IT Security: Will IT departments ever have a chance to spend the money they want on initiatives they consider top priority?
The struggle to spend versus save has often been a two-sided war (and it makes sense in a process of checks and balances). However, CFOs have traditionally understood allocating budgetary resources for IT to spend on hardware and software programs necessary for business processes.
But the transformation of the IT industry has followed a pattern of evolution. Recently, there’s been an invasion of disruptive technologies and new advancements in the industry. This transformation, and the velocity at which it has occurred, has forced IT to reevaluate its budget and focus on new spends.
These new, more technologically advanced spends aren’t as easily justifiable to finance departments, nor are they as widely accepted and understood by companies as a whole. CIOs and IT departments are finding it difficult to show direct ROI in a cloud investment or mobility strategies for remote employees – so the war over spending continues.
Curt Hessler, an Independent Education Management Professional and member of the RampRate advisory board, explains the conflicted relationship between IT and finance (and other departments) this way: “As the Internet became integral to the core businesses of major corporations, whether they thought they were in a digital business or not, that changed. It became obvious that having an IT infrastructure that was Internet-friendly, etc., was going to be very important to drive revenue.”
However, Hessler points out that there is a new focus of IT spending that is moving into the spotlight and bringing these often opposing sides together; they are uniting in the face of a growing threat.
Preventative strategies for ensuring IT Security might just be where these two groups see eye to eye. The threat of a IT Security breach or a dangerous hack is real (just look at Target, Home Depot, and JP Morgan) and viewed as a high priority (although not top priority) to both departments.
Today, every company is vulnerable when it comes to a potential IT Security breach. A company that suffers a IT Security breach faces decreased trust (and even anger) from customers, and legal action. Financially, these messes can cost a ton to mitigate – from new IT investments through to public relations and marketing efforts. All of this is incredibly embarrassing … and somewhat preventable.
In effect, more companies are putting the pressure back on IT to ensure that IT Security becomes the top priority. The question they are asking IT is, “How can we ensure it?”
And that creates middle ground with the finance organization. This is where the finance and IT departments converge and both view this protection as a necessary spend. More importantly, the legal departments are also seeking inclusion and in the end, each group genuinely has a vested interest in being involved and coming to a consensus.
In terms of the legal department becoming a key player, Hessler points out that “The lawyers, I think, were out of it for a long time except for being finally consulted on the contract the company had with whoever was supplying their back office IT stuff. Now, it’s a constant worry about IT Security… for anybody who has lots of customer accounts or any other kinds of sensitive information, IT Security is a top concern.”
So as the concern about IT Security continues to mount and company data is compromised, we may see IT investments shift away from supporting new technologies and toward IT Security – maybe even to a fault.
While IT departments may never again enjoy the freedom they had in years past, their spending will continue to be dictated by industry trends. The IT Security trend might just send IT, finance, and legal departments into forming a triad of protection (and agreement) and result in an IT budget heavy in IT Security investments.