Name: IT Strategy & Planning: Where You Want IT to Be in 2026 (3T@3 Series)
Uploaded: 2025-12-16T20:51:02.844Z
Duration: 33 min 18 s
Description: IT Strategy & Planning: Where You Want IT to Be in 2026 (3T@3 Series)

Transcript for "IT Strategy & Planning: Where You Want IT to Be in 2026 (3T@3 Series)": Hey. Good afternoon. Good day, actually, and welcome to our December 3T@3 Series event. The topic this month is IT strategy and planning, where you want IT to be in 2026. I'm Allen Falcon, CEO of Cumulus Global. I want to thank you for taking time out of your busy day and week to either be joining us here live or watching this recording on demand. As we go through this, you'll notice we've got a little bit of a different layout and setup this month as we're we're moving on to a new platform that'll hopefully make the quality and the and the overall experience of our video environment a little bit better and a little bit different. So before we get into the topic at hand today, and I do wanna keep keep us on time and moving forward, a little bit about the session. One, you'll notice the audio is muted. That prevents any background noise from getting in the way. There's also on the right hand side of your screen here in the event center, there's a couple of options for you. One, there's a chat. I'll keep an eye on that a little bit. But for the most part, I'm going to be focused on, the q and a. So if you have any questions during it, go to that q and a window, ask a question. I'll I'll get alerted. I can answer it live in session, or we can schedule time one on one to meet afterwards. The other thing you'll notice in that, window on the right is in addition to chat and q and a, in the middle, there's docs. And the docs actually are some additional materials that we're providing. These are resources. A number of them are a few of them are ebooks. A few of them are blog posts that are fairly recent and relate to the topic at hand today. The session is being recorded because it's a new platform. It might take us a little bit longer. We try and get things up within twenty four hours. We'll certainly send you a thank you note, for being here and let you know when it's available online. And as always, our three t at three or third Tuesday at three series is one of many resources that we, share. Hit the resource center on our website. There's a lot to read, to watch, and to explore. And we took a look and have created some buttons that sort of take you to a collection of things that are the most popular searches of when people hit our website. They're looking for information to educate themselves or to make better IT decisions. So with that in mind, let's dive right into the topic at hand. Because today, we're really gonna discuss, you know, how do you how do you come up with your plan? How do you provide that IT leadership so that things are predictable and you know what you're gonna be doing in 2026? And we'll start off by quickly looking at some business factors that are driving IT decision making right now, And then we'll dive into the three pillars, of IT planning and strategy and how we see those pillars for 2026 being productivity, security, and affordable and affordability. And, really, our belief right now that sort of given where IT is and, we'll talk a bit about AI, of course, because you can't ignore AI, but also, the evolution of security risks and requirements coming into play and the budgetary pressure. We think if you frame your IT planning and decision making in the coming year around in productivity about productivity and improving that or maintaining it, improving and maintaining your security and making sure things remain affordable, you'll be in good you'll be in a good place throughout the year and into the future. And so we quickly when we look at the four, business factors, first and foremost is the overall economic outlook, which, I actually surveyed a group of CEOs I meet with on a regular basis earlier today, and they came back and they said it was economic uncertainty is the outlook. Something some people are thinking it's gonna get better. Some it's gonna be worse. We're seeing issues with interest rates, inflation, unemployment, and job growth. And what some people many people feel is a bit of an unstable political climate with a struggle between the power and the branches of government. You know, we look at it in terms of regulatory change, tariffs, a lot of actions being taken, many of those being struck down by the courts. It's there's a lot of uncertainty there. And so, certainly, if you're not sure whether the economy is gonna get better or worse or how it's gonna impact your business or decision, your how it's gonna impact your your business or your industry, your markets, if you will, your customers, then it's harder to make decisions. And that's really the point of having the economic outlook as one of our business factors. Next up is your AI strategy, adoption and governance. And this is really you know, AI is here. It's rolling out very rapidly. It's driving the stock market. It's become part of the culture, and yet we're already seeing resistance. Right? We're seeing we hear and see studies from the large consulting firms that at most 12 to 15% of major AI projects and larger corporations are successful. The rest sort of die on the vine. We talk to our peers. We hear about companies saying, oh, we're gonna do something with AI. What is it? We're not sure. I told my people to do