Keeping a grip on a growing digital ecosystem – how do you do that?
How do you get a constantly expanding, multi-cloud ecosystem under control? Do you as an organisation even know where your ecosystem begins and ends? The Log4J vulnerability that was uncovered in late 2021 has made it clear that organisations’ ecosystems extend much further and are much more vulnerable than previously thought. So, getting a grip starts with understanding. But keeping such an ecosystem secure, compliant and manageable also requires very clear agreements with IT partners about its mission, purpose and responsibilities.
The IT ecosystem is expanding like the universe. In the beginning, each organisation had its own servers and infrastructure, but nowadays systems and data are housed at ever more SaaS vendors somewhere in the digital space. Do you know precisely where your data is? And do you know exactly what would happen if one of these SaaS vendors went into liquidation? Do you know all the components that your software, middleware and hardware are dependent on? No you don’t, is the short answer. This was clearly shown by the impact that the Log4J vulnerability had. At that time, many organisations realised for the first time how large their multi-cloud ecosystem actually is, and how little grip they had on it.
“At the Digital Ecosystems Institute, we see that the most important prerequisites for working within digital business ecosystems are those of trust, transparency and the creation of common goals.
This bypasses the technology and often takes place in the area of behavioural and organisational change. In this respect, I agree with Klaas and I recognise the stress that he observes when trying to keep a grip on a multi-cloud ecosystem. For the DEI, it’s about creating a resilient collaboration structure. Here, control doesn’t mean you always have to control everything, but that you can rely on the ecosystem’s own durability instead. Sometimes it is the one party and sometimes the other that takes on the role of orchestrator. Responding to this in the right way is an art in itself.”
Bart van der Linden
Director Digital Ecosystems Institute
Outsource everything?
Many organisations have opted to stop being involved in the nuts and bolts of their IT. As a retained organisation, they want to maintain oversight and broad control. They enter into collaboration with one or more IT business partners. This is an understandable and sensible decision. Nevertheless, it does not absolve them of their duty to keep a grip on things. And it also doesn’t mean that you can just outsource everything and calmly sit back. In fact, at first the coordination of goals, role allocation, performances and technological options may even require more work than managing your IT yourself.
An organisation and its IT partner(s) must agree clearly specified arrangements at different levels. First, there must be both clarity and agreement about the mission: which direction are we going to take? As an IT partner, you really have to understand – and commit to – an organisation’s mission in order to support and facilitate it. Furthermore, it is important to clearly lay down who does what. What are each other’s responsibilities? It is then about trust and you determine the process-related and technical parameters.
Measuring and weighing up performances
The roles of both a retained organisation and IT partner are changing. The content of the relationship is changing too. You are moving from an SLA-directed relationship to a genuine collaboration agreement. This agreement is less KPI-driven than a SLA and that raises the question: how do you measure, weigh up and appraise your partner’s performances? An important question is now: how does the IT partner facilitate the organisation’s mission? That means, for example, greater transparency about the deployment of knowledge, data and resources.
Up to a few years ago, as a secure managed IT services provider we often talked with our customers about the security and redundancy of the data centres that we managed. Nowadays, we talk more and more with them about the leading role they want to play and taking care of their organisations’ needs. And more specifically: wanting to grow to a higher level of maturity on the basis of a Capability Maturity Model.
Mission-driven collaboration
This requires a different manner of collaboration. IT partners must change and start thinking in a much more functional way. They must deliver the technology, but they also have to understand why they are deploying it. If the most important task is to facilitate their customer’s mission, then IT partners do have to understand that mission. That’s the only way you will arrive at the right decisions and priorities.
That changing collaboration and delineation of each party’s role are not set in stone. You can only determine that through discussions. With collaboration, the discussion is no longer about KPIs and bonus-malus arrangements, but more about mission-driven collaboration.
Organisations understand better and better that becoming a retained organisation does not mean passing on your responsibilities. And they accept that collaboration requires both parties to work harder. This approach is in line with a DevOps way of working, where partners are forced to come out of their fortress and truly collaborate on the basis of a shared mission, which is data-driven, and where there is a clear delineation of roles and responsibilities; confident in the knowledge that this method of collaboration will lead to improvements in compliance, security and grip.
Sign up for the Solvinity Newsletter
Receive the latest news, blogs, articles and events.
Subscribe to our newsletter.
Other articles
More
What makes a Secure Managed Cloud truly ‘secure’?
What makes a Secure Managed Cloud truly ‘secure’? In an era where cyber threats are constantly...
READ MOREThe complexity of IT Regulations for municipalities
In addition to the daily challenge of managing a secure and efficient IT environment, municipalities face...
READ MORESecurity controls in hybrid cloud environments
A holistic approach to security controls, which considers all aspects of the IT environment, is crucial...
READ MORE