Streamlining to improve security (Part 2)

In part 1, we looked at some of the causes of software proliferation. Here in the 2nd part, we look at an example of two independent systems that perform the same business function. Consider two profiles of software, one being desktop software such as word processing and spreadsheets, and the second being systems that operate from a server environment with implemented infrastructure.

In this example, we will look at a client/server business system. The same principle applies regardless of what the system does, or how we ended up with two systems performing the same purpose. For illustration purposes, we can assume that we have two insurance claims systems, each with a separate set of customers and insurance policies. Although security is the focus here, the example extends to other factors. Increased costs and skillsets have an impact on budgeting requirements if due to financial constraints, security issues are risk-accepted by leadership teams and ignored until a budget may be available to fund mitigation.

  • Infrastructure – each system will have its own set of hardware infrastructure and running costs, and may also have a separate infrastructure for development and testing purposes; separate infrastructure support contracts; infrastructure in place for disaster recovery. Most notably on the security side, a requirement to maintain physical security for a much higher quantity of hardware, possibly at an increased number of locations.
  • Skillsets – an increased quantity of differing infrastructure and software systems requires an increased set of skills to maintain the systems. With a single system, staff will develop a greater depth of knowledge, reducing the overall cost of training.
  • Access Management – running two systems will require the management of user access to both, along with any development, testing or disaster recovery environments. Reducing the number of systems reduces the overall cost of access management.
  • Licensing – where multiple systems serve the same purpose, it is often the case that a high proportion of staff needs access to both systems and not just a single system. Consolidating will reduce the number of vendors, the overall licence requirement and any associated vendor support costs.
  • Patch Management – reducing the number of business systems will reduce the overall effort required to maintain business systems at the latest vendor release.
  • Vendor Management – increased systems include an increased number of commercial relationships to maintain. Every supplier takes time to manage and deal with changes, sometimes to the point where dedicated members of staff are needed to liaise for a particular piece of software. Reducing the number of vendors reduces the administrative overhead. Also, every vendor will have terms and conditions, and with that comes the requirement to review every contract and every change in terms that may take place. Reducing the number of vendors means less work for the legal team.
  • Other benefits of consolidating two systems include reduced auditing requirements and reduced cost in delivering system changes. On top of this, reduced energy consumption in running the services will help contribute towards carbon neutrality.

Having one system to maintain will always be cheaper than developing changes across multiple business systems. Even in cases where one or all are vendor-supplied, often bespoke software provides aggregated reports using data from various systems.

Software is not the only area where consolidation can deliver tangible benefits in the form of reduced complexity and reduced costs. The points discussed demonstrate that the greater the diversity, the higher the effort and expense of keeping systems operational. Bloated back-office costs can reach a tipping point where businesses cease to be profitable. Financial savings are not always obvious, and, in many cases, implementing change will have high up-front costs with long-term tangible benefits. Consider application consolidation as a long-term strategy and not only as a tactical piece of work to be undertaken this month with expected immediate benefits.

Every case for consolidation is different and will need to be carefully considered based on individual circumstances, and delivering the overall benefits will often depend on getting the right balance. It could also be the case that when looking at one small aspect of cost, consolidation could appear expensive and cause conflict. In contrast, cost reduction demonstrated with a holistic view.