AI. And, really, what was sort of talking about a year ago, we're talking about the potential AI and thinking about how we might wanna use it. We're really in the place now where it's in use. And there's a good chance that your employees and your team members are using AI tools whether or not you're aware of it. And so we look at AI now and the factors around AI, it's, how literate are people in using it and how they should be using it. Do you have the policies and procedures in place to guide the utilization and protect you and your business? Is your use of AI secure? Now add to that ethical and moral. And how are you using it with respect to where we're releasing the opportunity is in AI assisted work or AI assisted work improvements. And, eventually, the next step will be the AI agents in what is commonly known as agentic workflows, where after you figure out how to improve a process and use AI, you automate the AI component, and even potentially extend that beyond your original thoughts. Next up, cybersecurity. It's a survival strategy now. We've got our security CPR, trademark model and the services we offer around that. But, really, we're seeing a convergence of security requirements hitting small businesses pretty hard. And we're seeing expectations now that even small businesses comply with some of the security benchmarks that are out there. And finally, there's the workforce and cultural evolution. COVID certainly gave us remote work and hybrid work environments that really altered expectations among large populations of the workforce as far as, work life balance, work versus home. And what we really see is whether or not you're pushing people to be back in office or you're staying with a hybrid or remote model, There's a fundamental shift that's happening to outcome based management. Let's worry less about tasks and hours and more about expectations, results, and the quality of that work. Communications and collaborations need to be strong enough, not just to let people do their jobs, but to foster culture and camaraderie, so that people feel valued and belong in your organization to help mitigate turnover risk and things of that nature. And finally, to do that, you need a collaboration infrastructure in place, which means more than just, you know, having Google Workspace or Microsoft three sixty five up and running. It means that folks are using compatible tools. They're sharing common workflows. There are clear expectations of how you expect people to use the infrastructure, what tools and services, and how they're gonna work together, and providing that flexible, flexible capabilities around availability, particularly for folks who've got employees or team members, contractors, whatever in multiple time zones. Flexible availability is now a real thing that's part of the culture. Hey. I do my best work early in the morning, and I'm really great after I have a dinner and sit back down. So that's when I wanna work. You still need common times for meetings and check-in status updates, etcetera. But the remote hybrid has given people flexibility, employees are reticent to give that up even as you may be pulling them back into office on a more regular avail regular capability or regular schedule. So we talked about your IT strategy and planning for next year. Again, our three pillars. Productivity. How well and how efficiently can the job get done? And it's important to think of productivity not only for the team, but for each individual, their personal productivity as well. And there are times that things that are highly personal productive for one or two employees or a single employee could actually be counterproductive for the team. And we see this a lot of times when, you know, we start looking we'll talk later about shadow IT, where people pick their own tool to do some of the work. And you say, well, why are you doing it? They're saying, oh, the capabilities of this tool make it much more easier for me to do my job. But at the same time, that tool is disconnected, which means teammates who might need access to the information don't have it, or the information has to be moved or translated or reformatted. That can actually hurt the productivity of other people in the team as a whole. So productivity isn't just how do we get each person most productive. It's all gotta fit within team and overall productivity that align with your business goals and objectives. Security can't fool around anymore. There's too much risk. There's too much liability if you fail. Your cyber insurance is too much an important part or component of your business protections, and your industry, your customers, your vendors, really expect that. And so what's really happening now is the expectation that even small businesses are benchmarking to the different security requirements, and we'll dive into those. And finally, improving productivity and making sure you have the right security in place. Some of those things are gonna cost money. And so how do you balance the cost, the spending you need to do or want to do or have to do with the value that it produces for the business? This isn't cost benefit analysis per se because it's not, you know, necessarily hard dollar return on investment. They're hard dollar benefits. They're soft dollar or indirect benefits as well, and we'll dive into those as part of a strategy. So first, let's talk about productivity. And first and foremost, this was you know, in the description of the session, we