Driving down costs

Surviving the current downturn means taking out cost from business and information security budget. Here are a few ideas on how to go about it.

Firstly, set out to reduce incident levels. There are real savings to be made from a campaign of targeted awareness. The main obstacles are that the money saved won’t flow into your security budget, and it’s a leap of faith that can’t be guaranteed. But it’s easy to make a business case if you have the right figures. Even if you don’t have historical incident data, you can make some assumptions about incident levels and costs. Take laptop losses for example. In my experience, I’d estimate that typical levels are around 2-3% of laptops are lost a year. You’re probably doing very well if it’s less than 1% a year. And it probably costs several thousand pounds to replace each one. You can make big reductions in the levels of these losses through a root cause analysis and a targeted education drive.

Secondly, aim to move to a variable cost level for managed security services, through outsourcing or Software-as-a-Service products. That means that you can progressively lower your operating costs, as demand drops from fewer projects and shrinking numbers of staff and customers.

And thirdly, streamline processes for governance and compliance. There’s been a huge expansion in this area in recent years. Many of the processes implemented were not the most efficient. This is a good time to adopt better processes and technology.

The problem with all of this is that you have to invest a little in order to realise the subsequent savings. Business has always been that way, of course. It’s just that many corporate security functions have been shielded from commercial realities by being able to draw on a large central budget. Those days are gone. The most important skill of the information security manager is now the art of business case development.    

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

CIOs – Doing More with Less In these turbulent times where IT budgets are being cut while staff are being asked to do more than ever in shorter timescales CIOs and architects will have to be even more creative. This can be about what you buy and the partnerships you form. In the 90s Parker Pen was suffering from poor sales and high production costs. They carried out a market research project as to how they could boost sales and found that by increasing their purchase price they put themselves in the ‘luxury goods’ and gift category. They repackaged and branded and sales went through the roof. This perception can carry through to software purchases. Winchester White has found in a number of selection processes that there have been light weight low cost solutions on offer to clients but these often don’t even make it to the short list. This can be for good reasons: insufficient support levels, little or no track record, etc. However, the rejection reason can be ‘if it is so cheap it can’t be industrial strength’. It is becoming increasingly hard to predict what will happen in our market but early trends in the credit crunch show that responses are to focus on customer needs (know your customer), portfolio control (know your risk / exposure) and performance improvement (know your capacity and track work). These areas are supported by three underpinning solution sets: ¨ Client and contact management ¨ Management information ¨ Process management. In all these areas there are some low cost pragmatic solutions that can provide real return on investment without unpicking your whole IT infrastructure. What it takes to make them work is a clear business goal for their implementation and measurable objectives that feed into a strong requirements process. If there is a developed architecture strategy these solutions can be implemented on a range of technology platforms that enable a tactical implementation while moving towards strategic goals. It also takes a different approach to selecting the solutions – a stronger focus on the supplier rather than the functionality and technology; spreading your net more widely to find the solutions as they are often targeted differently and close engagement to ensure that the supplier can fulfil your needs. Suppliers themselves are also becoming more creative with their pricing structures, although we have not seen clients moving from traditional licence fee arrangements. At this point in time few business cases can stand the up front capital cost of new solutions and so looking to spread this with risk/reward models or usage charging starts to make sense. Companies will have to retain their existing clients while seeking to grow volume in the next few months and years. They will have to differentiate themselves in products and service, move into new partnerships and create new channels. All of this has to be underpinned by technology if it is to be fulfilled in a cost effective way. Financial Services has always been an innovator and market leader in technology and we must be more innovative than ever before if we are to support our businesses effectively. By Tracy Shadbolt tshadbolt@winchesterwhite.co.uk