The reality is that some of the cuts are already here with many more are on the way. On October 20th, last year, Chancellor George Osborne spelled out what some were as he fixed spending budgets for each Government department up to the 2014-15 financial year. In his speech he confirmed that an average 19% was to be cut from departmental budgets over the next four years, an additional £7bn would be lost from the welfare budget and police funding would be reduced by 4% per year. Now, I wouldn’t claim we’re a selfish nation but the question on everyone’s mind is “how will this affect me?”
As individuals this is certainly an important question but let’s spare a thought for the IT department managers who now face the even tougher predicament of maintaining the same level of service with less money. Only the very fortunate few will see their budgets untouched as Government and local councils attempt to safeguard frontline services at the expense of back-office activities.
So, is it possible to make some savings and still provide a good quality of service?
It would be too depressing if the answer was no so, thankfully, it can be yes. However, any areas where savings are to be made must be carefully chosen to ensure that you do not jeopardize the mission of the organization.
As an example, consider the situation where an authority has thousands of users working on a Windows based platform. A new version of the OS is released which has some nice features but is it really needed now? The cost of upgrading thousands of users will be high, not just to buy the software but to install it and re-train the users. It could involve using external contractors and might necessitate upgrading hardware. Delaying this decision for a few years could be fiscally prudent at the moment unless the new release contains a must have security feature. Similarly delaying the upgrading of hardware will produce mid-term savings. Eventually it will have to be done but much of it can be put off until times are easier. Reducing the cost of external consultants can provide big savings. This doesn’t have to mean that the work won’t get done – just not yet. What it will mean is that external consultants will share the pain of reduced overall budgets and that contracts will have to be re-negotiated to produce more efficiency and lower hourly rates. It can be done in the interest of long term relationships.
It’s evident, then, that cuts can be made and just about everyone could think of an area to start on but one area that needs careful consideration before anything is done is IT security. Recently the Government identified “hostile attacks upon UK cyberspace” as a major risk to our national security. Anyone thinking of cutting back spending in this area needs to be certain that security is not being compromised. The Government said that it would be spending large amounts on this, figures of £500M have been mentioned, but has anyone actually seen any additional funds yet?
There are, however, things that can be done in the security area that can reduce short to mid-term costs without placing the organizations IT security at risk. Today, every organization should be using security solutions at the desktop and network level.
By employing IP filtering testing you can significantly reduce the amount of time spent on testing, can enable more regular testing to be performed, can enable the testing to be done by internal staff and can reduce the reliance upon external pen-testers. This will save money and improve security. It’s a double windfall.
It’s always going to be hard to tell fact from fiction – especially when the statement is made by a politician. However, what you can take as gospel is that, in the present economic climate, budget cuts are very real and we haven’t heard the last of them. Another fact is that improved security comes at a price - but isn’t it refreshing to discover it can be at a lower one!
Will Hogan, Idappcom Ltd, author of Traffic IQ Professional, a network vulnerability assessment tool which allows the user to efficiently test the response and recognition capabilities of security defenses across a network. For further information, and to download a free licensed version of the software, visit www.idappcom.com.