Much of what we know about the future is based around the interactions and trajectory of macro trends, trends, and drivers. These form the foundations for future intelligence.

Identify signals of change in the present and their potential future impacts.

1.3 Trend-Analysis

Identify macro trends

Macro trends capture a global shift that can change the market and the industry. Here are examples of macro-trends to consider when scanning the horizon for your own organization:

1.3 Trend-Analysis

Determine impact and relevance of trends

Understand which trends create opportunities or risks for your organization.

Key Concepts:

Once an organization has uncovered a set of trends that are of potential importance, a judgment must be made on which of the trends should be prioritized to understand their impact on your market and ultimately, the implications for your business or organization. Consider the following criteria to help you prioritize your trends.

Impact to Industry: The degree of impact the trend will have on your industry and market to create possibilities or risks for your business. Will this trend create opportunities for the business? Or does it pose a risk that we need to mitigate?

Relevance to Organization. The relevance of the trend to your organization. Does the trend align with the mission, vision, and business objectives of your organization?

Activity: 2-4hours

In order to determine which trends will have an impact on your industry and are relevant to your organization, you need to use a gating approach to short-list those that may create opportunities to capitalize on while you need to manage the ones that pose risk.

1.3 Trend-Analysis

Prioritize Trends for Exploration

Info-Tech Insight

While the scorecard may produce a ranking based on weighted metrics, you need to leverage the group discussion to help contextualize and challenge assumptions when validating the priority. The room for debate is important to truly understand whether a trend is a fad or a fact that needs to be addressed.

1.3 Trend-Analysis

Discuss the driver(s) behind the trend

Determining the root cause(s) of a trend is an important precursor to understanding the how, why, and to what extent a trend will impact your industry and market.

Trend analysis can be a valuable approach to reduce uncertainties about the future and an opportunity to understand the underlying drivers (forces) that may be contributing to a shift in pattern. Understanding the drivers is important to help determine implication on your organization and potential opportunities.

1.3 Trend-Analysis

Examples of driver(s)

INDUSTRY

Healthcare Exemplar

Understanding the drivers is not about predicting the future. Don’t get stuck in “analysis paralysis.” The key objective is to determine what opportunities and risks the trend and its underlying driver pose to your business. This will help elicit leapfrog opportunities that can be funneled into actionable initiatives.

Other examples…

1.3 Trend-Analysis

Case Study

Industry

Healthcare

Artificial Intelligence (AI) in Precision Medicine (Genomics)

Precision Medicine has become very popular over the recent years fueled by research but also political and patient demands to focus more on better outcomes vs. profits. A cancer care center in Canada wanted to look at what was driving this popularity but more importantly, what this potentially meant to their current service delivery model and operations and what opportunities and risks they needed to address in the foreseeable future. They determined the following drivers:

• Improve patient outcomes
• Earlier detection of cancer
• Better patient experience
• Ability to compute vast amounts of data to reduce manual effort and errors
• Accelerate from research to clinical trials to delivery

1.3 Trend-Analysis

INDUSTRY

Healthcare Exemplar

Sample Output From Trend Analysis

1.3 Elicit New Opportunities

Leapfrog into the future

Turn trends into growth opportunities.

To thrive in the digital age, organizations must innovate big, leverage internal creativity, and prepare for flexibility.

In this digital era, organizations are often playing catch up to a rapidly evolving technological landscape and following a strict linear approach to innovation. However, this linear catch-up approach does not help companies get ahead of competitors. Instead, organizations must identify avenues to skip one or several stages of technological development to leapfrog ahead of their competitors.

“The best way to predict the future is to invent it.”

– Alan Kay

Leapfrogging takes place when an organization introduces disruptive innovation into the market and sidesteps competitors, who are unable to mobilize to respond to the opportunities.

1.3 Elicit New Opportunities

Funnel trends into leapfrog ideas

Go from trend insights into ideas for opportunities

Brainstorm ways to generate leapfrog ideas from trend insights.

Dealing with trends is one of the most important tasks for innovation. It provides the basis of developing the future orientation of the organization. However, being aware of a trend is one thing, to develop strategies for response is another.

To identify the impact the trend has on the organization, consider the four areas of growth for the organization:

1. New Customers: Leverage the trend to target new customers for existing products or services.
2. New Business Models: Adjust the business model to capture a change in how the organization delivers value.
3. New Markets: Enter or create new markets by applying existing products or services to different problems.
4. New Product or Service Offerings: Introduce new products or services to the existing market.

1.3 Elicit New Opportunities

INDUSTRY: Healthcare

SOURCE: Memorial Sloan Kettering Cancer Center

Case Study

Machine Learning Sensor to Sniff Out Cancer

From trends to leapfrog ideas

Additional Examples in the Appendix

Example of leapfrog ideas that can generate opportunities for consideration

Phase 1: Deliverable

Phase 1 Deliverable

Example of output from phase 1 ideation session

Phase 2

Evaluate Opportunities and Business Capabilities

Build a better understanding of the opportunities and their impact on your business.

Phase 2

Evaluate Opportunities and Business Capabilities

2.1 Build an opportunity profile

Evaluate each opportunity

Discussion Framework:

In your discussion, evaluate each opportunity to assess assumptions, value drivers, and benefits.

Ideas matter, but not all ideas are created equal. Now that you have elicited opportunities, discuss the assumptions, risks, and benefits associated with each new digital opportunity.

Design Thinking

Leverage the guiding principles as the guardrails to limit the scope of your new digital opportunities. You may want to consider taking a design-thinking approach to innovation by discussing the merits of each opportunity based on:

• DesirabilityDesirability: People want it. Does the solution enable the organization to meet the expectations of stakeholders?
• Feasibility

Feasibility: Able to Execute. Do we have the capabilities to deliver e.g., the right skills, partners, technology, and leadership?

• Viability

Viability: Delivers Value. Will this idea meet business goals e.g., cost, revenue, and benefits?

Source: Adapted from IDEO

Source: Adapted from MoSCoW prioritization model

Exemplar: Opportunity Profile

Example:

An example of a template to capture the output of discussion.

Automate the Registration Process Around Admission, Discharge, and Transfer (ADT)