IT budgets: Prioritise security, relocate technical staff, and avoid digitising silos

Analysts and senior execs think security will be one of the key priorities for Australian enterprises in 2018; however, they remain restricted by relatively stagnant budgets.
Written by Tas Bindi, Contributor
(Image: Helloquence/Unsplash)

IT has historically been perceived as a "back-office, administrative resource", according to technology analyst firm Gartner, but today it's considered a significant strategic resource propelling businesses forward.

Business unit leaders now expect CIOs and other IT decision-makers to help them identify how best to exploit technology to maximise the efficacy and efficiency of business processes, decrease operational costs, improve customer and employee experience, boost revenue, and create additional revenue streams -- all the while staying within a budget.

However, talent and resources are once again identified as the biggest hindrances to CIOs achieving their objectives, despite budgets increasing incrementally, according to Gartner.

This calendar year, enterprise IT expenditure in Australia is expected to reach AU$83.1 billion, with an average increase of 2.2 percent from 2016, the firm said.

"Applying back-office funding techniques to a strategic resource creates a disconnect that results in waste, imbalance, and frustration, which impede enterprise performance," Gartner said in its 21st Century IT Budgeting: Distributing Responsibility for IT Spending report.

ZDNet spoke with senior executives and technology industry analysts to understand what Australian enterprises will invest in next year, and how they can put their IT dollars to good use.

Keep security front of mind


Andy Rowsell-Jones, VP and research director at Gartner

(Image: Gartner)

Andy Rowsell-Jones, VP and research director at Gartner, told ZDNet one of the biggest investment categories under the IT umbrella is digital security. The analyst firm predicted that Australia will spend AU$2.7 billion this year on information security, a 1.1 percent increase from 2016, and that it is the largest area of enterprise spending in Australia.

The Australian demand for security services is also reflected internationally, with Gartner predicting it will be the fastest growing segment, reaching $86.4 billion this year, a 7 percent increase from 2016. This will be driven by the wave of ransomware attacks and data breaches reported recently, as well as impending data breach and protection legislation coming into effect in Australia and Europe. Rowsell-Jones said organisations are keeping security front of mind.

"Boards of directors in Australia and New Zealand are answerable to, interested in, and concerned about two things: digital disruption, because if I miss a digital disruptor on my watch, I look like an idiot; and digital security because if I leak private data into the public or I experience a DDoS attack, there's the embarrassment factor and the prosecution factor," he added.

"Financial services regulators in Australia are becoming less tolerant of data breaches, security breaches. It's on their radar, so if you're operating in a regulated industry like health or financial services, you're not going to be ambivalent about security. It's going to become a number one concern."

Robert Le Busque, managing director of Australia, New Zealand, and India at Verizon Enterprise Solutions, said this is why the company is increasing its investment in the development of enterprise security solutions.

There is a growing understanding among enterprises in Australia and the broader Asia-Pacific region that traditional security operations need "significant augmentation" to deal with new risks, Le Busque said, adding that Verizon has seen 25 percent year-on-year growth in its advanced security business from 2016 to 2017.

"We're seeing increasing demand [for help with] advanced security operations such as threat hunting -- going out and actively searching for cyber threats that could impact an organisation and helping that organisation to proactively manage and get ahead of that threat -- all the way through to helping organisations react and respond to mandatory [data breach] disclosure laws coming into effect [in March] next year, which is going to change the IT and cybersecurity landscape in Australia significantly. These create great opportunity," Le Busque told ZDNet.

Mulesoft is similarly investing in the development of enterprise security solutions, which its Asia Pacific VP Will Bosma said "makes a lot of sense" because the company's platform "sits at the centre of an organisation, connecting all of its applications, data, and devices."

"I think that naturally, our customers will start to look to us for solutions around enterprise security ... if Mulesoft is the fabric of an organisation, then it makes sense to use that fabric as a security fabric and connectivity fabric because you can secure every node in that network individually and consistently," Bosma told ZDNet.

He added that the issue of security is lot more complex today, especially because organisations are increasingly moving to the cloud.

"The issue of security is a lot less about building a firewall. If you [continue] with that analogy, it only takes one etch in the wall and then everything is exposed ... Each and every node in your network -- whether it's an application, a device, or a data source -- should be secured in its own right. It's a different way of thinking about security," Bosma said.