talked about in our outline how to do things. Right? How to improve the productivity of your team. First and foremost, one set of tools. The biggest block that we see in personal and team productivity is that small businesses and even midsize businesses, their individuals, sometimes almost everyone, is picking which tools they're gonna use. And so coming up with one set of tools isn't just saying, hey. We picked x. We're gonna use x. It's backing with an appropriate use policy and explaining to people why you've picked those tools and how they work together. When you do that and say we're gonna have one set of tools, the first stop should be your productivity suite. It could be Microsoft three sixty five. It can be Google Workspace. There are others out there as well. The key is know what you have and make sure you and everyone on your team know how to use it. What does that mean? It means providing some education, maybe even some training, means exploring features, that are in the software that you learn about or that you're aware that are there to see how they can fit in and improve your workflow. Yeah. That sometimes means stepping back and looking at the workflow and saying, is this you know, have we automated something that's inefficient and just making it go inefficiently faster? Or with the capabilities of our productivity suite and the add ons, etcetera, we can actually change the workflow in a way that's more productive and more effective. Part of this is gonna be tracking and testing updates. It's not enough just to get the blog or once a month check to see what new features and capabilities got put in. Someone has to go in and take a look at that and say, hey. How could we apply this? Is it worth the effort to learn it and teach people how to use it? If we use it in this use case, how will it benefit us? And and do some of that exploration. This is a time, energy, and mind share commitment as much as it is a technology commitment. And with that, your choice of applications and tools within the productivity suite, beyond the productivity suite should be deliberate should be deliberate. Assess what you need, assess the tools, and test them. And when you select them, deploy them to everyone who's gonna need them. Yeah. Then you have to educate folks on why you're doing it, what your expectations are, how things are gonna change with them for the better, hopefully, and then train them on the use of the tool so it becomes what they do. And part of that one set of tools, and it comes by policy, it comes by action and enforcement, is squash shadow IT. If an employee comes to you and says, hey. I wanna use x y z tool. Why? That's the first question. Keep asking why. Be the toddler. Keep asking why. Why do you need that tool? Oh, it does x y z. Why do you need to do x y z? Can our other tools do x I x y z? Why not? Oftentimes, we find that they're looking for a capability that is in the existing tools and systems or the productivity suite, and they're just unaware of it. In some cases, the tools the capabilities there, but in a different version. And in that case, it's often easier for you to upgrade your productivity suite to add the capability than to start paying for and integrating and ensuring the security of another third party tool. The other side of productivity right now, given the state of IT, is smart AI adoption. You're already using AI. Whether you want to be or not, your employees are using it, whether you know it or not. There's a good chance your employees are using tools that aren't properly secure, and they may even be sharing sensitive client data in a way that makes them public and violates your contracts or your industry regulations. So smart AI adoption means having an appropriate use policy for AI, letting people know the boundaries, help help them understand the security implications and the relationship implications, and set the rules around governments not just for secure and business use, but to make sure people understand that you expect ethical and moral use of AI. So we're not using AI, to obtain intellectual property inappropriately. We're not using AI in a way that could be damaging to the company or to others, things along those lines. With that, it's critically important to identify use cases. Why simply saying, hey. We're gonna use AI. You're gonna flounder that project. That effort's gonna fail. But if you can say, hey. Is there a way and, again, be curious. Is there a way we could use an AI tool or an AI prompt or series of prompts or even a simple AI agent to improve this process? Oh, how could we use AI to improve the interactive chat on our website for customer service? How can we use AI to filter incoming service requests and provide the most likely response while still letting people get quickly to a human being if they prefer that? Right? How can we use AI to analyze which products and services our customers are using the most so we can make sure our service teams are ready to support those in a bigger way? When you identify the use cases, deploy it, assess how well it's working, and refine. Not every deployment of AI is gonna be successful, and some might take two or three iterations to get it right. As part of this process, you need to share the the knowledge. Some of your team are gonna be more comfortable than others. Leverage them. Let them be the leaders. It's okay for some people to follow. It's okay for people to say, I'll use AI, but you gotta show me what to