By Sascha Giese, Head Geek at SolarWinds
Each year, SolarWinds surveys IT professionals around the world to gauge what’s most pressing to them andunderstand their organisations’ challenges and how they intend to overcome them. In 2021, SolarWinds wanted to know what organisations thought of the increasing risks they face from the reality of supporting the hybrid workplace and the expanding cyberthreat landscape—and how they’ve prepared to address these risks.
As SolarWinds knows better than most, cyberattacks can be highly sophisticated, well-resourced, and persistent.
The findings of the SolarWinds IT Trends Report 2021: Building a Secure Future show there’s trust in new technology and organisations plan to invest. But considering ever-shrinking budgets and looking toward a still-uncertain future, it’s not always easy to get priorities right. This raises an important question.
How Can Organisations Turn Spending Into an Investment Instead of Throwing Money Into a Cost Centre?
Most business consider infrastructure updates as a valid way to stay secure, and IT organisations are actively exploring and evaluating a wide range of helpful innovations.
Investing in a modernised infrastructure promises additional benefits, such as increased productivity andhigher availability.
But IT pros don’t have to chase the latest and greatest all the time. Even “simple” things like IT automation can deliver easy wins for each org, as it’s almost cost-neutral and lowers the burden on security analysts and responders.
An infrastructure refresh does come with some unavoidable challenges, however. On the one hand, there’s legacy gear or applications requiring special attention to “convince” them to work with newer elements. On the other hand—and this is the bigger issue—is the need to enable the IT team to deal with increasingly complex constructs.
As shown in the SolarWinds IT Trends Report, 45% of the respondents reported the lack of training as one of the top challenges.
When planning for a new system investment starts, the project should include a training budget. Distributed microservices are useless if no one can manage them in case of failure. One way to solve this problem is to engage external expertise in the form of a managed service provider (MSP) or managed security service provider (MSSP). In fact, many survey respondents cited this as a way to overcome these challenges.
External help is a great opportunity for independent consultants or third-party organisations who provide specialised knowledge, and though they’re crucial for designing and deploying, they remain beneficial in managing and maintaining, too.
What About Processes and Guidelines?
The majority of respondents reported internal threats are bigger than external ones, and there are good reasons for this. Each org runs their IT based on protocols and best practices. Best practices are based on experience and a “this worked well in the past, so let’s continue with it” mindset. But there’s little room for emergencies like a global pandemic—as a result, only half of all businesses managed to stay within their protocols throughout the pandemic.
Moreover, the dynamics of a work from home or hybrid work situation caused a lot of headaches for IT professionals.
The other lesson IT pros learned was to pay more attention to who’s already inside the four walls. A persistent supply chain attack like SUNBURST shows our entire industry faces an increasingly treacherous threat landscape. It’s the reason why initiatives like Secure by Design are so important and why IT practitioners, executives, and business leaders need to ask more of every software vendor they choose.
Businesses should ask their vendors what their approach is to a secure software development life cycle and how they plan to deal with new threats or vulnerabilities.
The same applies to contractors, who might work on a single project for a temporary time frame. Can the IT team ensure access restrictions are in place and functioning correctly?
Finally: Collaboration and Communication
The survey showed only 31% of senior leaders understand the needs of the IT team and are aware of the risk exposure of their business. Additionally, 27% of the respondents said IT leaders experience challenges convincing other leaders to increase IT budget.
But communication issues exist even within IT teams. Talking to customers in the Middle East at GITEX this year showed silos still cause delays and prevent proper teamwork and finger-pointing is still an issue.
This means there’s a lot of work ahead for IT directors and above to align internal teams and bring them closer together. This is a requirement before bundling competencies to bring crucial problems to the attention of the board members.
The good news is the survey respondents have seen an improvement in this area, and bringing people together is always a worthy goal. And it doesn’t require a major investment.
