Our client is a high-growth consumer health technology company that develops sensor-based devices that enable customers to monitor vital health statistics, activity levels, and sleep quality.
The rapid growth experienced by our client is very common with emerging technology companies and often puts a strain on infrastructure due to the pressures of scaling quickly. In our client’s case, they had become a global leader in their space and were rapidly working on building the necessary infrastructure to support the expanding size and sophistication of their business. One concern flagged by the CIO was the need to establish a more cohesive integration strategy for core business processes. In particular, he was concerned about the scalability, supportability, and auditability of their existing integration platforms, which were a combination of home-grown and tactically selected technologies.
Our client asked Dispatch to review their current integration portfolio and provide recommendations and guidance to move to a more mature integration governance and control approach.
Dispatch worked with the executive team and subject matter experts across the organization to assess the current state, identify potential issues, and provide recommendations for change. We followed our Digital Transformation strategic framework for this engagement, which we call DEEP.
- In the Define stage of the project, we worked with the CIO to define what “success” looks like and understand what KPIs would be necessary to measure progress towards a successful future state. Several objectives were defined:
- As a global consumer health technology company, they need an integration strategy that is security-first, especially with data payloads containing Personally Identifiable Information (PII) and potential Protected Health Information (PHI).
- They need integrations that would be scalable to accommodate the level of growth they are anticipating. Just as importantly, they need integrations to be able to handle surge demands – such as during product launches and global promotions.
- They need to have integration processes and a governance approach that would meet the scrutiny of internal and 3rd party audits – in anticipation of SOX compliance and to meet the jurisdictional requirements for privacy and security (such as GDPR, CCPA, PIPEDA) where they operate.
- They need manageable tools that do not require specialized skills to build and operate integrations. Given their high growth, they anticipate they must spin up people very quickly, and integration platforms that require a high level of skills would be a limiting factor.
- They need the flexibility to adjust to changing business models and environments. They also need a system that could easily interface with both commercial business applications and custom-made systems designed specifically for their business.
- In the Evaluate stage, we met with a cross-section of developers, administrators, and managers to understand the current state systems and business processes. We also identified gaps and bottlenecks that would impede progress towards the objectives defined in stage one. There were several notable findings:
- Integration governance could be improved; in fact, no documentation described the data flows across systems and 3rd party services, and nobody really understood the overall integration landscape. Historically, integrations were built as needed by various teams using the technologies they were familiar with. In addition, there were no security reviews and approvals. While understandable, this approach would cause challenges for auditability and manageability as they matured.
- The number of integrations was doubling each year and they were built using various integration platforms and home-grown scripts. There were no coding standards for the integrations, no standard error and exception handling methods, no standard way to secure sensitive data, and no way to report to senior management about the health and stability of the integration portfolio.
- Documentation quality varied, and in several cases, “critical” integrations were run as a black box, built by previous employees, with nobody understanding the logic within the integration itself.
- During the Engage stage, we shared several best practices for governance and controls that we have seen in companies that manage large and complex integration portfolios. We recommended selecting a single strategic integration platform and provided guidance regarding the state-of-the-art platforms in the market and which ones to consider, given the size and complexity of their needs. We assisted the CIO in evaluating various iPaaS options. We shared practices we’ve used ourselves for ensuring high-stakes integrations – especially those that are mission critical or contain highly sensitive payloads – are designed, built, and managed with security, reliability, and control in mind. We shared a reporting and alerting framework that would ensure integrations don’t fail “silently” and senior management is aware of the overall health of the portfolio of data flows across the organization.
- During the Plan stage, we helped the CIO build a go-forward plan that would be embraced by various stakeholders across the organization and focused on establishing quick wins to build confidence and momentum for their new approach.
This project enabled the CIO to feel equipped to make clear recommendations to his management team and board regarding the right investments in integration technology. He had a roadmap to evolve governance and control processes and a technology platform to ensure continued high velocity without compromising control.
Cameron Hay is the CEO of Dispatch Integration, a data integration and workflow automation company with clients in Canada, US, Europe and Australia. He has over 30 years of leadership experience in various technology-oriented industries.