Reduced IT Complexity Equals Less Risk

Michael Vizard

Every once in a while, two trends converge, creating something much more than the sum of the two parts.

For the past two years, just about every IT organization has been aggressively cutting costs. That generally has meant consolidation, resulting in fewer servers and applications as these organizations also look to make management easier.

At the same time, the number of regulations with which these organizations must comply continues to increase. Well, a funny thing happens when you consolidate applications and servers: You reduce the complexity of your IT portfolio. And when you reduce that complexity, you also by definition lower your risk.

The complexity of 20 years or more of IT investments is one of the major reasons companies are so vulnerable to security breaches. So the economic downturn might have done everybody a favor by forcing companies to eliminate applications and servers, effectively reducing their potential targets of attack.

George Westerman pointed out this relationship two years ago in a book called "IT Risk: Turning Business Threats into Competitive Advantage." It's unfortunate, though, that we had to wait for an economic downturn to bear him out.

In the meantime, a recent survey conducted by OpenPages, a provider of software for managing governance, risk and compliance, found that only 28 percent of the IT people said their organizations have taken a holistic approach to GRC, with the rest relying on single point products or spreadsheets to manage the process.

That suggests that we still have a long way to go in terms of managing the GRC process, but at least in the wake of the economic downturn, we can at least say some progress is being made.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Add Comment      Leave a comment on this blog post
Dec 1, 2009 4:15 PM Jacob Ukelson Jacob Ukelson  says:


  I couldn't agree more. Spreadsheets and email are still the pervasive GRC process management tools. I think it is because people like to continue to use the tols they are comforrtable with, and they allow a quickstart with no programming. At ActionBase we have created GRC tools that allow people to remain in their familiar Office and Outlook environment, but extended with support for GRC processes - http://www.actionbase.com/solutions/audit-tracker

Dec 3, 2009 1:43 PM Umesh Harigopal Umesh Harigopal  says:

TCO, ROI are always top of mind as you figure out how to manage your top and bottom lines as a CIO looking to make a difference for your company. Our objective is to provide you with a quick and easy estimate of potential savings and does not substitute for a full TCO/ROI analysis. It is based on a user segmentation model and desktop re-fresh cycle.

Recently I had shared with you a Red Hat TCO calculator based on the Liberate-Migrate strategy and IBM's Lotus Software. This calculator offers a 5-year TCO view of your IT spending and how you can save money around Software license, Hardware, and Opera-tional costs with an annual and cumulative comparison of as-is and future (proposed) situations. Is it just 50% reduction in TCO? Check it out here:


Meanwhile Red Hat has also published a C level whitepaper that provides strategies and best practices to reduce TCO of IT investments on desktop and server by using IBM   Client for Smart Work on Red Hat:


The arithmetic is simple. Share this also with your CFO. Save the results if you want to get back to it later on. Share this with your social network.

Best Regards,

Umesh Harigopal

Ecognize LLC



Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.