IT budgets are going through a reality check in a big way.
Economic headwinds are causing tech investments to be under greater scrutiny. Some projects will move forward — and unfortunately others won’t. With spend getting slashed, the focus now is finding other ways to fund priorities.
Compounding tighter budgets are lower headcounts. In fact, one recent study found 77% of security professionals said their departments faced layoffs in the last six months. For those left behind, not only does this increase the chances of employee burnout, but it also ups the risk of security incidents slipping through the cracks.
To avoid both of those scenarios, the emphasis (and the challenge) is looking for areas to “get more bang for your buck”.
One of the first places to check out: cost inefficiencies in the tools and assets you already have.
With smaller budgets and less staff, there’s an urgency to automate manual, time-consuming, and low-value tasks. Sometimes the best place to start is looking at your existing tools and assets to get a deeper understanding about deployment, usage, and ROI.
There are a lot of actions you can take to identify unrealized spend. But it’s not always easy to figure out what and where the cost inefficiencies are.
Here are three steps to help you get going:
There’s never enough time in the day. Your team can’t afford to lose time manually tracking down assets, when they could be focusing on more strategic initiatives that deliver ROI.
Find opportunities for automation. For tasks like vulnerability management, there are tools available that can automate the entire process. In return, your team can work on ways to drive the business forward.
Imagine overseeing an organization with multiple business units — all of which are highly decentralized. More often than not, identifying security gaps like in antivirus coverage is beyond difficult. And when an incident or vulnerability crops up, it’s nearly impossible to locate and then understand the specific asset or assets in question – once again wasting valuable time. By making sure your solutions are sufficiently deployed, you’re not only getting what you paid for, you’re once again eliminating the need for manual labor.
The usage and demand for SaaS applications has only added challenges to the IT environment. It’s becoming more difficult to know what makes up an entire SaaS app stack. But it’s way too easy for individual teams to purchase and download SaaS applications (sometimes on the sly) every day.
Having more visibility into all SaaS apps in use can also provide visibility into spend. Specifically, where are the redundant apps, or underused or duplicate SaaS licenses located.
Once you’ve found cost inefficiencies, you can start to take action — and optimize your IT and security teams for the new economy we find ourselves in.
Automating tasks saves valuable person-hours and provides a better understanding of everything that’s happening in the IT environment. Having a complete and accurate asset inventory can help with much-needed visibility into what’s new, not in compliance, or underutilized.
By pinpointing what and where cost inefficiencies are, you can put dollars back into the business and your team.
We take a deeper dive into the importance of identifying cost inefficiencies and the role of IT cost optimization in our latest ebook.
"Culture is the foundation for any high-performing team. We all process information differently, we listen differently. We come from different backgrounds and experiences. No matter who you are, I want to know that. I want to understand what makes you you and treat you the way you want to be treated, not how I project myself onto you.”
— Jen Easterly, director, Cybersecurity and Infrastructure Security Agency (CISA)
“[Create an environment] where people can understand when they can take time off and not feel like everything is going to fall apart. [Where] they have a plan for their career and how they’re going to grow. [Where] they have time to be with their friends and family enough not to be burned out."
— Deidre Diamond, founder and CEO of CyberSN and Security Diversity
“Actively invite engagement, listen with purpose, and look for signs of burnout. You can't expect everyone to feel equally comfortable expressing an opinion, and so it's important to solicit feedback at times as opposed to always passively expecting it. When you are getting engagement, listen with purpose. Make an effort to not only hear what's being said, but understand and empathize. Lastly, look for signs of burnout. … If you're noticing signs of burnout on the team, look for ways to intervene, like ensuring adequate team resourcing/load balancing to create a healthy work/life balance for everyone, and that team members are able to take PTO."
— Daniel Trauner, senior director of security, Axonius
“We need an environment where failure is not only tolerated, but an understood aspect of innovation. Our attackers are failing forward every single day, [and] we deserve the ability to do the same if we are going to protect our people, data, and organizations.”
— Chris Cochran, co-founder at Hacker Valley Media and creative director at Axonius
41 Madison Avenue, 37th Floor
New York, NY 10010