Whenever you move quickly to solve problems and deliver changes you risk the chance that you will introduce errors due to omission, ineffective testing, and lack of time to deepen your understanding of the real needs.
This challenge is well known in software development and is usually known as “technical debt“. Designing and building complex software systems is a tough job, It is even more difficult when there are budget constraints, high-pressure deadlines, and a rapidly evolving operating environment. Consequently, from the day a software solution is placed into service it is recognised that there is a “technical debt” that must be repaid to repair, update, or redesign aspects of that system to ensure its smooth operation. It is an issue much analysed and debated over the years by authors such as Philippe Kruchten,
It is perhaps no surprise, then, to see that the Covid-induced panic of early 2020 has created a significant “technical debt” that many organizations will be paying back for some time to come. The most obvious example is in areas such as data privacy and cybersecurity. The rapid shutdown and subsequent lockdown of offices and factories forced many companies into remote working scenarios that had previously been considered impossible or ill-advised. Individuals working from home needed to get on with their daily activities, so IT teams did all they could to keep things moving. They have been hailed as heroes in ensuring business continuity in extraordinary circumstances.
But, inevitably, a mountain of “technical debt” now awaits every organization. With sensitive information stored on the family laptop, data shared over a myriad of external filesharing systems, misconfigured unsecured wifi connections, and much more, the IT issues that have to now be addressed seem unending. And the opportunities for fraud, errors, and abuse are unprecedented. Not only are there dire warnings of Covid related scams, there are also now government-issued warning about the cybersecurity threats that hasty Covid-based decisions have only sought to exacerbate.
A very useful summary of many of these issues published in the LSE Business Review highlights many of these concerns with regard to cybersecurity. The authors emphasize that the abrupt shift to remote working has amplified cybersecurity problems. They identify 3 main reasons for the concerns:
- Distributed creation and storage of information is a door half open
- Remote employees are easy targets
- Distributed setups complicate security breach discovery and counterattacks
So what can be done? A lot of hard work is needed to now comb through the actions and events of the last few months to understand what has happened. This in itself will be a challenge. Much of what has occurred happened quickly, sometimes via informal channels, and typically without clear auditable decision making. Unpicking it will be time-consuming and difficult.
However, more than that we now need to learn from the experiences with dealing with “technical debt” from the software development world to ensure rigorous approaches are introduced to examine the IT solutions in place, strengthen governance rules around the use of IT services, and bring in more visibility and transparency into the software and systems delivery process. There have been many advances in areas such as devops and value stream management. This is a chance to rethink how IT solutions are developed and delivered with an appropriate balance between speed and stability. That way the heroics of IT service delivery over the past few months will lead to a long-term positive legacy of reducing “technical debt” for all.