We operate our businesses in a world where every company is a technology company and the number of risk factors associated with company data are increasing exponentially. Decisions are being made with too little information, in an environment where new technologies are being introduced at a rapid rate, regulatory requirements are constantly evolving, competition is increasing, and data breaches are on the rise.
The amount of data that is available in today’s business environment is at an all-time high. The proliferation of federal, state, local and industry-specific regulations make compliance and security that much more complicated. The Code of Federal Regulations (which lists all general and permanent Federal rules and regulations), for example, has grown from 54,834 pages in 1970 to 185,053 pages by the end of 2016.
Data is also no longer centralized within a company’s data center or services. Third-party data stores (such as ERP platforms, PEO and PRO vendors, AWS, Azure, accounting packages, payment processors, CRMs, and IoT devices) are contributing to company data increasingly being distributed across multiple platforms. This causes a greater need for out-of-the-box approaches to risk management and data protection.
Traditional risk management approaches associated with company data are inadequate and expensive. These methods typically consist of interrogative approaches that rely heavily on employee characterization of day-to-day operations or manual discovery that may be subjective and incomplete. Assessments completed by third-party experts often lack consistency and thoroughness, as these outside resources may not be familiar with a company’s overall risk management framework or platform configurations.
Benefits of a Data-Driven Approach
As data becomes an organization's critical asset and the complexity of protecting that asset increases, companies must adopt new, modern methods of managing data risk within their organizations. Those methods make use of the immense amount of information that is generated from data points across the company and track them to determine strengths and weaknesses in the organization’s technology operations. This type of methodology fosters an objective approach that is repeatable and consistent, regardless of the operator. It allows companies to remain current on the latest technologies, vulnerabilities and fixes; encourages the use of general and industry-specific best practices; and promotes an environment in which ongoing oversight is supported and encouraged
Services Provided by Corsis
Corsis has set the industry standard for providing a decision making platform that scores technology operations. The Corsis platform provides a revolutionary new way to visualize the health, risk and opportunity within an organization’s technology operations. This SaaS application consolidates IT assessment, compliance and risk management activities into one powerful tool that replaces traditional due diligence and IT consulting models.
What makes Corsis Unique?
Corsis’s score-based approach provides our customers detailed analytics across specific areas, allowing them the ability to self-assess and take action based on those assessments. The process evaluates hundreds to data points across a company’s technology operations and compares them to an extensive library of best practices to produce a score. Assessments topics may include common regulatory frameworks like HIPAA or PCI or compliance standards like SOC. The score provides the user with a clear understanding of their organization’s strengths or weaknesses. The chart below shows overall scores (on a scale of 20 to 100) of companies assessed using the Corsis platform. Here we see, in general, companies show weakness in their business continuity plans and documentation while this sample of companies show strength in their compliance operations and ERP systems.
Additionally, Corsis’s scores can be used to provide insight into whether or not a company is prepared to execute a growth strategy. In the chart below the Corsis score is being used to give new meaning to a common business strategy quadrant chart.
The Corsis best practice library and powerful scoring algorithm allow benchmarking against industry peers and provide detailed and customized technology remediation roadmaps.
Companies typically maintain significant vendor risk. Under HIPAA, for example, hospitals are responsible for data breaches of their vendors. Corsis’s scoring technology presents an easy way for our clients to stay on top of their vendors’ compliance status.
Use Case: M&A Transactions
Corsis has developed a repeatable methodology to assist companies going through the merger and acquisition process. This approach focuses on benchmarking against industry peers, developing a remediation strategy, and validating a company’s investment thesis by using the business intelligence platform developed by Corsis. The tool is designed to measure a company’s technology operations in each of the following areas: organization, infrastructure, software development process, information security, documentation, application architecture, compliance, business continuity and enterprise systems.
Use Case: Cloud Computing
It’s important to note that cloud platforms don’t decrease the need for infrastructure and security expertise. The thinking is that these platforms are so easy to manage that developers can handle any required provisioning. However, these individuals are often focused on shipping new features and are not often up-to-date on the latest features of the platform, or proactively monitoring for vulnerabilities and potential breaches. A data-driven approach makes highlighting best practices easier and provides statistics to back it up.
Corsis has provided technology leadership to many venture-backed, cloud computing-based platforms as they have grown from start-ups into mature operations.
Companies must also ensure that their vendors adhere to strict compliance standards. Large corporations with strict security and compliance requirements use Corsis to assess and monitor vendor and partner firms against their customized standards as well as standards established by federal rules and regulations.
Every company is now a technology company, and because of this new reality, risk factors associated with company data have increased exponentially. Traditional risk management approaches are no longer enough to offset the new levels of data availability, the sharp increase in third-party access points, and this new era of big data. A methodology that is based on empirical data gathered from critical points across the organization is the only way to keep up with today’s growing demands.
Corsis is well-positioned to provide you with the business intelligence needed to keep up with an ever-riskier world and make wise decisions that will positively impact your compliance and risk management activities.
Request a Demo
Leah Esan, Director of Client Engagement
In 1935, a golfer by the name of E.F. Staugaard carded the lowest score ever recorded in a golf game. His reported score was 55 on the par-72, 6,419-yard Montebello Park course in Montebello, California. Tiger Woods’s lowest recorded score, by comparison, was a 61. Regardless of whether you are a pro-golfer or technology executive, scores matter.
Scoring in sports is important because it lets players and fans know on a consistent basis where they stand. It is an equally important tool for managing your technology operations, risk and compliance. A score provides (took out someone) instant feedback that is tangible and backed by real data. It also indicates where improvement is needed and what is being done well. A score can enhance (took out your) performance by providing benchmarks for an easy peer to peer comparison.
