No-one goes into IT just to maintain and tweak old applications. The main attraction is always in creating new systems, preferably using the latest technology. Systems development not only makes life a lot more interesting, but when it comes to finding a new job, it certainly adds lustre to the CV.
But real life rarely lives up to our dreams, and IT is no exception. Legacy systems need to be kept going and unless they hit serious problems, companies are usually loath to change them. So a lot of time gets taken up with patching and mending rather than starting from scratch.
According to the last available expenditure statistics from the National Computing Centre (NCC), which apply to 2006, a whopping 68% of all IT spend goes on running and keeping systems going, and only 28% goes on capital expenditure and development.
The figure varies by industry. Business services, transport, utilities and finance spend more than 30% of their budgets on development, while government (local and central), education and manufacturing spend less than 25%.
For the last decade, the general rule of thumb has been that two-thirds of the IT budget goes on operations and one-third on development. That, however, could be about the change, due to a number of factors.
As the recent sensationally successful flotation of VMWare proved, virtualisation has become big business, and for good reason. Companies have woken up to the fact that they own vast estates of servers but that the utilisation rate for each machine is just 15% or so; direct-attached storage devices similarly underemployed.
By bundling different applications (often running different operating systems) onto a smaller number of servers, they can achieve much higher utilisation rates, often getting up to 85%, and cut down on a lot of support costs simply because they have fewer devices to look after.
Virtualisation also helps to solve the other twin datacentre problems of lack of space and soaring power costs. Some central London office space now rents at more than £100 per square foot, so halving the size of the datacentre (or avoiding the need to build a new one) has big financial benefits. And with areas like Canary Wharf literally running out of electrical capacity, organisations there have little option but to cut back on power usage.
Going hand in hand with the virtualisation trend is a new-found interest in data governance. For a variety of reasons, companies are revisiting the way they store data and seeing what can only be described as a mess.
Despite the widespread adoption of enterprise resource planning (ERP) systems over the last few years, which have done much to help users rationalise their operational data, information still gets duplicated and copied onto multiple systems, making it impossible to ensure consistency and security. That partly explains why so many companies are struggling to comply with the payment card industry's data security standard (PCI/DSS) - they just don't know exactly where all the credit card numbers sit on their systems.
In another study published earlier this year on IT strategies, the NCC found that just 30% of companies had a data governance policy in place, with another 30% having made some progress towards formulating a policy.
As the report says, "Although the benefits of data governance can be compelling from a purely IT perspective, in most organisations it was most likely to be seen as a blended IT and business initiative."
The IT department's motivation is to improve data quality, while the business's drivers are better decision-making through improved data quality, plus a range of compliance issues, notably data protection.
Data governance demands the right mechanisms, and that is driving a move to network-attached storage (NAS) and storage area networks (SANs). In contrast to direct-attached storage, NAS and SANs provide greater agility in the way users store data. And, like virtualised servers, they make better use of available capacity.
The same NCC report showed SANs already present in two-thirds of organisations and likely to be in 96% in two years.
The effect of these trends is to tidy up the sins of the past and provide a clean platform on which to build for the future. They require new technology, new techniques and new ways of doing things, but they are essentially going over old ground.
So coming back to the question of new development, where is the money being spent?
The NCC strategy report, published earlier this year, shows that customer relationship management (CRM) is finally being adopted by more companies. Only 17% of organisations have a fully implemented CRM system, but 33% have partially implemented it, and another 10% have it under development.
Workflow and collaborative applications are also operational or under development in more than 60% of organisations.
Fully operational business intelligence (BI) applications occur in just 35% of organisations, but another 25% say they have a BI project under way.
The demonstrable cost savings of VoIP communications make it an easy technology to sell to management, and the NCC reports shows that 53% of respondents have some degree of VoIP development, and a further 31% expect to implement it.
Service oriented architecture (SOA) is now used by a quarter of companies and a further 36% say they plan to adopt SOA.
All these developments point in the same direction. Virtualisation and better data governance through SANs and NAS will allow companies to streamline their operations, and tackle data quality. That will allow them to start making good use of the data they hold, because they know they can rely on it. Hence the growth in CRM and BI, which really can deliver tangible benefits to the business provided it has good, reliable data.
VoIP brings certain functional benefits but its main attraction is cost-cutting, while technologies such as Ajax and SOA should help to make the IT department much responsive to business demands.
So could this really be the point at which IT starts supporting the business in a cost-effective way, and providing the agility it has struggled so far to achieve? And will this leave more money for new systems development?
Well, yes and no. According to Ian Campbell, CIO at British Energy and chairman of the Corporate IT Forum, IT budgets can easily get swallowed up in unexpected ways, such as by sloppy software purchasing.
"A lot of companies regret not looking more carefully at software licensing," Campbell says, adding that annual licence fees can be anything from 10% to 30% of the purchase price.
And while SOA and application integration sound great, they can have a huge bearing on software fees. "You may start off with a CRM or ERP pilot in a single department, then integrate it with other systems and find your number of users has risen by thousands, which has a direct impact on what you pay," Campbell warns.
"You need to do some careful consideration up-front, and include clauses that allow for renegotiation," he advises, although he admits that can be "a double-edged sword".
He also strongly recommends reviewing software contracts a year before they are due to end to allow time for negotiation or changes of plan.
Even if you do manage to cut costs through simplification and integration of systems, don't expect money for new projects to be approved any more readily.
Frank Cordrey, head of development support and network infrastructure for John Lewis, says the key is to prove business benefit and alignment with business strategy, but admits this is not always easy. "Infrastructure changes, including sunsetting of old products, can be the most difficult to achieve agreement for and commitment to because they don't always bring obvious benefit and won't always fit with business plans or priorities," he says.
The one area that seems to meet little resistance from the business is security, partly because company boards are scared into action by high-profile security breaches, and partly through the need to comply with different regulations.
"Security is generally fundable as long as there is appropriate balance, pragmatism and understanding of the risk involved," says Cordrey. But he adds that compliance can get in the way of other plans. "Compliance changes are the most difficult because they often get in the way of business changes already in hand. For instance, PCI/DSS has been a major bugbear over the last few years, particularly because the card schemes have kept moving goalposts and size of pitch."
The message is that IT will always need to prove its relevance and value to the business, and return on investment will generally determine approval or refusal.
As Campbell says, that can make some infrastructure projects hard to justify because they deliver soft benefits. For instance, he has a collaboration project under way, using Microsoft Sharepoint, which he says will deliver benefits in providing a central repository for documents. But putting an actual figure on the amount of time it will save is hard to prove.
"Some projects have to go ahead in the belief there will be a benefit. For instance, how could you quantify the return on investment for e-mail?" he points out.
Other projects, such as ERP or CRM, will save a lot of manual work, and may be easier to justify on the basis of prospective headcount reductions. But as Campbell says, if you justify a project on cost reductions, just make sure you deliver. "The board will want to lock in those savings," he says.
Just because you save money with one system, don't expect decisions on future projects to get any easier. And if interest rates rise, IT investments will be even harder to justify.