Follow sourcingfocus on Twitter

Moving from a reactive to a proactive approach to IT

by Nigel Crockford, Business Development Manager, eSpida

Today’s businesses face threats from two main sources: a lack of strategic alignment internally and malicious attacks from hackers externally. This leads many to fall into the trap of taking a reactive approach to IT, constantly fire-fighting to resolve operational issues. Here, Nigel Crockford, Business Development Manager at IT consultancy eSpida, explains why this approach of running-to-failure is not helping your business grow.

There is a tendency in most businesses for people to work in silos. According to a study by Harvard Business Review, 75 per cent of cross-functional teams are dysfunctional. Whether it’s because of budgets, scheduling, meeting specifications and customer expectations, or aligning the goals of your department with that of the company’s corporate goals, creating a unified approach to IT can be difficult.

This lack of a joined-up approach means that most businesses take a reactive approach to IT, dealing with problems as they arise. Factors such as ageing equipment, a natural disaster or a security breach inevitably demand time and attention to solve and can cause costs to spiral.

Optimising IT

A company’s ability to handle such problems can be measured using the infrastructure optimisation (IO) model developed by Microsoft. It categorises an organisation’s level of IT optimisation into one of four categories: basic, standardised, rationalised and dynamic.

Companies with basic optimisation only deal with IT on an ad-hoc and reactive basis. They are driven by problems and simply want to survive with the least downtime possible, which usually propagates a culture of running equipment until it fails. The problem with this approach is that it diminishes the ability of leaders to accurately control growth because they constantly have to fix problems that could directly impact operations.

The standardised approach, while still reactive, is more stable. Here, the business has taken steps to put some procedures related to change management and planning into place. Upgrades are request-driven and there is a mentality of “keeping it running”.

The rationalised approach is the point a business becomes proactive and it’s where most large businesses currently sit. There is usually a dedicated IT department, with well-defined IT roles such as Network Architect, Software Engineer and Project Manager. The business has a good grasp of formal change management methods, there is accountability across the board, increased monitoring and defined service level agreements (SLAs).

As a result, under the rationalised approach, IT management becomes more predictable and the organisation becomes better at dealing with disaster recovery and business continuity problems.

Finally, we come to dynamic optimisation. This is for large scale, usually multinational, businesses such as global courier services and banks that deal with hundreds of thousands of transactions at any one time. This kind of organisation would fail if it didn’t take a proactive approach to IT, as systems are highly optimised and there is a core focus on cost reduction and quality improvement.

Dynamically optimised businesses are agile and better able to recover from malicious attacks and natural disasters. This characteristic means they take the lead in delivering high availability and resiliency and yield a better competitive advantage as a result.

Needs vs. skills

While no organisation actively wants its IT system to only be basically optimised, moving to the next level up is not always easy. Managers that want to improve their IT optimisation need to understand their needs in sufficient detail. To understand their needs, they need the right mix of people with the knowledge, skills and experience to improve processes.

A growing skills gap in the technology sector means that the necessary skills are increasingly becoming more difficult to find in-house. According to the latest Hays Global Skills Index report, “skills shortages remain prevalent, particularly in technical engineering roles, specialist technology and qualified finance roles”.

As a result, 72 per cent of businesses currently outsource their IT infrastructure, according to Deloitte’s 2016 Global Outsourcing Survey.

However, for all the benefits that outsourcing provides, it still has its caveats. Vendor managed services can suffer from poor service quality, a lack of responsiveness, a lack of innovation and a reactive rather than proactive stance to dealing with problems.

IT leaders that outsource without carefully considering exactly how it is helping the business compensate for its own lack of skills might find that they only displace the problem rather than solve it.


As a business that provides IT consultancy for a wide variety of customers, eSpida believes in the concept of rightsourcing. Whereas outsourcing involves contracting the work out to a third-party service provider, and insourcing involves keeping the work in-house based on current skills, rightsourcing is about selecting the best way to procure a service.

This might mean upskilling existing staff by improving training or working with third-party suppliers to become better at managing IT to deliver value to the business.

The first step in this process is conducting an IT healthcheck. Here, IT leaders need to audit the business for current and future projects to see where infrastructure problems could occur and whether the current systems and people can meet this demand.

For example, a construction business might have upcoming building projects where an increase in the number of users on site will increase the need for connectivity. The same project might need to cater for the scheduling of delivery vehicles, networked devices, remote working, dispatch and onsite project management tools.

Once the cost, budget and business impact has been considered, IT leaders need to look at whether the business has the right skills to achieve the project in-house. To help match the skills of the workforce to the needs of the business, leaders can use the Skills Framework for the Information Age (SFIA).

The SFIA model rates the IT competency of a business on a scale of one to seven, one being the basic ability of the ICT professional to follow and complete tasks under supervision, and seven being the ability to set policy, inspire and mobilise.

Most businesses operate at around four to five on the scale. Here, departments begin to move out of silos and operate with a higher level of technical skill, using a strategy that enables the IT people to advise the business more proactively.

Moving to the next stage on the model, up to a five to seven on the scale, is the point where many businesses seek help from external consultants to provide specialist support on how they can provide a dynamic response for their entire operations around the world. Moving to a more dynamic position involves the delivery of an IT system with built-in high availability, resiliency and the ability to recover quickly from disasters.

Malicious attacks such as those seen in the recent WannaCry ransomware attack affected around 230,000 computers in 150 countries around the world, including the UK NHS. Some of the systems in the NHS were so badly affected, it had to limit them to an emergency-only basis during the attack. Having a disaster-recovery plan for these situations, means that data can be recovered quickly to get the business operational.

By changing their approach to IT from one of running equipment to the point of failure to one where skills, agility and rightsourcing are prioritised, business leaders can spend less time fire-fighting and more time growing the business.


  • Favicon
  • Digg Favicon
  • Facebook Favicon
  • NewsVine Favicon
  • Reddit Favicon
  • StumbleUpon Favicon
  • Technorati Favicon
  • TwitThis Favicon