Gartner said large organisations are looking to security consulting and IT outsourcing vendors to provide customisable delivery components sold with the managed security services, which are designed to help organisations address the complexity of designing, building, and operating a mature security program in a short amount of time.

"As IT outsourcing providers and security consulting firms improve the maturity of the managed security service they offer, customers will have a much broader range of bundling and service packaging options through which to consume managed security service offerings," Gartner said in an announcement.

"The large contract sizes associated with IT outsourcing and security outsourcing deals will drive significant growth for the managed security service market through 2020."

However, improving security is not merely about spending on new technologies, noted Sid Deshpande, principal research analyst at Gartner.

"Organisations can improve their security posture significantly just by addressing basic security and risk related hygiene elements like threat-centric vulnerability management, centralised log management, internal network segmentation, backups, and system hardening," he added.

Decrease operational costs and invest savings into value-creating activities

Rowsell-Jones said enterprises are spending roughly 70-85 percent of their IT budgets on "keeping the lights on" or "business as usual", with little left for innovation.

"The funding for digital disruption, which we call transformational spend, is 12-15 percent of the total IT spend," he said.

"Obviously, if you're an incumbent that raises an awful lot of angst if you're trying to compete with newly arrived, or feared, digital rivals who are basically spending all their IT money on digitisation. There is a basic allocation problem that many organisations are facing."

As such, decreasing operational costs will allow organisations to experiment with technologies that could boost revenue, Rowsell-Jones said.

Both Gartner and fellow research firm Forrester foresee decreased spend on infrastructure in 2017 and 2018, as cloud adoption increases.

Le Busque said the "convergence of network technologies", as well as advances in 5G, fibre transport, and other layer technologies, allows organisations to reduce operational costs.

For example, software-defined networks (SDN), which Verizon is increasing its investment in next year due to customer demand, introduces a layer of software between bare metal network components and the network administrators who configure and set them. This software layer gives network administrators an opportunity to make their network device adjustments through a software interface instead of having to manually configure hardware and physically access network devices.

The result is reduced infrastructure costs and more efficient network operations, Le Busque said.

"What software-defined networking really does is it provides customers with an incredible new array of types of services that they can consume over the network itself, as opposed to having to go and install a new router or a new piece of hardware for every time they want to add a new service or feature to an existing network," he added.

"[Organisations] are not having to spend as much on physical infrastructure; they can spend a lot more on the services they provide over that network ... it takes their spend further up the value chain."


Robert Le Busque, managing director of Australia, New Zealand, and India at Verizon Enterprise Solutions

Image: Supplied

An unnamed Verizon customer deployed SDN technology across their retail outlets in Australia with the aim of improving the customer experience, rather than reducing infrastructure costs, Le Busque said. The retail network wanted to allow its shoppers to comparison-shop whilst in store.

"Having that customer access their wi-fi hotspot, and using the SDN technology to enable that, gives them a far bigger data build on customer behaviour [such as] what they're searching for ... That information can be powerful, [enabling them to] present customers with choices and opportunities at point of sale," Le Busque added.

Bosma thinks cost optimisation starts with identifying what business outcomes an organisation is looking to achieve.

"A pathology business, for example, will need to ask, 'What are we trying to do here? Are we trying to reduce the cost and time it takes to get a pathology result for a customer'," he said.

"Always start with a business outcome and come back to the technology, as opposed to choosing the technology and then figuring out what the business outcome should be ... Technology for technology's sake is not going to drive what you really need."

Tim Sheedy, principal analyst at research firm Forrester, believes moving to the cloud is a no-brainer, though he was hesitant to say that it's cheaper. It can be cheaper when done right, he said, but importantly, organisations will have difficulty innovating with just on-premises infrastructure.

And it's through innovation that organisations can establish additional revenue channels, Sheedy said. Subsequently, increased revenue would enable them to increase their IT budgets.

"I would suggest to any CIO struggling with their budget today to look at cloud computing as a way of optimising their spend while at the same time knowing that they're driving better outcomes and opportunities to innovate," he added.

Put technical staff where they can make a difference

According to Forrester, nearly half of technology spending was made directly by business units or employees without the IT department's involvement in 2016, and only 14 percent of technology purchases made directly by the IT team did not involve business leaders.

Sheedy suggests CIOs "rip apart the current IT structure" and relocate developers to other business departments "where they can actually make a meaningful difference".


