James Tucker, sales engineering director at Zscaler, explains why 2023 must be the year of IT optimisation and automation.
The pandemic has shown businesses need to be more agile to react quickly to environmental factors. The recent economic downturn is an example of an unexpected environmental factor that may be even more significant than the multiple phases of lockdowns. Unfortunately, businesses are inclined to pause as much as possible in a downturn and cancel contracts, stall projects, and generally ‘batten down the hatches’ to weather the storm.
On the face of it, this approach, which is often driven by finance, makes sense. It has the effect of freezing action and, as the economy is struggling, why do anything that might rock the boat? Surely, it is better to reduce activities as much as possible and try and ride out the storm, right? Wrong. This approach makes it harder for businesses to achieve their goals, and in most situations, this is not the right approach to take. Instead, companies should view a dip in operations as an opportunity to reduce complexity and transform IT infrastructure to become more efficient.
Spend this time optimising and automating
Re-evaluating how the business runs can deliver significant improvements. As the pandemic has proven, IT has matured to be a strategic business enabler when used strategically to transform operations. In times of scarcity, people become more creative. Tuning the engine during a downturn actually sets the business up to be first out of the pits when conditions pick up.
Here are six actions to evaluate at a time of downturn:
- Review costs of IT operations
Over the past year, consider how much has been spent on IT operations. Where is the potential for cost savings when hardware is removed in favour of cloud-first infrastructures? This can relieve significant administrative burden and streamline operations for a more agile IT architecture.
Now is the time to compare pre-pandemic and post-pandemic infrastructure costs. Hybrid work has led to reduced office space, so if a site costs the same, yet a proportion of the workforce is now at home, it could be time for a more in-depth review. Going along with working from anywhere, the infrastructure costs of the corporate virtual private network (VPN) should be reconsidered if this technology is up for renewal and budgets are frozen. A cloud-based approach to remote access, based on zero trust, can boost security and performance by reframing away from securing the corporate IT perimeter and instead securing each user access attempt. It also supports a cloud-first digital transformation strategy for lean infrastructure that reduces complexity and helps businesses be more effective.
2.Transform to the cloud
This approach also reduces the need for hardware, which, in turn, minimises maintenance overheads and energy usage, while making applications and information access more efficient.
A cloud-first strategy empowers workers through seamless access to workloads from anywhere, in-line with flexible and remote working policies now held by many businesses. It frees up companies to focus on their core business by enabling IT service consumption through the cloud and managed services, without requiring enterprises to be IT specialists themselves.
What’s more, partnering with third-party cloud service providers who use renewable energy contributes to corporate green goals.
3.Automate manual processes
Examining manual IT and security activities will likely reveal a range of ways automation can be introduced, including through artificial intelligence (AI) and machine learning (ML). As an example, an incident responder in a Security Operations Centre (SOC) assessing a security incident may review data from one application or system and carry that knowledge to another application or system to perform an action. However, this is inefficient. Now is the time to find ways of automating these kinds of activities for speed and accuracy.
Companies should ask whether the provision of IT services can be automated, and if employee attrition can be actioned through the automated removal of redundant user profiles, all through a cloud-based security platform. In addition, they should check whether web proxy updates be automatic instead of being actioned by the SOC.
4.Improve the digital experience
A platform-based approach to IT delivers multiple benefits, including equipping employees to work from anywhere and streamlining access to applications and systems.
AI can be used to identify issues behind poor digital experiences of user connectivity to their online conferences, freeing up IT and security teams from troubleshooting. This can help resolve glitches, such as the system that freezes when a particular action is performed or the application that never grants access on the first attempt. Tools including digital experience monitoring, which help identify sticking points in the user experience, can be central to optimising outcomes when employees work from anywhere.
5.Reduce attack surface and review risk management
All companies have redundant domains, hardware, and systems that should be under consideration as legacy breeds vulnerabilities; at the very least, it adds to the corporate attack surface, increasing a company’s vulnerability to breaches when resources are scarce.
There are tools available, some of them free, to help assess the attack vector of the IT infrastructure and highlight risk management gaps that should be plugged. Proactively reducing the attack surface and optimising risk management can form part of a positive shift toward proactive security, while maintaining reactive response measures.
6.Automate data flows
Automating data flows can improve speed, accuracy, and efficiency. Assuming users are spread globally, and in a hybrid environment, it is critical to know who users are, what services they are consuming, and where the data they need is located. Often, data exists in disparate systems with little integration, or worst case, it requires manual analysis. This slows down business decisions, losing time and requiring effort that businesses simply can’t spare.
To address this, organisations can connect a web proxy, authentication, and data loss prevention (DLP) to security information and event management (SIEM). This will provide measurable impact in areas that include DevOps and compliance workflows.
In these challenging times, businesses will feel maxed out firefighting and loathe to consider a change programme. However, time spent reacting detracts from the opportunity to make a change for the better.
A good place to start is evaluating opportunities for optimising IT. Yet too often, businesses approach an IT upgrade with a solution-first mindset, focusing efforts on how a particular solution fits within their business. They engage potential suppliers to provide a proof of concept, but these technologies have already proved the concept; what businesses need is specific proof of value to them. To arrive at this, and a plan of action to optimise and automate, all parts of the business – security, compliance, operations and so on – must be involved. This will lead to a complete view of IT change value to the business.
Instead of closing off change, businesses should take this time of economic downturn to re-evaluate, look at IT infrastructure, and ask how they could optimise the way they operate. Investing time and effort now to optimise and automate can help businesses come out of this downturn stronger.