While I was reading this article, all I could think about was how this could lead to an opportunity for giant mistakes to be made. At one point, the company had over 800 projects going on. How can anyone manage that number of projects? How many of the projects were vital to the organization? I would guess not many. I assume that many of the projects were ‘pet’ projects that really had no impact on the business.
In addition, they also had 10,000 people working on these projects, of which 7,000 of them were contractors. Contractors need to be properly screened, so that the project risk and chances for fraud can be mitigated. Having that many contractors can make it hard to properly mitigate the risk posed by contractors. Target should know the risk of using contractors that have not been properly screened, as their 2013 breach started with login information that was taken from a contractor.
I like the new CIO’s idea to reduce the projects to those that were essential, and to bring them in house. This should help to mitigate the risk posed by having hundreds of of projects and thousands of contractors. Hopefully by bringing these projects in house, the company can prevent another “Target” from happening.