do. Excellent. Let your leaders experiment, test, deploy, refine, and then share the results. A lot of times, organizations let someone take the lead. That person finds a better way to do something or improves the process, and then it stops. If you don't take that knowledge and share it, if you don't formalize it and say, hey. You know, Janet came up with this little AI tool. You run it once a week. It'll help organize your priorities, based on customer service sentiment or whatever it might be as an example. We want everyone to use it. Here's how. And make sure that adoption gets formalized. And finally, you need the governance. Starts with the AI appropriate use and actually the thought process when you create that. Make sure your AI is secure. You're not accidentally or incidentally using private or protected information, in a way that will disclose it publicly or in a way that will train an AI system without your permission and approval or that of your clients and customers. You want that governance is really about security, and it's about ethics, and And you want both of those pieces in place. So that's sort of the productivity, and it's really two focus. One, really hone down so you have one set of tools that actively work to make sure you've got the right tools, and you're not duplicating your effort. And secondly, smart AI adoption. Take control of it now before it's out of control and you don't have problems. Second pillar, security. We love our security CPR model. Of course, we would. It's important to know that CPR stands for communication and education, prevention and protection, and recovery and response. And all three components play a critical role in your security environment and how secure your business will be. And and core to the security CPI model and our philosophy is understanding your risk, and those are tangible risks as well as intangible risks. So what do I mean by tangible risk? Tangible risk is, you know, an employee gets a, you know, falls prey to a phishing attack and shares credentials. And next thing you know, a hacker is changing the wiring instructions on your outgoing invoice. So payments are going to the criminals and not to you. You have a tangible loss that you've lost that revenue. You also have an intangible loss, which is your reputation and your trustworthiness as a business or as a service provider to your clients. You need to understand both those risks because those both come into the value proposition when we talk about spending on security. The next is scale your solutions and your security services to your business. Yes. There are detailed standards and complex standards. Your level of security is really a function of your risk and the size of your business and the nature of your business, and how you how those risks apply to you. And the reality is not every business needs every security capability and feature, And so we work diligently with our clients to understand that, one, the bases are covered, and we'll talk about what that means in just a second. And two, that the capabilities and the processes in place are appropriate for your business and your level of risk in a way that you can manage them in a way that stay affordable. And, really, it comes down to, value based business decisions, understanding the total cost of ownership and operation against your risk and against your potential liability. Okay? And so with that, we make decisions. And, again, here, here's sort of the how to. One, there are benchmarks. Their multiple industry standard benchmarks for security. For most small and midsize businesses, we find the greatest value in the center for information securities, critical security controls. The current version is 8.1. It's a set of controls. You can pick the level of each control you need. But then again, based on your business, you might be subject to regulatory standards. There's a good chance that your industry has standards. And, within those even beyond the industry standards are your contractual obligations. And so how do you get there? How do you say we have enough security? And what's interesting is we sort of come into this over the last few months is we think about security not as an endpoint, but as a process. And we found a good framework process for our clients, for small and mid sized business, to be really creating or updating or rethinking your written information security plan or WISP. Now WISPs in some states are required. Massachusetts, for example, every single business that's operating the state is supposed to have a formalized written information security plan. WISPs are also generally required or acknowledged or expected or preferred, if you will, by your cyber insurance company. And why is it creating or updating your WISP a good process? One, it creates the framework. And in creating the framework, it's going to, force you and take you through a process to define your requirements. This is understanding your risks, understanding your industry, your regulatory requirements, your contractual requirements that you have, and saying this is what we need to do to comply with those. From there, you will be identifying your protections and your preventative measures. And this is again, you can make you can make qualitative and quantitative decisions on how much you do, but it's your responsibility to say, hey. We're meeting our requirements, adequately enough for our business and our and our commensurate level of risk, and we're doing it