As we move into the second half of 2017, many IT leaders are already looking into 2018. Some organizations are telling their leadership - particularly in IT - to be “more innovative” and “go digital”, yet there’s little guidance on how such initiatives should impact an annual budget. A few trends are apparent:
- Hardware and capital investments are moving to the cloud and converting to op-ex.
- Desktops, in particular, are shrinking in popularity in favor of mobile devices (overall device spend is fairly flat).
- Small and Mid-sized Businesses continue to increase IT investment as they mature (and catch up with their enterprise counterparts).
- Overall IT budgets are on the rise as businesses recognize the growing importance of technology.
The majority of companies surveyed project their 2018 IT budgets increasing from 1%-10% over last year. But how do you best allocate budget in such a dynamic space? Gartner, IDC, and Forrester each have their own datasets and opinions, but there is a clear convergence of “digital transformation” trends: cloud, security, and artificial intelligence. What do these all have in common? Software. Let’s examine each more closely.
Moving to the Cloud
Cloud spending is on the rise, and has been for some time, with the greatest increases in the categories of SaaS (Software-as-a-Service) and PaaS (Platform-as-a-Service). These include products like Salesforce.com, Microsoft’s Office 365 (Microsoft just announced “Microsoft 365”), and an increasing number of enterprise software platforms updating to cloud-based or cloud-enabled versions. There are plenty of advantages - as an IT team, subscribing to cloud-based products can often eliminate hours of testing, deploying, and debugging patches and updates. Systems can be more tightly integrated (while loosely coupled) than ever before via maturing APIs. Additionally, these products can generally provide better (or at least simpler management of) security and access control than their premise-based counterparts.
Where many companies underestimate the cost of cloud migration is in the integration across systems. Often, there are bits of custom code lurking throughout their enterprise that only surface when suddenly things that have always worked begin to break:
- reports are missing data or are completely blank
- automated workflows are no longer automated (or even more difficult to diagnose, only a few portions of a workflow stop), or
- mailboxes and email aliases you didn’t even know exist suddenly start bouncing messages.
Issues like these can often be traced back to custom code written to solve a specific problem at a specific time. It’s all too common that data sources are scripted into a report with a hard-coded path, or email is used as an undocumented part of an automated workflow.
Thus, if “Cloud Enablement” is a part of your 2018 strategy, consider examining the software development line items in your budget to ensure they fully support the changes you’ll be making.
With many companies indicating that their IT budgets are being spread across multiple business units (instead of centrally managed), security is an important area of investment and common concern. Additionally, while best practices and solid infrastructure provide some layer of defense, the increasing diversity of applications used by the business makes it difficult for IT to ensure a secure posture. Here, I provide three pieces of advice:
- Train your employees to be security conscious. This especially includes recognition of phishing and spear-phishing attacks, and proper escalation to the IT team so you can update your defensive strategy.
- After a thorough security audit, invest in penetration testing to make sure you’ve mitigated all identified risks.
- Invest into developing a secure software development life cycle (SDLC). This is for both internal teams as well as asking the right questions of any vendor partners you may have.
Per the above topic, many organizations depend on core applications and infrastructure that is riddled with custom code - and there’s no escaping development of additional custom code and applications in the future. With attacks on code repositories at GitHub and others, the end-to-end security of your SDLC is more critical than ever. If your applications and/or data are critical to your business, then best practices and a focus on custom code will not only prevent obvious vulnerabilities (such as injection, broken identity/session management, or unencrypted storage), but also more sophisticated and difficult to detect attack vectors.
This OWASP cheat sheet is a great start; note that their estimate is that these efforts will add 5-10% to your total development cost.
It was recently proposed that Artificial Intelligence (AI) might soon replace even the most respected of management consultants, including the likes of McKinsey, Bain and BCG. This is not surprising! After all, the role of consultants is often to gather, process, and interpret data from across an organization. The top corporate executives in the world have built careers on their experience and intuition - and that intuition is really just an ability to harness a deeper understanding of data that’s historically been difficult to gather. AI can do these things faster, more accurately, and without bias.
Additionally, a recent study by Infosys revealed that of 1,600 IT and business decisions makers, 76% believe that AI is fundamental to future success. However, only 10% of those surveyed felt their organization was using AI to its full (current) potential. What’s holding them back? Lack of skills, primarily - and here again we see custom software coming into play. Do you want to integrate with IBM’s Watson? Hire a developer. How about Google.ai? Hire a developer. Facebook or Microsoft? Same - hire a developer.
If you are testing the AI waters, consider project-based staff augmentation. In the long run, it may make more sense to staff your team with data scientists and analysts (maybe even physicists - they are particularly adept at modeling systems) and leverage an outside source for as-needed software development.
The road to Digital Transformation is complex, and will impact all facets of your business. At the center of change is the “business of IT.” As you approach development of your 2018 budget (as well as plan the remainder of 2017), it is possible to minimize the “surprises” that come along with embracing new technologies and launching new projects.
My recommendation: in addition to allocating budget to initiatives such as “IoT” and “Digital Transformation”, don’t forget to proportionately grow your “Software” or “Software Development” budget. You’ll find that having developers ready and able to assist (across a varied breadth of platforms) will be invaluable in executing your strategic initiatives. Additionally, under-funding your software team could ultimately prove even more costly if corners are cut that impact security, resiliency, or innovation.