When designed and functioning properly, IT governance plays an integral role in aligning IT and business goals, helping to focus, fortify, and advance an enterprise’s overall business strategy. Yet all too often, IT leaders fall victim to popular misconceptions that not only derail effective IT governance, but directly conflict with key business objectives. The final outcome is an enterprise that’s burdened by unnecessary risks, compliance vulnerabilities, and missed opportunities, among other serious deficiencies.
Getting IT and business governance frameworks to run smoothly and on the same track requires avoiding the many fallacies that have emerged over time to derail otherwise sound strategies. Here are seven particularly destructive myths you should immediately dodge or ditch.
1. Outsourcing a business process outsources its risk
Many IT leaders blithely assume that third-party vendors practice good cyber hygiene. “[They] often fail to perform due diligence to validate that the vendor is … operating basic IT controls over all aspects of their enterprise,” observes Tom Garrubba, vice president and CISO at Shared Assessments, a global membership organization dedicated to developing the best practices, education, and tools needed to drive third-party risk assurance. “Such blind faith can immediately catch the outsourcer off guard in the event of a cyber incident, including system unavailability.”
Garrubba advises performing periodic, detailed assessments aimed at validating vendors’ IT hygiene controls and how they align with the risk of the data being handled. “Additionally, it’s wise to continuously monitor [vendor’s] cyber performance with various tools to ensure they’re living up to expectations,” he adds.