Have you ever heard of “destructive interference?” In physics, this is the principle that describes the interaction of two waves in exact opposite phase. What happens when two waves are in exact opposite phase and they interact? They cancel each other out. This is how noise cancelling headphones work; the headphones generate a “noise” that is in opposite phase to background sounds.
The opposite of destructive interference is also true by the way. Called constructive interference, it’s what happens when two waves that are in phase interact with each other. When that happens, it brings about an additive effect. This is the reason sonic booms happen.
If you’re wondering why I’m bringing up all of this, it’s because these phenomena are good metaphors for what can happen in an enterprise when it comes to technology investments that firms make. Imagine for a moment that each technology investment your firm makes is the source of “ripples” throughout the organization. For the purposes of our metaphor, these ripples are the business value provided by the investment.
Right at the source they are the strongest – meaning, they have the most impact on those closest to the investment (the ones who make use of it on a daily basis). Added value also has a cascading (though reduced) impact as you move farther away from the source: maybe other areas become faster at performing given tasks when processes intersect with the area where the investment was made — or maybe an efficiency gain or cost savings frees up resources so some other area can use those resources to get a leg up.
The thing to realize though is that at any given time in most organizations there are numerous business areas each making technology investments. Sometimes they are large investments like a new business application or supporting infrastructure, while sometimes they are smaller ones like using a new SaaS service or working with a new external vendor. These investments interact with each other. And, much like waves in physics, they can interact with each other either positively or negatively. A positive interaction means that two separate investments amplify the value created because they operate harmoniously – while in other cases the value realized from an investment might be diluted because it interferes with an investment made somewhere else.
As an example of two technologies working constructively together, consider a SaaS migration in one business area and an investment in mobility by another linked business area. In this case, the use of SaaS provides value directly to the team using it but might also mean that users in the linked business can now (by virtue of the mobility investment) access the application from anywhere at any time.
A counter-example where value is reduced might be a publication company that has one business area that invests in technologies to streamline creating and editing PDFs – while another area invests in alternate publishing processes that avoid PDFs entirely.
Neither area gets additive value in this case. In fact, for them now to interact they might need something (either new technology or a manual process) to bridge the gap.
Ensuring the Constructive
So in light of this, the question for those with a practical bent is how they can ensure that the investments in their organizations are in the former group (working productively together) rather than the latter group (interfering with and detracting value from each other). There are a few ways to approach this, but leveraging principles from governance of enterprise IT can be particularly helpful.
Now, in saying this I fully understand that many technologists have a perception of governance as something stodgy, boring, and stifling to innovation – i.e. the kind of thing that old, stale, and inflexible organizations do and not the kind of thing that nimble, flexible organizations do. And it’s not hard to see where that reputation comes from.
Many governance initiatives in days gone by have not been the most conducive to rapid change and may not be best suited to the environments most of us are in right now where technology is changing at a breakneck pace. That said, it doesn’t have to be that way. There’s nothing about having a disciplined approach to technology use that means your organization can’t be flexible, move quickly, and adapt to a rapidly changing context.
Recall what governance is all about. Specifically, the purpose of governance is to ensure that enterprise resources – including technology and technology investments – are used to the maximum effect to generate value for the organization.
That’s not just about servers, workstations, and legacy applications – it applies to cloud, containers, mobile, and other technologies as well. In short, governance as a concept is about making sure that the right technology is there to help the business – and individual stakeholders within it – be most effective, most competitive, and most efficient.
It does this by making sure that the technology in use ties back to business goals. Those business goals can include principles like agility, resiliency, and flexibility – meaning that the goals of being adaptive can actually be written in to the governance model itself. This can help you even be more agile and fluid when a structured governance approach is used because the technology you invest in is forwarding that goal just as much as it forwards others.
The point is, formalized governance frameworks and methodologies (e.g. COBIT, ITIL, etc.) can potentially help as organizations are inundated with non-stop changes to the technology landscape. In particular by helping to make sure that technology investments are working constructively across areas.
So if you’re not using any kind of systematic approach to governance, starting now might not be the worst decision you’ve ever made. But even if you don’t have time to do everything outlined in these frameworks, you can still get quite a bit of the benefit in tailoring some of the specific pieces for your organization. For example, having a systematic way to understand your organization’s goals and a way to tie those goals to specific IT goals (and, in turn, assets and investments) can be a huge help.
Ed Moyle is Director of Emerging Business and Technology for ISACA. Prior to joining ISACA, Ed was a founding partner of the analyst firm Security Curve. In his more than 15 years in information security, Ed has held numerous practitioner and analyst positions including senior manager with CTG’s global security practice, vice president and information security officer for Merrill Lynch Investment Managers, and senior security analyst with Trintech. Ed is co-author of Cryptographic Libraries for Developers and a frequent contributor to the Information Security industry as author, public speaker, and analyst.