30 IT Cost Saving Measures - Part1

In this two part series, we take a look at cost saving measures in IT Management. As most Organizations would acknowledge, IT is a cost function and the budget allocated towards meeting its expenses raises eyebrows and remains a concern.


In a CSC Global CIO Survey:2014-2015, “39% of participants say that IT is still viewed as a cost center and 33% say they are treated as a Service Provider by their Line of Business colleagues meaning that IT follows the strategy defined by others and are

IT along with HR and Finance are support functions constantly seeking ways to bring value to the table. While there are ways to achieve this, a key aspect of good IT Governance is the efficient management of costs and getting more value out of every dollar spent. In this article we will look at some cost saving measures that would re-affirm our belief that “a penny saved is a penny earned”.


IT Governance

1) Organizational Structure - An agile organizational structure that is flat and takes into consideration the best aspects of a centralized, de-centralized and/or federal service structure stands to see faster decision making and fewer rounds of approval. This prevents the perils of “Shadow IT” wherein the various lines of Business circumvent IT and adopt their own IT solutions which result in added costs, poor support structure and more importantly, the need to deal with security and compliance related issues.
Re-assess the IT organisational structure and re-assign roles and responsibilities while reducing managerial and administrative overhead and keep the IT department slightly (3 to 7%) understaffed.

2) Strategic Alignment - In addition to the previous point, knowing where the Business is headed can help IT provide the Business with the right solutions at the right time. Hence, an alignment of IT with the Business priorities is vital to forecast expenses accurately and eliminate unnecessary costs.
3) Performance Management - Improving employee productivity through a “Performance Management Program” is essential to save costs as nothing can be more frustrating than adding support personnel and not seeing a reduction in the number of open tickets and/or an improvement in the overall quality of IT services. This program would include putting in place a skill and knowledge matrix mapping individual’s responsibilities to Key Performance Indicators, implementing Lean IT performance measures among others.


IT Operations Management

4) Service Desk Management - An effective Service Desk application that helps one to perform a weekly and monthly analysis of the tickets that are raised and identify ways to reduce the number of incoming requests by putting in place permanent fixes to teething issues, providing end users with additional training, updating the knowledge base with solutions to common issues, providing automated services like a password reset tool among others needs to be done with the objective of keeping the requirement of Service Desk personnel and its operational costs at a minimum.
Reducing the number of hours of operation of the Service Desk from a like to have to a need to have basis is another alternative worth considering.
5) Supplier Management - The application of Supplier Management best practices through the creation of a central repository of vendor contracts and evaluating these existing contracts helps. Thoroughly vetting and selecting vendors at the Head and Branch Office to prevent kickbacks should be considered. As a given, re-negotiate maintenance contracts with all vendors for better pricing and quality of service and consider services on a time and material basis.
Centralizing hardware and software purchases and signing agreements with major vendors helps in achieving better pricing and getting bulk discounts.
6) Capacity Management - The application of Capacity Management best practices ensures optimized utilization of IT systems and network resources through the use of DCIM Suites or other resource monitoring applications.


A recent Gartner Report, titled ‘Market Guide for Capacity Management Tools’, published on January 30, 2015, stated, “through 2018, more than 30% of enterprises will use IT infrastructure capacity management tools for their critical infrastructures to gai

7) Asset Management - The use of Asset Management best practices through central repositories help regularly review and better manage your inventory . The advantage of a centralized IT practice is the sharing of IT resources across Business Units through consolidated Data Centers or what we now call Cloud Space.
Another aspect to take into consideration under IT expenses is the review of one's replacement and upgrade cycle for your desktops and laptops with their respective operating systems and other applications. Desktops generally have a longer life than laptops as the later undergoes a lot more wear and tear due to their portability and the cycle should be adjusted likewise.
8) Share Product and Services - The centralization and sharing of more products and services across Business Units is critical to help reduce costs even if there are budget silos. The challenge lies in involving key Business personnel and getting their Units to see the benefits of adopting available products and services, changing the way they use systems and getting familiar with it through training.
9) Service Catalogue Management – Reducing the number of services provided in the Service Catalogue through various techniques including those suggested above in point 4 and increasing the length of request fulfilment on a case by case basis is worth considering. This can be achieved through negotiation with the Business by putting a dollar value to every service provided and its corresponding request fulfillment time.
10) Employee Training - Provide basic IT skills training as part of the new hire induction program to familiarize new employees with the IT systems and help them find their way through your Self-Service tools and knowledge base of known errors, common issues and their respective fixes.
An important part of this exercise can be a Security Awareness Training module which is critical these days as employees have become the path of least resistance in an enterprise network intrusion attempt and spear phishing has been the number one form of attack at the initial stage of most major Data Breaches over the last couple of years.


