CIO risk-taking 101: Playing it safe isn’t safe

To illustrate, some examples:

Applications portfolio rationalization: The most fundamental guiding principle of technical architecture management is to fill each required service exactly once. If your applications portfolio isn’t rationalized — that is, if it includes multiple, functionally overlapping capabilities — that creates a need for a geometrically expanding collection of synchronizations, along with a bunch of other vulnerabilities.

An unrationalized application portfolio, and for that matter poor rationalization of the other architecture layers, creates, in a word, “risks.”

Rationalizing the applications portfolio reduces the odds of these risks being realized. In risk management terms it “prevents” (aka avoids) them.

Identity management: Modern security architectures include tools for managing identity — for authenticating staff, assigning them to roles, and assigning rights, privileges, and restrictions to those roles, not to the individuals who fulfill them. Manage identity poorly and the wrong people will be in a position to do the wrong things.

Instituting sturdy identity management practices reduces the odds of a variety of risks becoming real — and also reduces the damage should a risk become real in spite of the organization’s preventive measures.