“Organizations that recognize resilience as a long-term strategic imperative will be best positioned to outperform in future crises.”"
Lack of technology resilience poses an increasing danger for organisations, and not just in terms of pandemic preparedness.
There is a growing probability of future global crises, with disruptions more widespread and long-lasting.
In the face of these crises, organisations that make resilience a long-term strategic imperative and a pillar of corporate change will be best positioned.
As organisations are in the recovery and growth mode, those that prioritise growth over cost cutting, debt reduction over debt financing, and operational flexibility over direct control will realise the full value of resilience and build advantage for the next crisis.
During the COVID-19 pandemic, resilience rose to top of the strategic agenda. BCG research identified three stages during which resilience creates value relative to peers. Resilient organisations were able to:
Improving technology system resiliency is not a quick-fix. Traditional operational processes are unlikely to sense and respond to the volatility, nor adjust to the fast-changing scenarios that crises bring. The technology systems that deliver critical services are often built over decades, following complex rules developed on legacy technologies. They are prone to frequent system failure, performance degradation, unusually long recovery times, and often delay getting changes to the market. In our experience, poor technology resilience can be attributed to:
- Outdated technology architecture that is built to deliver specific use cases rather than delivering at scale;
- Immature operations and delivery processes that cannot support a complex and changing environment, e.g., limited performance and stress testing, insufficient delivery controls and poor change management result in failed changes and/or poor production code
- Reactive service management, poor service desk and monitoring resulting in a struggle to isolate root causes and prevent re-occurring of incidents
- Deprioritised infrastructure lifecycle management leading to accumulated risk and more costly remediation
- Poor capability and inconsistent skills
To overcome these challenges, organisations need to strategically deploy digital transformation and keep resiliency on the agenda in good times as well as bad. We have identified five areas across operations and technology that organisations should focus on to deliver resilient services.
1. Modernize technology architecture: Leadership must support clear strategy and bold architecture decisions to deliver resilient and redundant systems that are fit for the complexity and scale of future operations. To modernise their technology architecture, organisations need to:
- Simplify their IT landscape to enable adoption of modern application, infrastructure and data architecture patterns
- Prioritise build and adoption of public and private cloud, while controlling cost blow-outs as a result.
- Build future-ready data capability with a clear collaboration model, a common data platform, and strong capabilities and processes.
- Commit the funding required for large scale re-architecture of key systems.
2. Build service management flexibility and adaptivity: Globally, organisations are adopting practices to deliver platform autonomy. Global banks and product companies (e.g. Apple and Spotify) are leading the way, applying service integration and management (SIAM) to deliver cross-platform services.
To build flexible services, organizations must:
- Urgently build capabilities to stabilise operations and improve availability (e.g., service desk, Configuration Management Database (CMDB), problem management).
- Embed a ‘service provider’ mindset to address customer needs by building a central SIAM capability and establishing end-to-end service ownership.
- Adopt modernised tooling that integrates with the service management ecosystem (e.g., CI/CD and DevOps), and can accelerate automation to free capacity currently locked away in manual tasks
3. Integrate security and operations: Security remains a crucial pillar for online services of the public and private sector; strong basic cyber capabilities and procedures have become table stakes. Organisations should:
- Implement security as code through policy and architecture changes that allow secure configuration of applications and systems (e.g., container security, API security, etc.).
- Invest in effective end-to-end monitoring capability across all their critical systems.
- Remediate vulnerabilities, enhance AI and analytics, and embed DevSecOps to improve security outcomes (e.g., ensure consistency of data and security measures, a wholistic view of monitoring etc.).
4. Strengthen IT operations: It is not unusual that operational staff struggle with poorly designed code and design choices, and routinely fix technical debt introduced through poor processes and practices. To break this cycle, organisations need to rethink development and operations practices at scale. Strengthening service operations requires organisations to:
- Uplift environment management and develop maturity, as well as automate provisioning, testing and monitoring to reduce delays in delivery cycles, eliminate manual errors and improve production deployment frequency.
- Build redundancy and communicate that objective broadly throughout the organisation.
- Proactively manage technical debt by maintaining focus on assets nearing end-of-life.
5. Build a platform based operating model. Organisations that promote the agile collaboration of functional and technical experts to align on and implement business solutions increase their speed to market and productivity by 2-4 times. Organisations must allow platform teams to work freely to their full potential and not restrict them with old rules. This will require organisations to:
- Empower teams to make certain decisions quickly and independently while retaining organisation-wide standards and policies to ensure governance and scalability.
- Build capability and discipline beyond governance and assurance processes to increase funding agility, better enable change and sustainment initiatives across the ICT enterprise, and anticipate talent needs for the future.
- Carefully consider resource trade-offs to ensure the greatest impact, and recommend a path forward based on demand and supply optimisation (e.g., reassess prioritisation of work or improve responsiveness through nimble internal resourcing). Chevron redesigned 6,000+ technology roles to support digital value delivery which resulted in streamlining their IT operations cost by 25%.
- Broaden strategic partnerships with industry to both supply and develop resources; explore opportunities for alternative sourcing models for highly technical and sought-after skills and leverage innovative market partnerships
It is critical that resilience transformation is delivered through a value-stream approach, orchestrated to deliver tangible outcomes, and tracked in conjunction with end customer/citizen experience.
In our work with major public and private sector organisations, we have set-up the resiliency agenda through a clearly defined operating structure and KPIs (Exhibit below).