As cuts bite deep and belts tighten yet another notch, can the same level of IT service be achieved? Will Hogan, VP Sales & Marketing Idappcom Ltd reckons it is possible to make some savings and still provide a good quality of service, providing the areas where the savings are to be made are carefully chosen, and are ones where spending less won’t jeopardise the mission of the organisation.
Consider the situation where an authority has thousands of users working on a Windows-based platform. A new version of the OS is released which has some nice features but is it really needed now? The cost of upgrading thousands of users will be high, not just to buy the software but to install it and re-train the users. It could involve using external contractors and might necessitate upgrading hardware. Delaying this decision for a few years could be fiscally prudent at the moment unless the new release contains a must have security feature. Similarly delaying the upgrading of hardware will produce mid-term savings. Eventually it will have to be done but much of it can be put off until times are easier. Reducing the cost of external consultants can provide big savings. This doesn’t have to mean that the work won’t get done. It will mean that external consultants will need to share the pain of reduced overall budgets and that contracts will have to be re-negotiated to produce more efficiency and lower hourly rates. It can be done in the interest of long term relationships.
It’s evident, then, that cuts can be made, and just about everyone could think of an area to start on, but one area that needs careful consideration before anything is done is IT security. Recently the Government identified; “hostile attacks upon UK cyber space” as a major risk to our national security. Anyone thinking of cutting back spending in this area needs to be certain that security is not being compromised. The Government said that it would be spending large amounts on this, figures of ₤500M have been mentioned, but has anyone actually seen any additional funds yet?
There are, however, things that can be done in the security area that can reduce short to mid-term costs without placing the organisations IT security at risk. Today every organisation should be using security solutions at the desktop and the network level. There can be no compromise at the desktop level. Antivirus software must be kept up-to-date but it’s always a good idea to consider alternative solutions, even if this is just to keep your current vendor “on their toes” with regard to pricing. At the network level it’s important to know that your firewalls/IDS/IPS/UTM work correctly. This is your first line of defence against hackers and it’s always tempting to splash out on the latest and greatest piece of hardware because the vendor claims it’s the “best thing since sliced bread”. However there are ways to make existing network security kit work more efficiently and thereby extend its life. To do this you’ll need to use one of the IP filtering testing solutions that are available.
These tools can test your network security and tell you where there are problems. The better ones can give you a fix if a problem is found. By applying the fix to the IPS/IDS/UTM/Firewall you can put off the day when you will need to replace it. Regular testing could extend the life of the kit by a considerable amount. Using one of these tools can also produce further savings by reducing the need to employ external penetration tester. Traditional pen-testing is time consuming and expensive. However, testing is needed. These tools can significantly reduce the amount of time spent on testing, can enable more regular testing to be performed, can enable the testing to be done by internal staff and can reduce the reliance upon external pen-testers. This will save money and improve security. It’s a double whammy.