by you doing x y z. Now when you look at the standards, the standards might have a requirement. You say, there's no way. There there there's overkill. There's different levels by which you can adhere to the requirement. The key is that you make a conscious decision of what those are. And if you say we're going to do a b c, that you actually do a b c. And if you don't need d e f, state it. We don't need d e f because it gets in place. So you identify your protections and preventative measures. You will need an it it forces you to establish an incident response plan. This is what do you do if something happens? No protection or prevention is perfect. Something eventually is gonna happen. And so with that in mind, the incident response plan really outlines how you respond and how you recover. And, again, recovery is how quickly can you be running well enough to continue your business, and how long will it take you to get fully back in business and fully operational? Response are all the other aspects that you have. You might be legally required to report the breach or the security incident. You need to activate your cyber secure you know, cybersecurity insurance. Law enforcement may get involved. The forensics investigation. Communications with your customers, operational mitigations might need to come into play. All of these things are part of the response. And finally, the written information security plan documents how you're gonna monitor, how well you comply with the plans and what you're doing and how you enforce compliant. And so we go back to communication education, protection and prevention, and response and recovery. All three components, major components of security CPR are included within your written information security plan and how it's built, and you can benchmark that plan against the security benchmarks and standards that you have best practices, regulatory industry, and contractual obligations. And so that's the approach. Simply taking a couple weeks, doing the work. It's not easy work at times, but doing the work to create that plan and then implementing it gets you in the right spot. And so now how do we handle affordability? Because everything I've talked about has a money component to it. And so when we look at that, the money component, first and foremost, first thing you need to do if you wanna manage affordable IT is create a budget. And surprisingly, the vast majority of small and midsize businesses don't do an IT budget. For many, it's because they don't actually do a formal budget for the business at all, and IT's a component of the business. For others, they might budget and say, gee. I have an advertising or a marketing budget for next year, or I'm gonna spend so much money on consultants. Or, you know, I need so much money to, you know, refract you know, repaint the storefront, things of that nature, those get in, but not having the IT budget. So why do we want an IT budget? Well, first of all, if you don't have a budget, then every single IT expenditure is out of budget. It's an exception. It's a cost you haven't planned for, and you wanna plan for those costs. So we talk about budgeting a couple of simple steps. Identify all your recurring costs. So much of our IT subscription now should be fairly easy to do. But scour, not just the official things, but anything that shows up on expense report, on employee company credit cards, identify those recurring costs. Next, come up with your replacement schedule. Updating or replacing an old laptop or a laptop that doesn't run Windows 11, for example, well enough isn't an investment. That's maintenance. Figure out your replacement schedule and put the timing in. When are you gonna have to actually order and write a check, for those items? Then identify your investments and your initiatives. Oh, we wanna adopt AI. We talk to someone to build an agent to help with this case study is gonna be x thousands of dollars. Plan it out. Put it in. Then talk to your CPA or your accountant and make sure that you understand what of all three of those budgets can be capitalized and whether or not you should. Maybe it's the section one seventy nine deduction that means you don't have to amortize it over multiple years, or maybe everything's below the threshold and it just gets expensed. This gets into how financially you measure your business. You want your CFO, your CPA, your counter controller involved. Take those four schedules and plans if you will, consolidate them, boom, you have your budget. And because you hopefully, you should break all of those out by month, you have an action plan. Oh, we're gonna we wanna roll out the AI agent in May. We have to start, and we're gonna hire the designer in January. Excellent. You have a high level project plan just based on when you expect to, you know, start the project and spend the money. Second aspect of this, once you have a budget, is you gotta do some work here. Clean out the clutter. Identify tools, applications, services, equipment that you're not using or that is underutilized and may not be necessary. And sometimes you have things that are nice, but there's one person using it. It's not necessary. It doesn't really they're used to doing it that way, but it's not benefiting productivity. It's not hurting it. It's sort of neutral. Cut it out. Drop the expenditures. When we go into small, midsize businesses, we generally find a handful of things that are costing them money that they don't need. The other