How To Develop An IT Strategic Plan

IT-Toolkits_change_8

Developing an IT strategy will help better-align your department with the business, The Advisory Council suggests. It also identifies three key leadership responsibilities and offers tips to protect your servers from hacker attacks.

Company Vision, Mission, and Objectives
Creating an IT strategic plan requires a focal point, which is usually drawn from the corporate vision, mission, and objectives. If a written statement doesn’t exist, an unwritten understanding almost always does. The first step for an IT strategy is to clarify this business vision, mission, and objectives. The vision may be a simple slogan: “Service with a Smile” or “Shelter for Everyone,” or a more detailed statement. Often, the means to achieve the vision is equally important, such as “increasing long-term shareholder value,” or “improved services for the homeless.” By looking at these objectives you can derive your specific goals for the coming year.

Business-Driven Priorities
Even if there’s no strategic plan at the business level, organizational sub-units usually have:

    • Growth plans (revenue, staffing, etc.);
    • Action plans to meet objectives;
    • Spending plans;
    • Sales targets;
    • Upcoming acquisitions or partnerships, and;
  • Plans to lower the cost of operations.

These plans can be used to help create next year’s technology plan, and are often indicators of the unstated corporate strategy. Draw them out by having your senior IT managers interview the business leaders. In addition, the IT organization has a wealth of data of its own that can help you plan for future growth, as described below.

Results-Driven Strategy
Your IT plan also should take into consideration and be based upon past accomplishments and information use:

    • Current Technology Usage — Outline your accomplishments for the previous year, highlighting technology usage by organizational unit;
    • IT Resource Allocation — Establish a resource and business impact list: To which specific business function does each resource contribute? Use data from existing technology use, such as growth in help-desk calls, disk utilization, server capacity, disaster prevention, etc., to show trends;
    • Technology Architecture — Define an overall technology architecture that shows the governance of processes as well as the applications and the infrastructure.
      Contact the organizational units directly to find out what plans they have for next year and:
    • Brief them on the above data;
    • Ask them about areas of additional investment in technology that the unit plans to make, and areas where they need your support;
    • If the business units have either financial or other production and sales objectives, ask what specific technology is required to meet these objectives, and how it will be funded;
    • Use your IT resource-allocation information to suggest additional investments, and;
  • Provide easy-to-fill-in templates to collect project details.

Define The Road Map
The IT strategy plan is a decision document for investment and for ongoing expenses. Once all the data has been collected, it must be collated into a master project list that includes each project’s funding requirements. Prioritize according to:

    • Project classification, based on such characteristics as return on investment, opportunity costs, alignment with objectives, and other variables of the business and environment;
    • Performance measures, and;
  • Resource management.

As some projects may span years, future resource allocation and performance measures need to be clearly defined.

It’s also important that your road map isn’t just about new projects, but also about managing technology. If there’s a constant shift in priorities, a process that can manage these changes needs to be defined. Your Current Technology Usage, IT Resource Allocation, and Technology Architecture pieces should quickly become guiding documents for your current as well as future strategy.

Be sure to follow up quarterly with reviews that assess implementation, the projects’ impact on business, and performance measures. All of these will enhance the value of your company’s technology use, and help in making IT a strategic partner in business objectives.

Driving Business Value
The whole point of aligning IT with the business is to provide value by using technology in a way most profitable to the organization. Some of your work may be reactive (to market conditions and competitors’ uses of technology); some may be collaborative (working with the business to define solutions to business problems); and some, at its best, will be innovative (to advance new business objectives).

Advancing Your Career
The business world loves people who think strategically. Add the ability to innovate and execute and your career will get a high-octane boost. Putting together an IT strategic plan and helping the business build (or at least think about) its strategy will enhance your value and accelerate your career. Modeling strategic planning in your department may even nudge the company toward its own, comprehensive strategic plan!

Topic B: How can we protect our servers from the continuing waves of hacker attacks?

In October 2002, a group of hackers from South Korea and the U.S. flooded the 13 domain-name root servers using a common distributed denial-of-service attack. Even these extremely over-engineered systems couldn’t completely withstand a full frontal assault. So while you might not be able to stop a concerted attack on your servers without spending large amounts of money and resources, keep in mind that simpler, commonsense precautions are all that are necessary for the majority of companies.

There’s no doubt that the hacker community is getting more sophisticated about how to infiltrate and attack systems, but their laziness and automation works in your favor. You can set your systems to block all the well-known forms of attack. By implementing the following Server Security Checklist, you will stop all but the most determined hacker:

Consider hosting your externally facing servers in an outsourced, secure data center. The hosting company has far more resources dedicated to preventing attacks than you do.

Remove all unessential services and applications from your servers. This minimizes the likelihood that, when a new security hole is discovered, a hacker will be able to exploit it because you simply forgot you were running that service.

Make sure all your systems are automatically updated with all the latest patches. Minimizing the server’s applications also makes it easier to maintain, since you can focus on ensuring that patches are current on all the services it does provide.

Never keep the manufacturer’s default security settings. The hackers know these holes better than you do, so don’t make it easy for them.

Fortunately, once you’ve implemented these steps, and unless you are a high-profile hacker target, you can prevent the vast majority of security breaches and Web-site defacements.

Topic C: What are the most productive tasks an IT leader can focus on?

  • Vision — A clear, inspiring description of a wonderful future condition, robust enough to provide context and priorities for operational initiatives.

Visions need nurturing. To start, they need visionaries. Part of the process of describing the “wonderful future condition” is a flash of insight that takes the realities of the current condition, the future possibilities offered by technology, and the future context supplied by societal and market trends and, based on that incomplete and contradictory data, leaps to a simple picture five years out. Second, visions need to be visualized, or captured graphically. Third, theyneed to be restated, over and over, until your most junior developers can recite the vision word-for-word. Finally, visions need to be refreshed and updated.

  • Values — A clear understanding of what your organization, top to bottom, considers “good” and “bad” behavior.

Every organization needs clearly articulated and commonly accepted values from which to work. Their absence guarantees inconsistent behavior and perceived injustice in reward and punishment, both of which will have a negative impact on productivity, staff retention, and user relations. To avoid making every decision yourself, you must teach your staff your decision process: how you gather data, how you identify alternatives, and what values and principles you apply. Without this empowerment, you can’t trust your organization to “do what’s right” without your micro-management.

  • Victories — Making sure critical tasks are done with excellence, and then celebrating their achievement.