More Bad News?
Yes. And the bad news (like above is not enough) is that this is not all. There is also myriad of additional Operational Expenditures (OPEX) that are arising from the regulators requirements, on the subject of your organization handling of:
In case you are not aware there is even a new “kid on the block”: Data Protection Officer, aka DPO. Sometimes known as: Chief Compliance Officer. Whose job is to “help” to firmly keep the organization in the sweet spot intersection of the three above.
Therefore calculate this three into every project costs and be sure that everyone understands which “call for action” is going to take which percentage of costs related to Compliance, Risk and Security.
The Legacy Issue
In every medium to large company, every CTO and/or CIO life is one endless waltz with suppliers of energy, goods, people and software. And they all know it, and they are waiting for CTO/CIO to get tired. They are circling and forever waiting for the right moment to insert the latest and greatest “solution” with nicely hidden costs inside.
And they are always close to you (the CxO) so that they know your weak points. They call them very nicely: “pain points”. There is constant stream of ideas and solutions how to relieve you of your “pain points”.
Which are very often in the form of some legacy IT that you can not just simply “switch off”. On one side you (the CTO/CIO) have company board demanding ever more cost cutting, because yes “IT is an overhead”. And yes they will never let you even plan a replacement, of some back end IT from mid 20-th Century. Unless you come with some “rabbit out of the IT hat”, which if you are clever enough can be some Cloud Computing solution. That is until “board security concerns” stop you.
But it is not as bleak as that. There are “legacy system failures” waiting to happen and to be happy about. You know they will happen and you are prepared. You have done the “blame delegation” and now The Board realizes at last, “something has to be done” and all eyes are on you (the CTO/CIO). It is your moment to charge. Hordes of VAR’s are already circling around. They have already smelled the prey: THE BIG ORDER. But who are they?
Ah. Good old Value Added Resellers aka VAR’s. Everyone knows how to handle them. You “just” have to be clever enough to choose the lean and hungry VAR’s which will do that 1% less in costs and offer that 1% more in services. And who will also stay in the business long enough. For example, longer than your retiring date, would be good enough.
Back to the big order. Even more than big orders, VAR’s do like long contracts. Some VAR’s will do anything to assure long contracts. But.
Change inside company IT landscape, to make it more modern and cheaper,inevitably means few legacy contracts will have to end. I had quite a few good VAR’s to support me when I need the support most. But on the other side, I have seen situations where VAR’s have been allowed to play internal games in some organizations. That was the extent of the pressure they have bee prepared for, when they realized they might lose decades old legacy contracts in place. Never sleep with both eyes closed when VAR’s are around. Never rest.