Figure 1: Strategies for cost optimization
2) Drive simplification: The present situation provides the best opportunity to organize simplification drives across business.
- The business ‘line of sight’ method will yield a business perspective. This perspective could be leveraged as a guiding post on what functionalities needs prioritization. However, the bulk of simplification ideas and measures will develop from a bottoms-up review of how cybersecurity services are developed and delivered to business. It is critical to challenge the typical barrier that allow for duplicity of controls and layered but ineffective control designs.
- The output of this measure will allow most CxOs to have meaningful negotiations with technology vendors and service providers.
3) Improve productivity: The CISO organization, while being largely understaffed, has multiple activities and responsibilities that could be optimized through process streamlining and re-organizing working methods. Assurance, Operations, Service-Delivery are domains that can be prioritized.
4) Exercise flexibility with partners: While current service contracts are multi-year or due for renewals, CISOs can tap into the flexibility built into these constructs and adapt to change in demands. Close to 20% reduction in costs can be exercised by exploring options that can allow operations at planned volumes. Reducing service levels, decommissioning low usage systems, limiting capacity of some environments, and right-sourcing using a global delivery model can be explored with partners.
5) Hyper-accelerate cloud journeys: CISO functions, while being the enabler for IT cloud initiatives, could use some of the cloud-specific cost attributes themselves. A quick assessment of current service characteristics from a ‘cloud-readiness attribute’ should deliver a view of controls and services that can leverage cloud-specific consumption models. Re-platforming and retooling may not deliver immediate cost benefits, but it is a step in the right direction.
Focus should be towards a detailed execution plan and a clear view of the savings that is to be unlocked (See Figure 2). The execution team should also be empowered with quick decision-making and resources.