In part 1 we looked at some of the causes of software proliferation. Here in part 2 we look at an example of two independent systems that perform the same business function. For the purpose of outlining examples, there are two profiles of software, one being desktop software such as word processing and spreadsheets, and the second being systems that operate from a server environment with its own infrastructure. In this example we will look at a client/server business system. The same principle applies regardless of what the system does, or how we ended up with two systems performing the same purpose. For illustration purposes we can assume that we have two insurance claims systems, each with a separate set of customers and insurance policies. Although security is the focus here, the examples extend beyond security as other factors such as increased costs and skill sets have an impact on budgeting requirements, which also impact on security if due to financial constraints. Security issues are risk-accepted by leadership teams and ignored until a budget may be available to fund mitigation.
- Infrastructure – each system will have its own set of hardware infrastructure and running costs. The systems may also have separate infrastructure for development and testing purposes; separate infrastructure support contracts; separate infrastructure in place for disaster recovery. Most importantly on the security side, a requirement to maintain physical security for a much higher quantity of hardware, possibly at an increased number of locations.
- Skill sets – an increased quantity of differing infrastructure and software systems requires an increased set of skills to maintain the systems. With a single system, staff will develop a greater depth of knowledge and the overall cost of training will be reduced.
- Access Management – running two systems will require the management of user access to both, along with any development, testing or disaster recovery environments. Reducing the number of systems reduces the overall cost of access management.
- Licensing – where multiple systems serve the same purpose, it is often the case that a high proportion of staff need access to both systems and not just a single system. Consolidating will reduce the number of vendors, reduce the overall licence requirement and any associated vendor support costs.
- Patch Management – reducing the number of business systems will reduce the overall effort required to maintain business systems at the latest vendor release.
- Vendor Management – increased systems include an increased number of commercial relationships to maintain. Every supplier takes time to manage and deal with changes, sometimes to the point where dedicated members of staff are needed to liaise for a particular piece of software. Reducing the number of vendors reduces the administrative overhead. Also, every vendor will have their own terms and conditions and with that comes the requirement to review every contract and every change in terms that may take place. Reducing the number of vendors reduces the burden on the legal team.
- Other benefits of consolidating two systems include reduced auditing requirements and reduced cost in delivering system changes. On top of this, reduced energy consumption in running the services will help contribute towards carbon neutrality.
Having one system to maintain will always be cheaper than developing changes to multiple systems. Even in cases where one or all the systems are vendor supplied, bespoke software is often required to provide aggregated reports using data from both systems
Software is not the only area where consolidation can deliver tangible benefits in the form of reduced complexity and reduced costs. The points discussed demonstrate that the greater the diversity, the higher the effort and cost of keeping systems operational. Bloated back-office costs can reach a tipping point where businesses cease to be profitable. Financial savings are not always obvious and, in many cases, implementing change will have high up-front costs with long-term tangible benefits. Application consolidation should therefore be considered as a long-term strategy and not only as a tactical piece of work to be undertaken this month with expected immediate benefits.
Every case for consolidation is different and will need to be carefully considered based on individual circumstances, and delivering the overall benefits will often depend on getting the right balance. It could also be the case that when looking at one small aspect of cost, consolidation could appear expensive and cause conflict whereas taking a holistic view, cost reduction can be demonstrated.
Information security consultant with over 20 years’ extensive experience gained across a diverse range of private and public industry sectors including insurance, banking, telecommunications, health services, charities and more, both in the UK and internationally. Graduated in 1997 with a software engineering degree and specialising in cyber security, risk analysis, compliance reporting and access management.