An open enterprise may not be such a good idea

Most recent technological and management innovations focus on "openness." Patrick Gray talks about why this is not always such a good idea.

Most recent technological and management innovations focus on "openness." From open-source applications where anyone can enhance or use a bit of software, to open protocols and communications standards that allow diverse technologies, companies, and countries to interoperate. Employees are routinely pushing for increasing openness as well, demanding everything from "Bring Your Own Device" initiatives to access to social networks and cloud-based software. However, an increasingly risky world is calling into question some of this push for openness.

It's a dark world out there

Fear and uncertainty are classic tools to grab attention and sell products, and usually overwrought. Even the most wonderful eras have no shortage of people predicting doomsday scenarios, yet there are certainly several clouds on the horizon as of late. The global economy continues to misfire, from developed nations to once high-flying emerging nations, and crisis abounds from U.S. markets to an increasingly unstable Union in Europe.

IT security specialists warn us of increasingly sophisticated malicious software, and cyber warfare, once a topic for science fiction buffs, now seems to be a legitimate form of combat. It's enough to make even the most ardent optimist glance furtively over his or her shoulder, and has the pessimists in many areas literally heading for the hills.

In IT circles, calls for a "disconnected enterprise" are gaining traction. Rather than seeking increasing openness and interoperability, some analysts and CIOs are advocating disconnecting sensitive data and systems from external networks, standardizing on a limited number of proprietary, internal tools, and in extreme cases, actively preparing for attacks to their IT infrastructure from traditional hackers and hostile governments.

While this may be a bleak picture, most organizations have gone through similar "dark periods" in the past and survived unscathed. This will likely not be our last recession or the final period in history marred by conflict.

Assess your risk

What the purveyors of the doomsday scenarios avoid discussing is that there's a massive cost associated with disaster preparation, and a corresponding sliding scale of risk mitigation. Could your company fall victim to a devastating act of cyber-terrorism? Certainly, but for 90% of the world's companies, the investment of time and treasure to fully avoid such a fate is unaffordable monetarily and in terms of the cost in time and distraction from higher value activities.

Similarly, no one can predict and plan for every potential disaster, and the time and cost required to attempt to do so would be overly burdensome in itself.

Finding themes

Rather than attempting to predict discrete events that will affect your company, look for emerging themes that will impact your company and your IT operations. Instead of trying to assess the nuances of a Greek default versus a Spanish default, consider how to embed flexibility into your IT systems that could rapidly accommodate regional currency changes, or requirements to divest operations for a region or country.

Instead of lying awake wondering which country's cyber army might place your organization on its target list, consider which information is truly valuable to your company, and fine tune the tradeoffs between sharing this information internally versus having it fall into the wrong hands. Just as it's silly for most companies to plan what to do if a battalion of some invading army showed up on their front lawn, it's silly to focus on "going to war," but potentially prudent to consider which assets need the most protection or how you'd evacuate them in the face of danger.

While I personally don't think it's time to hand out steel helmets, unplug your company from the internet, and move into a bunker in the mountains, every company should assess the risks it's exposed to and build mitigation strategies into its IT infrastructure. Avoid getting caught up in the doom and gloom, and rather look for low cost countermeasures that might mitigate anything from a national default to a nefarious hacker, and move on with life.


Patrick Gray works for a global Fortune 500 consulting and IT services company and is the author of Breakthrough IT: Supercharging Organizational Value through Technology as well as the companion e-book The Breakthrough CIO's Companion. He has spent ...

Editor's Picks