There has traditionally been a tradeoff when it comes to IT investments: what gives the biggest bang for your buck? This can lead to some areas, devoid of the possibility of quick wins, being starved of budget.
One of these areas is, unfortunately, cybersecurity. All too often, we see firms who have tried to make short-term savings fall to an attack, and then try to make up for it with investment after the horse has bolted.
We hosted a panel to discuss ways to find IT budget efficiencies, with an especial focus on security, at the first day of the Cybersecurity Festival this month. Ian Hill (Royal BAM Group), Leonard Kleinman (Deakin University) and Roger Sels (Blackberry) joined Computing's John Leonard to discuss the topic, from a variety of angles: as a construction firm, Royal BAM Group operates on 2 per cent margins in a good year, and Kleinman - dialling in from Australia - spoke about the tight budgets in the public sector. Blackberry, of course, is a large technology vendor and Sels discussed how the company works to help its customers realise savings and new efficiencies where possible.
"You can achieve anything with the right people in your organisation, you don't necessarily need a solution or a tool," was Sels' somewhat surprising (from a vendor) opening remark. He said he always attempts to help customers map out their capabilities - which includes those of employees' - before starting a new project.
Having a clear idea of capabilities is an excellent first step to making savings, but you must also accept the fact that - perhaps ironically - you have to spend to save.
"Generally, saying, 'I can whittle down my budget without it costing me anything' is very tough... I find that you have to take a longer-term approach and upfront invest a little bit, to save more down the road."
Hill agreed. Although many IT teams have had a temporary boost to budgets in the pandemic, there are some that have cut budgets for short-term savings, and BAM is one of them.
"I've had to look at the bigger picture," he said. "It's not just about the tools and things, it's about how you implement them... One of the things I've been talking about is orchestration and automation, so let the tools do the work... It's a balance across the whole spectrum: the tools, the people and the capability."
Kleinman told a similar story of being told to "Do more with less." He noted the importance of technologies like open-source when trying to save money, but also automation and orchestration.
"I tend to refer to the fragmented state of technology stacks. We [as an industry] tend to apply a new piece of technology for singular purpose... Having the ability to stitch all those tools together in some kind of security orchestration and automation capability has become key nowadays."
There was much more discussion than can be covered here - make sure to watch the video to catch it all.
Remember to register for the next day of the Cybersecurity Festival on the 30th June, when we'll hear from industry experts and IT leaders about AI-enhanced security systems, identity management in the age of remote work, and case studies from across the public and private sectors.