thing is that they could be duplicating a service, and the best example here is Zoom. So many small businesses pay quite a bit of money for Zoom licenses when they have the capabilities in within Teams meetings and Microsoft three sixty five and with Google Meets. Now there are times that they're using features in Zoom that aren't in the version of Microsoft three sixty five or Google Workspace they're using. But interestingly enough, in most of those cases, upgrading to the different version or a higher version of the a Microsoft three sixty five or Google workspace is an order of magnitude less expensive than paying for separate Zoom licenses. And oftentimes, this is personal preference, habit, or convenience. So, again, eliminating duplicate services, eliminating shadow AI, and shadow IT help lower those costs. Next is focus on value over cost. Consider business impact and opportunities and just not dollars out the door. IT is generally a cost center. However, your IT spending should be able to demonstrate results. So for example, oh, you're expanding your CRM system. That should result in better analysis and targeting of your marketing to get more appointments, which should lead to more closed contracts. Right? Think about it in terms of that so that when you say, I can spend this much or this much, but, you know, I can spend 20% more, but I expect the business value to be twice. The higher cost may be worth the value. The other thing that we always say is before adding something new, learn and upgrade if you can. Can you get what you're looking for by upgrading? Can you get what you're looking for by fully understanding the capabilities? Microsoft and Google add so many features so frequently to the three sixty five and Google Workspace ecosystems. There's a good chance if you're looking for something, it's there or it's coming soon. And so staying on top of that and doing researching that before you dive in is a great way to avoid new spending. Okay. So we've talked about affordability. We've talked about security, and we've talked about productivity and sort of, you know, pulling it all together, you wanna do all three. And you wanna put together a plan and a, you know, a strategy and a plan. So if you say if you agree with us and your strategy is our IT decisions in 2026 are gonna do, hopefully, one at least one or we won't do it, productivity, security, or affordability. Ideally, you want them to have two benefits. So something might, improve productivity and security even though it's adding cost, or something might improve productivity and lower your operating cost. Two of three is better. If you can make it have something in your plan that does all three or an initiative that does all three, you've hit the jackpot. And so as you go forward, think about that as your strategy and then develop those plans. Security, the written information, you know, security plan becomes a process to make sure your security is where it should be. We also offer a number of security assessments, some very broad, some very specific. Please hit the website and take a look at those. Those can be extremely helpful. Assess your productivity tools. Again, what are you what are you not using? About it's a older study about eighteen months ago. There was a study done that said, you know, 60% of small businesses only use 15% of the capabilities of Microsoft three sixty five or Google Workspace. It's a pretty, you know, awful statistic if you ask me. It means we're underutilizing what we have. And then have that budget. Actually create one. Think through. It'll help you make the hard decisions and decide when additional spending is warranted. Okay? So in that mind, no one's hit the q and a section to ask any questions. I'll let me go check the chat. No one in the chat yet. Now is a great time. If not, we'll go ahead and wrap things up for folks. And the best way if actually, before we do that, let me go back. If you wanna get in touch with us, if you have any questions or want information, you wanna talk about assessments, if you'd like to see an outline of WISP, to get a sense of what's involved, we're happy to share one with you. If you wanna talk about setting up a budget, we can walk you through that as well. Our our cloud advisers are here to help. Best way to contact us is to use the, QR code or the Bitly link. That'll get you an initial call. No obligation, no cost with one of our cloud advisers. If you wanna reach out to me, the best way to do it is by email. It's on the screen. I don't have an assistant. So if I can't get back to you quickly, I may have someone on my team get back to you. Don't call. I don't answer the phone most of the time, and I'm crappy. I'll be honest. I'm crappy about checking voice mails. If you want a response, send an email to direct direct me to mute well as well. And, of course, hit the website. You can contact us through the website and tons of resources there as well. In addition to the resources we provided off to the side in the session today, Once we process the video and and get the recording up on the website, we'll, let you know, and we'll we'll share some additional resources as well. We have an ebook in the works that, and budgeting that we'll share as part of the effort. At that point, I wanna thank everyone for coming. Appreciate you taking time out of your busy day and week. Hope this was helpful to you and look forward to hearing from you and seeing you in the future. Thank you. Have