IT Project Management

11) Project Success - IT cost reduction measures can never be complete without highlighting the need for making IT investments through good Project Management practices.
“Work fills Time Available” is an important aspect that one needs to understand to realize the benefits of adopting project management practices and improving productivity.
Just as IT has become a necessary evil so has its success become critical to the Business in creating value and bringing forth competitive advantage. Key to its performance is the success of its Projects.
A lot can be read about making “Making IT Projects a Success” through my four part series.
It is worth noting that all Projects should undergo a Cost Benefit Analysis and where possible, a Return Of Investment (ROI) measured.
12) Change Control - All changes that do not fall under projects should be evaluated for value addition to IT Operations or meeting Business needs. Whether the change comes under the Project umbrella or otherwise, it needs to be noted that only 15% of downtime comes from unexpected events. 85% of all downtime is the outcome of planned changes. Planned downtime can go quickly from manageable to devastating for endless reasons including migrations that fail, upgrades that don’t work, installs that cause unforeseen inconsistencies and moves that take far longer than anticipated.
Hence, good project management and/or ITIL service management practices (ex: change management) is needed to ensure the smooth executions of IT services.
If we cuts costs in IT processes and procedures resulting in Business downtime and consequently financial loss, we have missed our objectives.
Security, Risk, Audit and Compliance
13) Security – With today’s growing threat landscape, it would be rather unwise for me to suggest cost saving measures in security as it was possible a few years back.


An IBM sponsored Cost of Data Breach 2015 survey across 350 Organizations in 11 countries suggest “the average cost of a data breach to be $3.8 million. The average cost of a lost or stolen record with confidential information stood at $154”.

Added to this,


the Symantec Internet Security Threat Report 2015 states that “60% of all targeted attacks struck small and medium sized organizations as they have fewer resources to invest in security”.

Hence, having your anti-virus, anti-malware, anti-spyware, firewalls (including one for web application), IDS, IPS, APT solutions and other devices in place and monitoring it through SIEM is much needed.
Small to medium size Businesses or branch offices of large firms can look at a cost effective Unified Thread Modelling (UTM) solution that combines most of the above mentioned features with the added advantage of having a single management console.
Here, an identity and access management control system can be categorized as a “like to have” rather than a “need to have” for small to medium businesses.
Exciga highly recommends one to have a half-yearly or yearly vulnerability assessment and penetration test done. For example, a basic vulnerability assessment helps an Organisation define its security posture. It helps us know where we are and where we need to be in the coming months in terms of security measures to be taken. Kindly refer to my article on “Cyber Security Priorities for 2015” to understand the need for it and how it differentiates itself from having in place a Firewall or an Intrusion Detection System.


the Symantec Internet Security Threat Report 2015 states that “60% of all targeted attacks struck small and medium sized organizations as they have fewer resources to invest in security”.

Hence, having your anti-virus, anti-malware, anti-spyware, firewalls (including one for web application), IDS, IPS, APT solutions and other devices in place and monitoring it through SIEM is much needed.
Small to medium size Businesses or branch offices of large firms can look at a cost effective Unified Thread Modelling (UTM) solution that combines most of the above mentioned features with the added advantage of having a single management console.
Here, an identity and access management control system can be categorized as a “like to have” rather than a “need to have” for small to medium businesses.
Exciga highly recommends one to have a half-yearly or yearly vulnerability assessment and penetration test done. For example, a basic vulnerability assessment helps an Organisation define its security posture. It helps us know where we are and where we need to be in the coming months in terms of security measures to be taken. Kindly refer to my article on “Cyber Security Priorities for 2015” to understand the need for it and how it differentiates itself from having in place a Firewall or an Intrusion Detection System.


A Gartner Prediction for CIOs states that “Enterprises that implement a vulnerability management process will experience 90% fewer successful attacks”.

14) Risk and Audit- An annual comprehensive IS audit across all IT disciplines may seem as an expense and most of its recommendations may suggest added expenses but if done right, it helps one to uncover deficiencies in what may otherwise seem an efficient IT operations and prevent one from being caught unaware.
While I shall take up “A Case for an IT audit” as a separate topic in the near future, to keep with the brevity of this article, I will provide a couple of different examples of what an audit can unearth:
absence of adequate software licenses resulting in penalties or presence of unused ones which can be re-allocated.
change control issues where a server admin provisions remote access to a vendor through FTP and later forgets to disable it leaving the network wide open to intrusion.
A sub task of an IS audit is a risk assessment which helps identify potential risks for which cost effective mitigation strategies need to be put in place. Failure to assess and acknowledge risks leaves one in a situation where a disaster awaits which in turn incurs expenses.
All risks that cannot be addressed due to budgetary constraints requires the acknowledgement and acceptance of the Business. It also needs to be highlighted in the audit report time and again.
Hence, an IS audit helps bring a better awareness of what has been overlooked, what needs to be addressed urgently and what helps to better manage your costs.
15) Compliance – From the first day of taking up office in an IT Management role, it is best practice to be aware of the industry sector one serves and the compliance requirements (ex: PCI DSS, HIPAA, SOX etc) that need to be met. A lot of expenses go towards undoing and then re-doing systems to meet compliance.


A Ponemon institute research report of a study of 46 organizations suggested “an average cost of $3.5 million for meeting compliance and an average cost of $9.4 million for non-compliance related problems. On an average, non-compliance costs 2.65 times mo


In Part 2 of the series, I will take a closer look at steps to reduce the maintenance of IT Infrastructure costs. So stay tuned :-)


About the author: