Home > Resilient Infrastructure for a Secure Future

Resilient Infrastructure for a Secure Future

Each year, SolarWinds® surveys IT professionals around the world to gauge what’s most pressing on their minds, but also to understand their organization’s challenges and how they intend to overcome them. In 2021, we wanted to know what organizations think of the increasing risks they face from both the reality of supporting the hybrid workplace and the expanding cyberthreat landscape—and how they’ve prepared to address them. The findings of IT Trends Report 2021: Building a Secure Future are based on a survey fielded globally in March/April 2021, yielding responses from 967 technology practitioners, managers, directors, and senior executives worldwide from public- and private-sector small, mid-size, and enterprise organizations. Regions studied were North America, Australia, Germany, Hong Kong, Japan, Singapore, and the United Kingdom.

Good news first: There’s trust in new technology, and organizations plan to invest.

Most business consider an updated infrastructure as a valid way to stay secure in an unknown future full of risks. Various technologies have been built to support this goal, and IT organizations are actively exploring and evaluating a wide range of helpful innovations. Even “simple” things like IT automation can deliver easy wins for each org, as it’s almost cost-neutral, but lowers the burden on security analysts and responders. Automation generally comes with a challenge: it requires data to be normalized and depends on manually created rules. But once the prerequisites have been sorted, it can open multiple doors for both advanced tech and the staff. The holy grail is intelligent automation, or AI-driven automation. It adds an element of decision-making to the whole process but requires a lot of trust in the technology. But IT pros don’t have to chase the latest and greatest all the time. For many organizations, a simple infrastructure refresh can deliver a benefit. Quite often, there’s a mix of legacy gear stitched together to work with more modern tech. But that’s a fragile construct, and doesn’t prioritize security the way it should be, because legacy tech wasn’t designed to meet today’s risks and challenges. This comes through in the survey, which shows more than one-third of all organizations plan to invest in network and infrastructure.

Chicken vs. Egg

The challenge of deploying new gear and, even more so, new technology is it requires expertise which isn’t necessarily available inside the organization. In fact, IT pro survey respondents evenly reported lack of budget (45%) and lack of training (45%) as top challenges. Even though clouds have been around for a decade, and most enterprises learned how to correctly secure their S3 or Azure Blob storage objects, it remains an ever-changing landscape, and keeping up-to-date isn’t easy for tech pros. Business leaders need to ensure there’s enough time for IT teams to familiarize themselves with changes in the tech they’ve already deployed, both to keep it secure, and performing optimally. When a new system investment is planned, the project should include a training budget. Distributed microservices are useless if no one can manage them in case of failure. One way to solve this problem is to engage external expertise, in the form of an MSP or MSSP. In fact, many survey respondents cited this as a way to overcome these challenges. External help is a great opportunity for independent consultants or third-party organizations who provide specialized knowledge, and while they’re crucial for designing and deploying, they remain beneficial in managing and maintaining, too.

Leadership buy-in

Even new technology, infrastructure, or software evaluations devour time and money. Overall, the survey shows leadership buy-in has increased, with 58% of respondents perceiving their organizations’ senior leaders have a heightened awareness of risk exposure. And the IT department’s value is clear, particularly after a year where IT pros helped organizations quickly move to remote work structures to keep operations moving during the global pandemic. This increased influences most likely eases conversations around budget asks. The increased frequency and sophistication of cyberattacks, combined with the probability of financial loss they bring, have become hot topics in boardrooms around the globe. Most senior IT leaders are aware it’s a question of “when” not “if” they’ll suffer an incident, though only 31% of IT pros in the survey believing their organizations are prepared to mitigate and manage risk. But they struggle in communicating threats to other business divisions, with 27% of respondents reporting senior leaders have difficulty convincing others of risk realities. Still, the situation has improved in the past year, and IT professionals are confident it will further remove tension between their teams and leadership as their goals are similar, they just use different means and speak different languages. IT pros can translate potential risks into impacts the business can better understand to get the right focus on needed investments.

What if budgets remain flat?

Almost 60% of all organizations surveyed plan further investments in IT within the next three years. But what about the other 40%? If spending isn’t an option right now, there are other ways to extend the lifespan of what’s currently in use. Some responses pointed towards revisiting and optimizing the current infrastructure, and while this has its limits, it’s definitely a good idea as there might be some room left for improvement. But many respondents explained they’ll focus on solutions around process and people. First, developing and rolling out new policies (36%), including configuration management of network devices, servers, and applications, and general suggestions on how to deal with data. Second, is end-user training (30%) to increase employee awareness, which should be a focus for all organizations. With 46% of respondents citing external threats as the top trend influencing their risk exposure, there’s still plenty of ground to be covered internally. Looking ahead, the investment into modern infrastructure and tools to help with visibility and automation is money well spent. It can help businesses of all sizes as they journey towards a more secure future and offers other beneficial side effects, like increased productivity. Training for both IT teams and end users should go hand-in-hand and plays a crucial part in each strategy to both secure and modernize the business.
Sascha Giese
Sascha Giese holds various technical certifications, including being a Cisco Certified Network Associate (CCNA), Cisco Certified Design Associate (CCDA), Microsoft Certified Solutions Associate (MCSA), VMware…
Read more