Several years into what has been referred to as the digital age, and there is not a single day that passes without articles (even in the newspaper) related to IoT and AI. Debates also abound for topics like work-style reforms and the shrinking population. In this article, we will discuss the things companies have to consider with respect to IT to be able to maintain and enhance the quality of the services they provide.

The growing importance of information security management

The way we handle information security has undergone the most radical change since the Internet has become a part of our daily lives. As personal information has begun to proliferate on the Internet, the government has established the Act on the Protection of Personal Information, and even companies have begun to strengthen their measures against information leaks. The use of smartphones and development of IoT technologies have also increased the risk of leaks.
Cyberattacks against company systems and individuals are also increasing year by year, with hackers recently demanding ransoms. These attacks are expected to increase even more in advance of the 2020 Tokyo Olympics and Paralympics. The importance of information security management is becoming ever more clear, as information security incidents and cyberattacks can cause deep-rooted damage to a company and their activities.

The need to train IT personnel for quality maintenance

Technological innovation is also in full swing. The information systems that support company services have gone from mainframe to open system, and changed with the trend towards Web-based systems to cloud and mobile-based systems. Digitalization has recently gained attention as something that should be implemented in the business IT area, in which companies use IT to increase their sales, versus for line-of-business systems—the main form of information systems in companies. Line-of-business systems, though large-scale, do not often allow for significant improvements in workflow. This limits opportunities for system reconstruction, and limits the development of IT personnel. Incorporating these systems into the business IT area without proper training and preparation increases quality risk, particularly for high-novelty tasks and technologies. On the other hand, however, it is also very important for companies to be able to maintain and continue to acquire IT personnel capable of operating line-of-business systems properly and without causing impairment.
There is also work-style reform and the shrinking population. In the past, we were able to maintain service quality through the accumulation of time and personnel. Now, however, this has become difficult. Unless we are able to solve our labor environment issues, we will not be able to maintain a proper intake of talented personnel. Now more than ever, we must practice adherence to the Act Against Delay in Payment of Subcontract Proceeds, etc. to Subcontractors. As the working-age population of Japan continues to decrease, what kind of things do companies have to keep in mind to continue providing high-quality services?

Dealing independently with information security and technological innovation

What is most important is that companies and employees do not rely solely on professionals for their information security, see it as their own problem, and maintain an awareness of the issues. Companies should implement technological measures against incidents, make sure all related software is up-to-date, and educate employees so they adhere to information security standards (such as not opening suspicious emails) on a day-to-day basis. It is also important that companies raise employee awareness about cyberattacks shown in the media and the effects that it could have on the company as a whole. Companies can also acquire information about impending cyberattacks from special organizations in their industry and make the appropriate preparations. Companies should hold training sessions, for instance, to limit damage as much as possible in the event of a cyberattack, and should have a defense strategy in place.

There are two ways to handle technological innovation. The first is to consider replacing line-of-business and non-competitive domain systems with standard external services and ERPs, which would allow companies to maintain a certain standard of quality. Another way could be to utilize the expertise of experienced IT personnel who have developed and maintained these systems, and ask them to reconstruct systems in an effort to train personnel. The business IT area, on the other hand, is a competitive domain, and there is great risk for companies in utilizing new technologies. In these cases, it is important to conduct advance verification and implement the technology in stages.

In either case, it is very important in the maintenance of system quality that the work process is properly established, standardized, and systematized. This is also effective in preventing excessive dependence on talented personnel, as well as in preventing specific employees from being the only ones with expertise on certain tasks. As companies work to ensure system quality in the future, they must always be aware of limits in time and resources. These measures can also result in more effective use of employees and resources, and lead to work-style reform as well.

For several years now, Nomura Research Institute, Ltd (NRI) has worked to maintain and improve the quality of five aspects of our business: information security, work environment, construction of information systems, operating systems, and data center operation. Though we will of course need to reevaluate this focus according to the changing times, we would like never to forget our distinctively Japanese emphasis on quality, no matter how much digitalization affects our society in the future.

NRI Research Paper Knowledge Creation and Integration October, 2017