Growing fast? It is never too early to build a scalable IT Strategy.
Businesses today have the ability to grow, scale, and change more quickly than at any time in history. In a fast-growing company, there is so much to think about. For many companies, building a scalable IT Program seems like a luxury they neither have the time, the mental energy, nor the money to afford.
However, businesses – particularly startups – are more dependent than ever on their IT program to maintain open lines of communication, broker access to information, and even to build and reinforce their culture.
While the prospect of building an IT foundation can seem daunting, starting with a solid IT strategy from the start can help power your business’s growth. Here are some considerations, and some easy things you can do, to ensure your IT program is ready to support your growing team at each phase.
BYOD IT Program: 1-10 employees
During this phase, most teams are scrappily doing what they need to do to survive. Process and strategy often give way to experimentation and constantly shifting priorities. In most cases, the team is able to collaborate on the same video call. There may only be the need for one formal meeting team per week.
As for the IT program, there are some common trends during this phase. First, many, if not all of the devices are personally owned or what is known as BYOD, which means “bring your own device.”
Additionally, the business is reliant heavily on outside contractors, advisors, and/or freelancers. In many cases, one or multiple people act as IT administrators, holding all the keys to company systems. The combination of unmanaged BYOD devices, single or multiple key holders, and broad and unmonitored access to the system by contractors pose some long-term security challenges.
Here are some easy ways and tips to build a more robust IT program as you are starting out:
- First, create a record of who has access to what systems, folders, and groups. This will make it easier to cut access when someone leaves the company or when a contractor rolls off of a project.
- Second, consider adding a second administrator for key systems. This will ensure that the company is not stuck if a key individual is suddenly unavailable.
- Third, using a simple password manager like 1Password, OneLogin or Keeper is a great way to secure access to your most sensitive passwords.
- Lastly, consider asking your employees and contractors to enable data encryption on their personal computers using FileVault if using Macs or BitLocker if using PCs.
Time for IT Basics: 11-30 employees
For teams in this stage, most decisions happen by committee or by consensus. Roles are becoming more defined and employees know who to go for help. Even without clear structure and accountability, things get done. The importance of structure, process, and communication begins to emerge
During this phase, the need for an IT foundation becomes evident. One important consideration for the IT program is to transition from BYOD to company-owned devices and to deploy mobile device management (“MDM”) tools as a best practice. This ensures that company devices can be locked and wiped if lost or stolen, protecting company data, in addition to enforcing policies and updates.
Additionally, businesses in this phase should consider deploying a business-grade antivirus tool, backing up their devices to a cloud infrastructure, and taking steps to improve email security. Finally, during this phase, it is important to begin working with an IT professional as the scope and amount of work becomes too much to handle as a second job.
The Emergence of Shadow IT: 31-50 employees
During this phase, the team can likely no longer communicate effectively on a single video call. As the need for a management layer emerges, the additional need for process, policy, and organization becomes ever more important.
For the IT program, the complexity and number of applications and tools can begin to increase dramatically. Shadow IT is when individuals or departments make decisions to use hardware or software without the knowledge or consultation of an IT or security group. This could be anything from servers and laptops to cloud services and SaaS platforms. If not carefully managed, license counts and associated expenses can soar. Alignment on common tools as a standard can begin to break down.
With more businesses requiring more stringent security requirements of their vendors and partners, teams at this phase should also look at incorporating security standards like CIS. This way, your team is already prepared to start winning business with tighter security requirements on your security posture.
During this phase, it is important to implement tools, processes & procedures for SaaS licenses, and access level management across all technology touchpoints. In addition, you should standardize processes on how computers, peripherals, and applications are procured.
Business Drivers for IT Security & Compliance: 51-80 employees
Around 50 employees, teams, and subcultures begin to develop. It becomes harder to standardize and enforce policies. The need for deep functional expertise and specialization begins to become a reality.
During this phase, if not before, organizations begin to get pressure from their clients, regulators, and investors for IT security and compliance. Quite often, this can be in the form of an IT Questionnaire. For many, the first time they are formally asked about their IT security can be quite daunting.
Proactively working with IT and security professionals can help expedite your response, giving your partners confidence in your business operation. Additionally, working with a modern technology services partner or MSSP (Managed Security Service Provider) can help to proactively build a foundation of IT security, making it easier to prepare for SOC 2, NIST, CMMC, CIS, or HIPPA.
Separation of IT Duties: 81-200 employees
During this phase, redundancy, efficiency, and process are critical. Companies tend to grow quickly after raising capital and need to be able to onboard, equip, and train their employees rapidly.
For the IT program, it is common that the workload and breadth of work are too much for any individual or small team, to keep up with. Each week, multiple new employees start, computers need to be replaced, and new policies and tools need to be deployed. Systems need to be migrated and consolidated as teams, departments, and companies are created, acquired, or merged.
During this phase, it becomes important to separate day-to-day employee IT support from strategic IT planning and security. Many businesses hire an IT Director to stakehold initiatives internally. Commonly, many companies supplement their internal IT resources with a skilled technology services partner for certain support and programmatic expertise.
A Strategic IT Roadmap
There is no shortage of ways to spend money or time while building your IT program. Additionally, the vast selection of IT tools can be overwhelming. Working with a competent IT consultant, in-house IT professional, or technology services partner at all stages of your business’s growth can save headaches, and rework and can help ensure your employees have the access, tools, and protection that they need to do what they do best each and every day.
We know it can be difficult to know what support you need at every stage or better yet, how to plan for that in the future. Check out this great resource on what you need to know to budge for an IT program.