FEATURE : STATE OF THE CIO
could be the threshold value above which the organisation treats each of the risks identified in the risk profile as a potential threat . This will depend on its ethical stance and culture , the legal and moral frameworks it operates in and its security requirements , which will partly depend on sector .
When CIOs understand their organisation ’ s risk appetite , they can make informed choices are imposed – and after working with a wide range of organisations , we ’ ve found areas where the majority can find savings without cutting services .
CIOs need to start with a thorough understanding of the assets their organisation has and how these are used to deliver services . Staff churn , lack of documentation and time pressures often
AS SOMEONE WHO HAS MANAGED A BUSINESS THROUGH TWO RECESSIONS , I KNOW ONLY TOO WELL THE PRESSURES CIOS WILL FACE .
about where to invest to protect against the most critical threats they face . They can then embed this in governance and compliance policies , which can continually adapt as technology and associated threats change . ITIL 4 will assist here , as it is designed to help organisations make change at pace while maintaining integrity .
It is vital to obtain commitment and buy-in from the board and senior management . CIOs need to ensure fellow directors understand the importance of implementing strong governance and what this means in operating a profitable and secure business .
Governance needs to be supported by appropriate training to ensure policies are understood and everyone in the organisation understands their roles and responsibilities . All staff should understand the threats that exist and the importance of complying with the correct processes to reduces risks . This means putting in place cybersecurity training and awareness , with acceptable use policies that are linked to HR policies .
Proactively reduce costs without cutting services
As someone who has managed a business through two recessions , I know only too well the pressures CIOs will face . Remaining in control means proactively identifying opportunities to reduce costs before changes mean the picture is not as clear as it should be and services that have grown for valid business reasons may no longer be appropriate to the current situation . In a virtual environment it was easy to spin up servers without incurring additional costs , but when using cloud , the meter starts running as soon as a new server is added .
For example , we worked with one organisation with around 200 staff which was using over 90 servers to deliver services . After analysing usage , we were able to rationalise to just 40 servers that supported all core business processes while providing better results and resilience .
Another organisation had 10 separate and unlinked Azure tenancies with 120 servers . This was rationalised to 76 servers in one master tenancy , giving the CIO control while using sub-tenancies to provide capacity to individual departments . Costs were reduced by 40 %, a saving of some £ 10,000 per month . Avoiding this type of situation is all about having a proper change management process in place , with ITIL again providing guidance and ensuring that departments cannot act unilaterally .
Linked to this is the need to measure everything . Transaction logs are helpful for tracking both capacity and security . Does a server really need to be that size and shape ? Another area where savings can often be made is network connectivity .
Organisations typically install 1GB connections , but traffic analysis may show that normal use is just 20 – 50MB / s and providers often give burst capacity .
Analysis should also clarify the impact of running legacy systems . Maintaining these can cost organisations dearly , as they usually require dedicated hardware and may be impossible to put onto cloud . They also limit flexibility , while being a sunk cost that cannot be recouped . Now could be the time to consider whether there is a better way and to make a business case for ‘ investing to save ’.
44 INTELLIGENTCIO www . intelligentcio . com