One of the highlights of this past year came out of some robust discussions we had at a round table event that brought together IT and business leaders.
This blog is Part Two of those discussions.
< Read Part One
Common pain points surface
Certainly, the hot topic of modernisation - and all of its ramifications - was shared across the board, with attendees eager to discuss common challenges and pain points.
A common one - the conundrum of whether to jump ‘all-in’ on cloud. In fact, many attendees said “cloud across all things” wasn’t resulting in lower costs of ownership or agility.
Similarly, all face challenges around the consolidation of systems to reduce operational complexity. Indeed, digital transformation, migration to cloud, and escalating customer demands are creating a surge in IT complexity and the associated management costs.
Undoubtedly, IT complexity and managing IT performance can be a killer - a hot topic that resonated with the assembled group of tech leaders.
Like many in the room, Novartis’ De Alwis, said one of his biggest challenges - particularly in the application modernisation game - is simply understanding business priorities and needs, in addition to where you want to allocate funding. Like many companies, sometimes refining or eliminating business processes will simplify and enhance productivity instead of modernising applications or retro-fitting a new technology into the environment.
“One of the biggest challenges is understanding where the business is wanting to play in the next two, five and 10 years, whilst continuing to evolve as an IT team to add value and insights into the health world, whether it be digital, cloud/on-premise or new technologies like the metaverse.”
The table of IT and business leaders discussing Application Modernisation.
Security implications far-reaching
Not surprisingly, security continues to be a major concern given the recent spate of high-profile security breaches, prompting a rethink of visibility across board level and for budgets to be significantly ramped up.
Another delegate – from the commercial real estate and services space - said security is a crucial part of the discussion when modernising applications and embarking on a tech transformation journey, but it’s all about risk management.
“For us, there’s a massive focus in terms of uplifting our security posture. Statistically, 13 million Australians have had their identities exposed and breached over the last 40 days - that’s approaching half of the population - so it’s very timely in terms of that security uplift. So modernising applications is very topical at the moment.”
For AAP’s Bailey, “unknown unknowns” loom large on the security front of navigating a tech modernisation journey.
“For me, the biggest issue is not the threat of the day - whether it’s ransomware or denial-of-service or any of these things - the issue is you can’t on your own (unless your line of business is cybersecurity), you can’t be prepared. You can have all of the best laid plans in the world, but nothing will protect you against a zero-day exploit.
"So what keeps me up at night is how to defend against the indefensible, to create a culture that can react with purpose and agility - and who do you partner with to share risk?”
But there are best practices to follow for secure application development, according to Jade Software’s head of engineering, Greg Smith.
“Companies that develop software or applications face additional challenges and need to pay particular attention to how they incorporate the use of tools into their DevOps practices and processes,” Smith said.
In addition to raising awareness with employees, companies need to leverage security tools and software that can be embedded in the application infrastructure. Some of his quick tips include:
- Create internal awareness;
- Shift-left during the development process;
- Rely on trusted security advisers;
- Penetration test your applications; and
- Monitor use of third-party libraries.
Smith said the application modernisation journey needs good storytelling at the board level.
“As you go to a board to get funding, you need to have a really good story, and be really critical about how long it will take. The best thing is to cut things up into small slices. Every project I’ve worked on we’ve broken things down. The good thing about that is you can deliver value sooner.
“And when you talk about security – and make a decision on technology – oftentimes people go all in. The risks are that that technology can be made obsolete quite quickly. But if you take the approach where you build and architect with layering, then you have much more success. Start small, build confidence, and then from there increase team size.”
Lisa Davies from AAP speaking to the group
Like Smith, AAP’s Davies said fostering change comes in the wake of compelling storytelling and weaving a successful narrative that will convince the board of the true power of digital transformation and enablement.
“The narrative is, ’we can’t afford not to do this’ given the disruptive nature of the news market and the new ways of consuming news.
“Everybody needs to take ownership over the problem. We do need our IT team, in particular, and we’re trying to empower them to own this process because it’s super important to think innovatively and be in a modern organisation that can pivot and be proactive rather than just constantly feeling that we’re patching. Telling them that story is important. We’re investing in this; it’s part of a process.”