White says IT infrastructures are suffering from years of neglect, as companies have progressively squeezed the pips out of IT budgets and payrolls while demands and security threats have increased. IT staff are overworked, worried about meeting day-to-day requirements and struggling to focus on improving the service they provide.
“There’s been so very little spending in recent times that they’re worried that their systems will just crash,” White told the IDC Directions conference earlier this month.
Managers are right to be concerned: temporary spending cuts are to be expected in any organisation, but the restraints on expenditure have left some IT departments constantly patching their systems and unable to respond effectively to changing business requirements. Old systems don’t cope with recent realities such as fat pipes, telecommuting and more sophisticated attacks; overworked IT staff don’t have time to train users.
White’s comments followed a week in which the Sasser worm wreaked havoc with corporate networks here and abroad. Local victims of Sasser included Westpac and reputedly at least one other trading bank, some government departments and an academic network. Corporate networks often rely on firewalls which, once circumvented by an infected laptop, are effectively wide open to worms like Sasser and Blaster that only need to connect to a network port to spread.
The message Microsoft security evangelist Steve Riley delivered to a security conference a week earlier — that security can’t be left to the network perimeter — couldn’t have been better timed. In fact, firewalls probably lull corporate users into a false sense of security that turns a LAN into a Sasser-friendly playground.
Some users seem to accept malware attacks, network outages and unreliable computers as the norm — nothing out of the usual. CEOs and company directors sometimes seem to share their indifference, and treat IT as an expensive commodity rather than a tool to improve business.
When a company fails to keep its IT infrastructure up to date, it simply extends the opportunity for problems to arise. Getting accurate estimates of the cost of infrastructure problems is difficult — the multibillion-dollar estimates of antivirus vendors seem particularly overblown — but there’s no question that it has a real impact on productivity.
Savvy companies understand that IT is an essential part of their business process, and that a modern, efficient IT infrastructure is a competitive advantage. Ironically, it may require a serious infrastructure failure for some companies to understand that.
When Microsoft releases the next service pack for Windows XP later this year, its client OS will finally have a few of the best security features of Linux and Macintosh systems — a preconfigured local firewall, and unneeded services disabled by default. Combine that with packet inspection at the network perimeter, client quarantine and avoiding common configuration errors such as allowing uninspected virtual private network traffic through the firewall, and a company’s IT security and reliability concerns are largely mitigated. (Microsoft hasn’t committed to providing a similar security update for Windows 2000 clients.)
Many companies do need to invest more in their IT equipment and payroll, but IDC’s White says there are encouraging signs that will happen. A year ago cost-cutting was the biggest priority for IT managers, but now it’s only priority #3. IT managers are more likely to expect budget increases than they were six months ago, and worldwide IT spending is expected to increase over the next four years. CRM and e-commerce, once tainted by the dot-com crash, are back in favour and earmarked for increased spending. Security is recognised as the top priority for spending increases this year.
Driving the nail home, White says that IT is so tightly integrated with the global economy investment in it is a financial necessity. IT makes the global market possible, and only improved IT efficiency will allow the developed world to solve the “demographic crunch” of an aging population and a decreasing workforce, he says.
The companies that will gain the most from an improved IT infrastructure are those that move first. Perhaps their IT managers will even get a decent night’s sleep.