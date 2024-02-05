



To effect change, organizations currently need to overcome a variety of technological barriers, but this is likely to be offset over time by the increasing importance of non-technical factors in technology procurement. there is.

The continued shift from on-premises infrastructure to the cloud to modernly designed web-based applications and API-based services is causing organizations to reevaluate their past technology choices.

Nowhere is this more evident than in security. Existing security tools are often inadequate for cloud, web, and API-based applications.

This has sparked important debates about when is the right time to migrate or change technology.

Unfortunately, even when the right time is 'now' or 'immediate', for example within the next 12 months for system upgrades or operational changes, 'change agents' within an organization are We often run into barriers that slow us down or frustrate us. .

Of course, resistance to change is nothing new. However, the business world is far more adaptable and receptive to change than it was a few years ago. Only when organizations test this are they likely to run into barriers.

Understanding these potential barriers allows organizations to effectively counter them proactively when planning change.

Moreover, in the medium to long term, the impact of these barriers may be offset or offset to some extent by new requirements placed on suppliers of technology systems and services.This could ultimately make the job of “change agents” simpler.

Breaking through technological barriers to bring about change

Existing systems often have technical barriers in front of them, making changes or switching systems seem more difficult than they actually are.

One of those barriers is industry practices. We've all heard stories like the “load-bearing Mac Mini” on Twitter. This system becomes virtually untouchable because its origins are lost in the mists of time and no one knows what it does and no one wants to be the one to switch it off. Find it.

This is a distorted risk assessment. Leaving IT debt and legacy applications in place is actually riskier than looking under the hood and possibly replacing the technology. A “black box” always poses greater risk to an organization than a solution with a documented configuration.

Another barrier is the level of customization, which often acts as an argument against change. Many organizations have systems with highly custom configurations and “workarounds” to make the system work in specific scenarios. These custom configurations and their reasons may not be documented or well understood. These are often hand-coded and can give the false impression of being overly complex.

However, organizations spend significant amounts of time, effort, and resources on customization, even though a modern system with a wide range of out-of-the-box functionality may actually be more cost-effective. I have the mindset of sweating the investment. It also improves operational efficiency. Modern systems that leverage configuration-as-code can replicate and automatically monitor security controls for web applications and APIs, increasing efficiency and counteracting inertia to change.

The third barrier is a full stack commitment. For contract simplification, bundle discounts, or consolidation, organizations may try to put as many eggs as possible in one basket and deliver from one technology stack. Stack consolidation can make it difficult to unwind or isolate certain parts, even if moving to an API-based or overlay system is functionally beneficial. Full-stack integration doesn't have to be an excuse to stick with substandard features. This is especially true when it comes to security.

The fourth barrier is technology procurement channels. In areas such as cybersecurity, vendors often exploit fear in the sales process. It used to be effective, but it led to tool bloat. According to Fastly's latest global cybersecurity report, The Race to Adapt, organizations in Australia and New Zealand rely on an average of seven network and application cybersecurity solutions, of which one-third turns out to be dependent on these solutions. Solutions overlap in functionality, and less than half of cybersecurity tools are fully active.

On average, organizations spend $63,000 annually on web application and API security tools. This is clear evidence that businesses are purchasing disparate tools that are not designed to work together effectively in hopes of protecting against security threats. Not only is this dangerous for organizations because it creates the illusion of security, it can also put businesses at risk of serious compliance violations.

At the same time, if a purchase is made even partially based on fear, other important considerations such as choosing a product that is appropriate for the organization's needs and that “works well” by integrating with existing tools in the environment. The element has lower priority. But switching to new tools, especially those that consolidate multiple existing purchases, is often preferable to continuing to support previous fear-based decisions.

Non-technical barriers lead to high bills

Organizations increasingly have other reasons for change. Specifically, the extent to which existing suppliers meet new non-technical standards that influence decision-making at a business-wide level. Although these factors do not take precedence over technical capabilities, it may be difficult to continue working with a vendor that does not have these factors in place.

Today's technology purchases often need to align with customer organizations' broader environmental, social, and corporate governance (ESG) efforts. Suppliers of technology, and indeed all services, are expected to go along with it.

It is important for vendors to know the sustainability impact of their tools, especially SaaS-based tools, as where the tools are hosted can impact their customers' Scope 3 emissions. Additionally, it is important to have modern slavery statements and policies in line with Australian reporting rules, which are increasingly being demanded by large companies (often publicly traded).

A more common non-technical criterion is “conformance.” In technology case studies, organizations often publicly state that their partnership is based on how the vendor approaches business and how they conduct themselves. Organizations want a supply chain that aligns with their work ethic, ethics, and values. So, a question that is often asked is how do you identify vendors that have the technology to improve your security posture, but are also vendors you want to do business with?

We're at a point now where this is just another driver of organizational change.

