I was visiting a client recently, a senior and well liked IT manager within local government. As a chap I have known for almost 10 years, he was in generally good spirits although he was bemoaning the fact that one of his team was leaving at the end of the month and it was unlikely that he would be replaced.
Between extreme budget pressure and further cuts likely over the next year, the IT manager was stretched a bit thin.
When I asked him what he planned to do about the situation, his response was a theme I had heard before: “We just do more with fewer people!”
The guy leaving the team was nominally in charge of security and although a sacred cow for many organisations, there was enough expertise with the department to cover his duties. The key was the level of automation the organisation had achieved across its IT processes.
Many tasks including storage management, network management and security information and event management are all processes that the IT manager had began to heavily automate over the last few years, in common with many other organisations. In the boom years, IT departments grew rapidly, with it not uncomment for them to represent five percent of the workforce in information centric companies. But the promise of technology designed to reduce complex and time consuming manual tasks was sometimes overlooked.
The economic downturn and the backlash against complete outsourcing have refocused many IT departments to find ways to do more with less and security is a particularly good example.
Within the UK, requirements like Code of Connection mandate levels of security in place and audited before communication can take place between different tiers of government.
Unfortunately, the process of inspecting security logs, firewall settings and user activity can be a resource hungry and rather dull activity. Within his department, much of these types of processes have been automated with only issues or anomalies generating warning for further inspection. In addition, the use of appliance based technology has further mitigated maintenance and support issues.
There is still a need for security professionals who have the knowledge and experience to deal with real threats, but these specialists can avoid the “grunt” work that is often a waste of their valuable time.
The 'recent Report on Jobs' by KPMG and the Recruitment and Employment Confederation as well as a possible tightening of immigration with the current political wind, might also impact on the ability to recruit and retrain highly technical staff with the IT field.
Across the board, IT managers whether they are in the private and public sector are assessing how to meet a growing number of security and audit requirements and ease of use and levels of automation present with software and appliances should be high on any selection criteria. The mantra of “More for less” is likely to be with us in the UK for a long time to come.