IT Strategy Matters: As an IT leader, is it your responsibility to think the unthinkable?

Welcome to the 3rd ‘IT Strategy Matters’ newsletter. I’m delighted that you are on this journey with me.  I renamed this from ‘Mastering IT Strategy’ because that implied that the newsletter was only relevant to novices, and I want it to appeal to all. This newsletter has already been sent to existing subscribers and I'm sending this to you a few days after your last email so that you can catch up with what I have been sharing with others. 

I’m conducting some research. If you have not done so already, please help me by sharing your views in the IT Strategy Matters survey at https://forms.office.com/e/MDZam3JjXN 

It's anonymous, but if you leave your details, I'll let you know how your answers compare to your peers.  

I believe that IT strategy matters! And what matters is how IT leaders and team members develop and deliver valuable strategies, how they work effectively with business leaders and end-users to do so. 

So, whether you are an IT leader, IT professional, business leader or a user of IT services your opinion matters! 

Thank you for contributing to my research. Your input is really valuable and much appreciated. 

Events like the CrowdStrike issues on 19th July remind us of the futility of working in IT. 
  
The IT function has more of an impact on the whole business than probably any other. In today's digital economy, every employee and every business process relies on technology. Without it, we can't communicate, collaborate, share information, or conduct even the simplest of business processes. As IT professionals, we have a responsibility to make sure that things always work, and we take that responsibility very seriously.  

But all too often, the business takes IT for granted: When things go wrong, the business is quick to blame, often asking: Why do we even pay you guys? ‍The tolerance for failure in IT is lower than any other function because of the impact that it has.

But when things go right (as they do most of the time) the business can become complacent and take IT for granted, often asking: Why do we even pay you guys? 

CrowdStrike will be severely damaged as a result of the issues on 19th July 2024, and rightly so. I don't know the details of why their update caused so many Windows devices and VMs to fail, but something had obviously gone very wrong in their testing and quality assurance process. In fact there is now a class action law suit filed against the company on behalf of their shareholders which accuses the company of making "false and misleading" statements about its software testing. It cites chief executive George Kurtz, who said in a conference call on 5 March that the firm's software was "validated, tested and certified." 

https://www.bbc.co.uk/news/articles/cy08ljxndr4o 

 
But think how many successful updates CrowdStrike had already delivered. Think how many cyber threats those updates had successfully defended against. One error can destroy all that good work.  
 
And the IT pros who selected and implemented CrowdStrike: They will likely switch to an alternative solution in what is a competitive market, but by choosing CrowdStrike in the first place, they were doing the 'right' thing. They will likely have chosen CrowdStrike over a solution from Microsoft for example to avoid having all their eggs in one basket. They will have consulted research from firms like Gartner or Forrester, and maybe spoken to CrowdStrike customers when selecting the solution. 

Will that have made any of their business colleagues or any of their customers feel happier on 19th July? No. The only thing on their mind will have been to demand that the issue is fixed as soon as possible, and probably to blame IT for the issue. 

So how do you mitigate the risk of something like the CrowdStrike update issue when defining your strategy? I’m sure that most organisations did not, and it was luck rather than judgement that saved their Windows devices from being some of the 8.5 million that were affected worldwide.  And they weren’t wrong in not planning any mitigation for this issue, because until 19th July, this was not commonly deemed to be necessary.  

There have been many conventions or norms which have changed as a result of the unthinkable happening. The 11th September 2001 will be forever remembered because of the huge and tragic loss of life resulting from the terrorist attacks on the World Trade Centre towers and the Pentagon, but that day changed many IT strategies as well. Many companies hosted all of their IT systems on-premises in the towers, or perhaps used one tower as a business continuity location for the other. Before 9/11, it was unthinkable that terrorists would fly aeroplanes into two iconic buildings, causing their collapse and the death of so many, but after 9/11, that was the sort of scenario that we all had to cater for in our strategies and disaster mitigation.  

Obviously the CrowdStrike issue did not have anything like the impact of the 9/11 attacks, but I think that this will be another disaster scenario that we will need to mitigate in our future strategies. Certainly, CrowdStrike and other software vendors will take a long hard look at their testing and quality assurance procedures to reduce the risk of this happening to them in the future.  

We’re going to have to think of evermore crazy scenarios and how to mitigate the risks that they pose to our technology operations and business continuity. We also need to think what risks might exist within our supply chains as well as directly in our own organisations. We’ll also need to stress-test our services in more ways to prove that our risk mitigations work in practice as well as in theory. 

As an IT leader, you have a vital role to play in shaping and delivering the IT strategy that supports your organisation's goals and vision. You also must be ready to adapt and respond to the unexpected challenges and opportunities that may arise in the rapidly changing world of technology, and the unpredictable world in which it is used. You can't predict everything that might happen, but you can prepare for the worst and hope for the best. 

Thank you for reading this edition of IT Strategy Matters. I hope you found it useful and informative. Please feel free to share it with your colleagues and friends who might benefit from it.  

Until next time, remember: IT strategy matters! 

Dan – The IT Strategy Coach 

Might I be able to help you? 

Click here to express interest in our upcoming online courses and coaching programmes. 

Click here to enquire about a bespoke engagement with The IT Strategy Coach.