Tim Sheedy, principal analyst at Forrester

Image: Forrester

He said the current model of development is full of efficiencies, with developers being "KPI'd on things like time and budget, not on customer satisfaction, number of transactions, or revenue."

"If your digital experience is your differentiator to your customers like a software business, then you have to operate like a software business, and software businesses don't ask their IT team to write their software for them," Sheedy said.

"There is a growing proportion of organisations putting their tech staff into other business teams ... ERPs are owned by finance, HR systems are owned by HR, sales systems are owned by sales. The [different departments] own the developers, they own the management of those systems.

"While there are not huge amounts of new funds available for technology, technology spend is increasing because it's the other parts of the business that are spending on technology ... In those organisations, the IT budget then becomes part of the product budget, customer budget."

Sheedy said this approach will significantly change the way budgets work within a business.

"There are plenty of IT departments these days, even in some of the really big banks, that don't really have their own budget anymore, or all their budget comes from other parts of the business," he added.

Bosma, on the other hand, believes the business case for purchasing software from vendors is stronger than building software in-house.

"I struggle to understand why a business -- whether it's a pathology business, a bank, or a retailer -- would want to become a software developer. Getting packaged software nearly always ends up being far more cost-effective and easier to support," he said.

Don't digitise silos

Bosma said the reason some organisations don't derive many benefits from their digital transformation initiatives is because they're "digitising silos", which is not an optimal way of spending funds allocated to IT.

Organisations have hundreds, if not thousands, of software applications that are not connected, he added, which creates "disjointed experiences for customers, partners, and employees".

"You will not get the returns you had hoped for from the investment. For example, digitising a manual application process may well deliver some marginal reduction of processing cost and could conceivably reduce application processing. But if the application process is not connected to back-end processing or credit risk processing or the 100 point identification process, then you have not fundamentally transformed the customer experience and as a result are [not] likely to get the kind of returns you are seeking," Bosma said.


Will Bosma, Asia Pacific VP at Mulesoft

Image: Supplied

Often business departments are forced to make siloed technology decisions out of frustration with central IT's inability to deliver on new projects, Bosma explained.

"[They] end up purchasing their own technology tools. This is the basis of the 'shadow IT' phenomenon that has risen up the agenda in recent years," he said.

"When an opportunity comes along, the window is actually very small. If you don't participate in the first wave, you can miss the wave altogether. And if you like the profit engine that's associated with [the opportunity], you have to be able to respond and change quickly.

"The real purpose of digital transformation is about being able to turn yourself into, what we call, a 'composable enterprise', which means you can quickly adopt new technologies, connect all those assets, and innovate faster."

Bosma encourages organisations to adopt the practices and principles of DevOps -- a portmanteau of 'development' and 'operations', and a production philosophy that embraces experimentation and iteration with a measure of control -- so that they can respond quickly and cost-effectively to industry trends and customer demands.

He believes DevOps is "making a real comeback", but it's a different type of DevOps.

"It's an agile DevOps that looks at [innovation] as a continuous pipeline of small projects that just keeps going through incremental changes," Bosma said, adding that Mulesoft will continue to invest in improving its platform to simplify DevOps processes.

He additionally suggests CIOs and IT decision makers "champion the creation of a central hub where discoverable and reusable building blocks, such as APIs and templates, can gradually accumulate."

"By creating reusable building blocks for wide consumption, CIOs can begin to decentralise IT and empower the wider business to innovate faster, while avoiding silos," he added.

In addition, organisations are increasingly recruiting executives -- such as a chief digital officer (CDO) -- with a cross-line of business responsibilities who form a bridge between IT and other business departments, according to Bosma.

"The key is that they look at the transformation from a process perspective, with a focus on channels to market and stakeholder experiences," he said.

Bosma also highlighted the importance of enabling business-wide reuse and discovery of data and assets by using an API-led approach that "unlocks the value of existing systems that other would have been siloed, thereby allowing for rapid innovation without compromising the security and control of critical data and infrastructure."

"APIs can be used everywhere -- including building orchestration services or experience services in the form of new mobile apps or portals or whatever the case may be," he said.

"The end result is building an application network, from the bottom up, which connects every application, every device, and every source of data -- rather than having point-point connections or fixed linkages between systems, applications, and data stores."

Editorial standards