Expert Talk: “Modern IT infrastructure is like a saw: it needs regular sharpening”

Jan, during your time at Comma Soft, you have supported numerous companies and large corporations with modernizing their IT infrastructure. What questions do you get asked most often?

It depends on what the existing IT landscape looks like, which systems will continue to be operated and which will be replaced over the course of the modernization. The organizational structure of the company plays an important role. Above all, the first question to ask is: why do I want to modernize and what does that mean for me? Twenty years ago, for example, Active Directory from Microsoft was the most modern thing imaginable for managing user groups, services and servers. Today, cloud-based identity-as-a-service solutions like Azure AD are state of the art. In addition to all this, companies obviously want to know how long a modernization project will take and how much it will cost. The answer to this question can only be given reliably once the initial situation has been established.

Why is the need for modernization so urgent, especially with regard to Active Directory?

Active Directory has been an incredibly successful and robust product and has been the de facto standard enterprise directory service for nearly 20 years. As a result, almost everything related to authentication in a company has relied on Active Directory for the last 20 years. This is now becoming problematic when companies want to migrate to the cloud: Active Directory is simply not designed for the cloud. Microsoft is also no longer developing technical upgrades for the product, so this situation will not change. Modern security features such as multifactor authentication and (risk-based) conditional access, which are available for Azure AD, can therefore barely be implemented with Active Directory, if at all. Aside from this, it is also very time-consuming and cost-intensive to make a service such as Active Directory itself available globally in a highly accessible and secure manner. There are a lot of issues to think about, such as backup & recovery, physical security and networking. This clogs up IT resources that are then lacking elsewhere. This is where today’s as-a-service solutions come in: companies can hand over most of the responsibility for delivery to the service provider. Since such a service provider specializes in the relevant topics, it can also approach the issue much more professionally than a single company.

Despite these advantages, many companies shy away from modernization. What holds them back?

The goal of modernization is to consolidate the IT landscape. Legacy systems are replaced, migrated and merged. This is time-consuming and requires thorough preparation. The process should not disrupt ongoing operations, and everything should run smoothly after the migration as well. This is just as true for a bank with a mainframe as it is for special solutions in manufacturing. No company can afford to fall behind. Besides the day-to-day operational tasks, however, there is often hardly any time to deal with this in depth. This always brings one of Covey’s analogies to mind: the man who doesn’t take the time to sharpen his saw because he has to cut down so many trees, and as a result becomes increasingly unproductive over time. I can only recommend regularly re-sharpening the IT landscape and not putting off this task for too long. This may not seem feasible for some companies on their own. But then again, it doesn’t have to be – because this is exactly where my colleagues and I are happy to help.

What does this support for modernization look like in practical terms?

The first step is to take a thorough inventory: what systems are in place, what are they used for, what data are managed and processed with them? Then, together with our customers, we prioritize where the need is currently greatest: where are processes stuck, where are there bottlenecks and security gaps that need to be eliminated as quickly as possible? Is it worthwhile for the company to migrate completely or partially to the cloud? Then, we create a roadmap that lays out the steps and timeline. It is important to talk to more than just the IT department. In most cases, it is the users who know best where there is a need for improvement and they often already have very specific requests. What’s more, such a modernization project does not only involve a technical changeover. It also affects the processes, the way people work, the organization and the attitude to how data are handled. This requires change management. Here, too, we are happy to recommend measures and approaches. During the implementation itself, the company decides whether it wants to take the next steps on its own or makes use of support here as well. The latter is usually the case and, from my point of view, also advisable. After all, anyone who has worked with the same or at least similar structures for years will rarely be able to adopt a different perspective overnight. Ultimately, a lot of work and often heart and soul go into it.

Looking back at your most successful projects, can you identify best practices that can provide guidance to other companies?

There are, in fact, underlying attitudes that are always found in companies with a modern IT infrastructure. One of these is having a cloud-first strategy. In addition to cost and scalability, it is particularly important to ensure that IT and cyber security can be covered for all data and systems. Another is for companies to be able to respond flexibly to changing requirements such as home office requirements, delivery bottlenecks, and so on. In keeping with the concept of a composable enterprise, cloud-based as-a-service solutions can be added as needed, scaled in all directions, or even switched off. Structured review processes are another important element. Companies that want to stay modern need regular checks, ideally every two to three years. A check is made to see where systems may leave something to be desired in terms of support or will soon be discontinued, which new technologies make sense, how well interoperability standards can be maintained, etc. Once such a review process has been set up, modernization projects can be planned and budgeted for more effectively, and the risk of an outdated IT infrastructure is reduced. Finally, in companies with a modern IT landscape, I see the issue being driven by management and the board. This is important if a holistic approach is to be taken and not just selective improvements made. After all, IT and data strategies are not an end in themselves, but should contribute to the company’s goals. In my view, close dovetailing is the key to an all-round modern company.