Introduction

As we enter 2020 with high hopes and grand aspirations, we may have some questions that need answers. One of the key questions that gets asked by just about every department in a large business is:  “How much do I get to spend this year?”  This is where the area of resource allocation comes into play, and the budget for your department will primarily depend upon what new activities you have planned for 2020, and how much from the previous budget was not used that could potentially be rolled over into the new one.

With regards to the IT Department, this can be one of the trickiest ones to allocate.  The primary reasons for this include the rapid changes in technological development, and the very fluid nature of today’s Cybersecurity Threat Landscape.  All this means that resources have to be either scaled up or down, literally at a moment’s notice.

Although planning for your new IT budget can be an exhaustive task, this blog will hit upon some key points that you need to keep in mind as you approach your requests to the C-Suite.

What Needs to Be Considered

1) Is your 2020 budget reflective of what your current needs are, and what you have planned for the future?

More than likely, you still have the budget plans that you created when 2019 started.  You can take this same plan, and remove what has been accomplished, and modify the work that has not been fully completed.  The latter, depending upon the IT needs of your organization, can be rolled over into 2020, and still be considered a work in process.  For the parts that have been accomplished in 2019, these are the areas that require new plans for 2020, and financial resources that will be needed for them.  Most importantly, your IT plans and budgeting process should include addressing these three main areas:

  • The revenue that your company makes should be spent as wisely as possible;
  • You must continue to honor the commitments that you have made to your users / customers.
  • You must also keep up with protecting the brand reputation and image of your organization.

An important rule of thumb to keep in mind is that is that the typical allocation for an IT budget is typically in the range of 2%-5% of the projected gross revenue that your company is expected to make in 2020.  Also, one very key aspect you must keep in mind is that you need to have funding set aside to replace aging equipment.  As technology advances, you need to keep up with the pace of it so you can deliver greater levels of quality service to your customers.  For example, consider using a subscription-based model for upgrading any of your hardware needs, especially when it comes to wireless devices and workstations.  That way, upgrades to them can be done in an efficient manner and- you will be saving money, as opposed to procuring new hardware outright.

The bottom line is that you must be realistic in both planning your activity and financial needs for 2020.  You need to be able accomplish as many of your goals as possible, without negatively impacting your business model.

2) Have you considered the technology trends for 2020?

A key area that you need to keep in mind here is that most businesses are now migrating their IT Infrastructures to a Cloud based model.  This simply means that nothing is left On Premises anymore, which even includes your servers and databases.  Given the explosion in the use of Microsoft Azure, many companies are now creating Virtual Machines as well as virtualized instances of their mission critical databases in the Cloud.  This serves many advantages, such as affordable and fixed pricing, and the total elimination of expenses as it relates to software and hardware upgrades for the servers and the databases.

Another good example of this is your telephony system.  Are you still using an expensive landline system?  A very good option to save some money here in your budget would be to simply get rid of your existing PBX system, and migrate all of this to the Cloud, using a VoIP based system.  Given the remote workforce of 2020, this can be very advantageous to your workers, especially in improving their current levels of productivity. For example, they can connect directly to other members on the Project Management team directly via Teams, Skype, WebEx, Zoom, etc. using VoIP technologies.

3) Keeping up with Cyber Threats:

In 2020, more than ever before, your organization is going to have to keep up with the Cyber Threat Landscape in ways you’ve never needed to. Not only does your IT Department have to combat the threat vectors that are prevalent today, but it must plan for what the future holds also.  This can take serious investments in both technology and staffing.  In terms of the former, you need to have the most recent versions of the software applications and the security hardware that you are using, especially when it comes to routers, firewalls, network intrusion devices, etc.  With the latter, you also need to be able to recruit top quality talent, whether it is on a full time or contractual basis. Also, you will need to pay for having security related audits done, in order to make sure that you are ahead of the curve.  This includes conducting Penetration Testing and Threat Hunting exercises on, at the very least, a semi-annual basis.  In this regard, you also need to budget for those tools that will supplement beefing up your lines of defenses, especially when it comes to using Artificial Intelligence (AI).

If you are using different Cybersecurity companies to meet your needs, make sure that there is no overlap in the services that they offer.  In other words, if you have hired both a Penetration Testing and a Compliance Regulatory firm for advice, make sure you are paying for just those services exclusively.

Another key consideration that you need to take into account is the roles for all of your IT Department personnel, and those that are non-IT related, but still must have some sort of access to the IT assets.  In this aspect, everybody will be established and given the appropriate rights, permissions, etc. in order to access those shared resources that they need in order to conduct their daily job functions.  For instance, the IT Security Manager and the CIO/CISO will have “super user” privileges, whereas the administrative assistant will have just read and maybe edit privileges.  Thus, when you are computing your licensing line items for 2020, you need to make sure that you are paying for only for those user profiles and their corresponding roles within the company.  In other words, there is no need to buy a full licensing model for each and every employee.

4) Keeping good talent:

At the present time, the economic conditions as well as the job market appear to be vibrant and strong here in the United States.  As a result, it is much easier for employees to find new jobs if they are not satisfied in their current positions. Because of this, as you plan your 2020 IT budget, you need to make sure that the compensation and benefits packages that your employees currently have are in line with, or even slightly above what the market averages and trends are.  Also, you need to keep reserves aside for merit pay increases, and other types of bonuses that you want to reward employees with.  Remember, it is far more expensive to hire new employees from scratch, rather than trying to keep the existing pool of talent that you already have.

5) Procurement of Cybersecurity Insurance:

Given the sheer amount of financial damage that a Cyberattack can cause, both in terms of direct and indirect costs, a business may have to literally shut its doors if it is not able to recoup those losses in a reasonable amount of time. Therefore, the procurement of a comprehensive Cybersecurity Insurance Policy in order to offset these losses is a must in your 2020 IT budget.

6) Evaluate your disaster recovery plan:

Ransomware attacks are predicted to be increasing, as are most other cybersecurity threats. As such, it is important to evaluate your current disaster recovery plan. Most disaster recovery plans cover things like major hardware or software malfunctions or breaches, as well as office emergencies, including things like loss of power. What most disaster recovery plans do not include is something for ransomware attacks. This requires an entirely different set of protocols to be set up and followed during this type of attack. If you are looking to enhance your recovery plans, without breaking your budget, you may want to look into Cloud-based disaster recovery as a service (DRASS), as it is highly secure and far more cost effective than trying to have your current IT department manage it themselves.

Conclusions

Overall, this blog has examined some of the key components that should be taken into consideration as you plan your IT budget for 2020.  No doubt there are other areas that need to be factored into it as well, but this is primarily dependent upon what the unique situations are for your IT Department.  A recurring theme here is Cybersecurity, and under no conditions should this be a low priority in your budget; it must be a top consideration.

Sources