When a scoring methodology is applied to critical technology operations, clear, objective and quantitative decisions can be made. Being able to score your company’s application architecture or infrastructure configuration, for example, against industry standards removes the guesswork from managing operations.
The following are just a few of the reasons why scoring your technology operations can be of great benefit.
Thoroughness of the Assessment
Scoring cannot happen without rules on which to base a score. This forces a company to establish a detailed system of requirements in the form of policies, procedures and day-to-day activities. A well-defined set of rules can be focused on particular aspects of your operations and tailored to specific business needs. Most importantly, its level of specificity can ensure that you get a thorough an evaluation of your technology without missing critical business details.
Decisions are Clear and Impartial
Scoring simplifies decision making. The volume of technology solutions available today can be overwhelming to any organization. By employing a process of scoring operations that map back to corporate priorities, best practices and governance requirements, decision making can be simplified. Additionally, scores provide the data necessary to facilitate faster decision making and the basis for explaining or defending decisions to others.
Benchmarking Against Peers
A score allows you to benchmark your performance and determine if you’re operating at your best. These benchmarks can be internal within your company or in comparison to your industry peer group. Benchmarking can then be used to identify gaps in your company’s processes and can help you achieve a competitive advantage.
Scores Can Be Customized
An organization's priorities change over time and certainly differ from the priorities of their peers. As such, having the ability to weight scores based on what matters most to executives and technology managers is important. Acknowledging that all tasks aren’t equal in importance and being able to customize how important each task is to a company’s overall score is necessary for a score to be relevant to you.
If you ask any professional golfer or athlete if scores matter, the answer will undoubtedly be yes. In business, when conducting an assessment of your operations, evaluating the performance of an employee or determining where to invest next, scores help by creating tangible measures that are easy to understand and clearly show where improvement is needed.
Many companies feel that information security and compliance spending is a necessary evil and just another cost of doing business. However, Corsis has found that with the right planning and implementation, investment in information security technologies can yield valuable opportunities and attract customers.
Using Corsis+Data, we recently analyzed 40 technology service organizations with revenues ranging from $30 million to $100 million across many industries. What we found was that companies with the highest score exhibited several common traits. These companies deploy technologies and provide independent oversight that automate and enforce security measures to ensure compliance with regulations and best practices. They have turned this expense category into an asset that can attract customers and provide confidence to investors. Below are the top five things that high-scoring companies are doing:
Your company’s technology assets may hold enormous value or could pose a huge risk to your business’s valuation. Whether it’s through the actual state of your technology, or the perception of it, the technology that runs your business should always be in a position to be bought or sold, or even just evaluated by potential partners and customers. Methodical documentation of your assets is the key to maximizing your company’s intellectual property. Despite this, the Corsis Confidence Index has shown that this activity is often the most overlooked aspect of a company’s technology operations, leaving tech staff to scramble at the last minute to compile necessary information.
Our professional services team has decades of experience performing technology due diligence on behalf of buyers and sellers and, with the help of our IT assessment tool, have put together the following observations.
Cloud computing has revolutionized information technology by making unlimited scalability available to every startup. With this power and simplicity, the temptation to skip traditional engineering fundamentals is strong. However, our decades of experience measuring and operationalizing technology throughout hundreds of organizations, indicates that there are several key steps that many firms bypass, increasing risks and costs.
Scalability is achieved in one of two ways: horizontal or vertical. Horizontal scalability is the ability to increase your compute resources by adding similar nodes or servers to a particular architecture tier, such as an application pool or database cluster. Vertical scalability is the ability to add more resources such as CPUs or RAM to individual servers. Horizontal scalability is essential to most businesses and the focus of this article.
The majority of technology company executives we encounter believe that they have successfully implemented horizontal scalability. However, data from the Corsis Confidence Index (CCI), a proprietary technology benchmarking standard that measures confidence in a company’s IT operations, tells a different story. Our assessment data shows that critical engineering control processes which make horizontal scalability efficient and reliable are frequently overlooked.
Corsis Confidence Index Finds Many Executives Fooled By Their Own Business Continuity Plan
How confident are you that your business continuity plan will actually work if your business experiences a technological failure? Do you even have a plan? If you do, are you sure it’s being followed?
Data from the Corsis Confidence IndexTM (CCI), a proprietary technology benchmarking standard that measures confidence in a company’s IT operations, shows that while the majority of technology company executives feel that their business continuity plans are adequate, critical details are being overlooked.
Corsis has found that the overwhelming majority of companies being assessed operate under the misconception that they are safe from disruption because they are consistently performing nightly backups. Detailed data from the CCI indicates that while 94% of technology companies had documented Business Continuity plans, and 72% of companies included policies on backing up their critical technologies, only 6% of companies had actually bothered to make sure their backups were working properly and would be useful in the event of a failure.
The ecommerce platform landscape has matured considerably over the last five years, making platform selection a harder task. Recent studies have found that 20% of companies are in the process of re-platforming, and a third (32%) said they were considering re-platforming in the future.*
An important perspective to consider when selecting an ecommerce platform is being able to discern which of the many platforms available will have the best fit with the organization’s resources. The purpose of this article is to help decision makers choose the best ecommerce platform for their organization from the plethora of options available.
Corsis has evaluated many ecommerce companies as part of our IT Assessment service offering and has found that successful implementations can generally be categorized by the organizational capabilities of the company and their revenue size. To help navigate the selection process, the table below illustrates how these two variables can impact an organization’s ecommerce platform selection.