Skip to content


Business and IT Alignment Priorities

By: Dataprise

4 Tips to Achieve Business and IT Alignment

Table of content

Aligning an IT strategy and long-term business goals is a stumbling block for nearly all organizations. To a certain degree, it includes making serious sacrifices along the way for the greater good of the organization. The problem is deciding how and where to compromise on your business alignment.

To explore the idea that balancing priorities for better business alignment starts with evaluating individual risks based on where the business is heading, I caught up with Dataprise’s Director of Infrastructure Management Ryan Miller. Here are four takeaways from our conversation:

1. Understanding the Impact of Misalignment

Every IT department has some experience with cutting corners due to a lack of resources. A program might be good enough for the business today, but entirely unsuitable if there are new demands tomorrow. A CIO might reasonably delay updating equipment to stretch the life of an asset, creating infrastructure or security gaps that will eventually come back to haunt them.

So, because there is no question of whether a business will feel the effects of poor misalignment, the real question becomes how will end-users consume the technology and what will happen if it breaks down in a day (a month, a year)? If a company doesn’t have the bandwidth to fix a business and IT alignment problem, the consequences can be staggering for the business.

2. Bleeding Edge Vs. Leading Edge

Business alignment can’t be achieved without first having a fundamental strategy for upgrading. It can be tempting to select the latest technology available, but there is a cost to this. While the newest generation might be better than the previous iteration, it’s also untested. There is no shame in being one generation behind when the trade-off is knowing that it’s had time to prove itself on the market.

3. Standardization in the Face of Business and IT Alignment

Standardization can help a company by bringing everyone on the same page, but it’s important to both define what this means and understand that it’s just one element of proper business alignment.

Standardization does not mean picking one brand and sticking with it. Instead, IT staff need to focus on setting the right standards for functionality and building an architecture that can support each component — regardless of the manufacturer or vendor.

4. Setting the Right Timeline

The deadlines for IT must align with what other departments will need, while considering future business goals. For instance, a company that is growing may need to keep its IT standards ahead of the curve, effectively building out capabilities that they will not technically need for a while. Decision-makers also must look at how outside factors will interfere with their plans during this critical period. For instance, an unexpected chip shortage can delay a project for weeks, which could ultimately throw the whole business out of sync.

Business Alignment Looks Different for Each Business 

Business and IT alignment can only work if everyone is working from the same premise. A business that is consolidating is going to have different technology needs than one that’s doubling in size. To limit the number of snags in the process, IT cannot discount how their decisions impact the larger organization’s plans.

What Is Security Culture? 

Security culture is a collection of practices, processes, and procedures designed to minimize security risk and create a shared mindset among the workforce that effortlessly embeds security into all aspects of the organization. Everyone from the CEO to the first rung of the proverbial corporate ladder plays an equally important role in cyber security, and all employees must understand their responsibility in preventing security incidents. 

How do I know if our corporate culture is the problem? 

Every corporate culture is different, so we provide four tips that allow you think about your own culture to determine if it puts you at greater risk of a security incident.  

4 Ways Your Corporate Culture May Make You a Target

Tip #1: Remove the Stigma

In many companies, there is a stigma around being “patient zero” with regard to security incidents. Companies with a poor security culture may either ostracize or take disciplinary action against employees who cause security incidents, which makes them less likely to report incidents for fear of embarrassment. If employees don’t report security incidents, it takes much longer to detect, isolate, and ultimately resolve the problem. 

Although nobody wants to be the employee that caused their entire infrastructure to be crippled by WannaCry ransomware, a company with a well-established security culture is at a reduced risk of significant impact because people aren’t afraid to report incidents. If an incident does occur, employees know who to contact and what actions to take to halt the spread of infection.

Tip #2: No company is too small to be a target. 

“My company is only 50 people. What cyber-criminal would want to attack us?”

Cyber-criminals don’t care about the size of a company; they seek out the most vulnerable area of a company – its staff. Whether a company is 50 people or 5,000 people, the staff is always the largest attack surface in any organization, and it is critical that they play their role as the “human firewall” to protect against security incidents. 

Employee security training arms them with the knowledge they need to be able to identify suspicious activity, and teaches them how to respond appropriately if an attack is successful.    

Tip #3: Don’t be so trusting.

We’re not saying don’t trust your coworkers. You should trust them, but only with the right things. Trust that they’re not going to eat your sandwich when you leave it in the break room refrigerator. Trust that they won’t repeatedly press the door close button as you sprint toward the elevator at quitting time. However, do not trust them with your personal data. If in doubt, here are some things to remember:  

  • Your passwords should never be provided to someone else under any circumstances
  • Lock your office door when you leave
  • Lock your computer when you leave it unattended
  • Don’t leave papers with sensitive data on your desk

TIP #4: Eliminate Role-creep

Role-creep is the continuity of access rights and permissions that an employee has as they change positions within a company; in many smaller companies, role-creep runs rampant. Here is an example of role-creep: 

Joe Everyguy starts at a company as a senior account manager and receives all access rights associated with the role. Later, he accepts a new position as a marketing analyst, but maintains all the rights associated with the senior account manager. He has far more access now than is needed for his new role. 

Keeping accurate privileges is not only good housekeeping, it also maintains alignment with the industry-recognized best practice of the principle of least privilege, which ensures that users operate at privilege levels no higher than necessary to complete their job functions.  

How Do We Improve? 

To ensure that security is embedded in all aspects of the corporate environment, corporate and security culture must be intertwined. Doing so promotes all the benefits of a friendly, productive, and most importantly, secure workplace. 

This type of environment is attainable, but it does not appear overnight and takes effort from the entire organization. Going from a lax environment to one with stricter security policies and controls could have a negative impact on your staff, so it’s important to take the time to explain the reasons thoroughly to ensure the staff not only understands the benefits, but also supports the new initiatives. 

A great first step is providing employee security training. Training provides real-world examples so your staff knows how to identify suspicious behavior. It also provides the following benefits: 

  • Builds an internal culture of cyber security and security competence
  • Educates employees on how to reduce risk and protect company data and information
  • Motivates employees to improve their behaviors and incorporate security concerns into their decision making
  • Shows customers that your organization cares about protecting their information

As an experienced Managed Security Service Provider, Dataprise can help integrate security best practices in to your workplace to help make your data and your customers’ data more secure. To learn more about how Dataprise can help you, visit our Security Services page here.

Recent Tweets


Want the latest IT insights?

Subscribe to our blog to learn about the latest IT trends and technology best practices.