The risk of siloed IT procurement
In theory, financial services businesses should be more connected and integrated than they’ve ever been. There are countless tools, platforms and work practices enterprise firms can invest in to bring about a one company mentality, and to gradually break down the silos that many suffer from, writes by Scott Cutler, director, UK&I sales, Fortinet.
For all that, it’s unfortunately true that silos remain prevalent. Particularly in the IT department, where distinct teams have specific interests and their own ways of working. And while on the face of it that’s not necessarily a problem, when those teams are buying different technologies that do different things, from different vendors, it becomes one.
Chief information security officers (CISOs) working in the middle of a set of silos generally find themselves unable to get the holistic view of their IT and technology estate that’s so essential to good management in financial services these days. They’ll also potentially struggle to get an accurate picture of the myriad security threats they might face, which will evolve as connectivity solutions change with the advent of 5G. This can be hugely damaging for an industry that’s fast-moving, evolving and always subject to strict regulatory compliance measures.
Beyond all that, it’s highly likely that they’ll be hit in the pocket, too. Due to the supreme inefficiency of buying various products from a range of vendors, some of which either do the same thing or serve the same purpose. And all this gets worse as businesses get bigger and more people have a say in buying.
This is why smart CISOs know they need to break the procurement silos that form in businesses. The challenge for them is actually doing it.
Why it pays to say no to the silo
Many IT professionals will be familiar with terms like ‘technology towers’ or ‘frankenstacks’. Employed to give name to those IT estates that have assembled over years, with parts acquired piecemeal, and little overarching strategy applied.
Breaking them down is a hugely complex undertaking. And in some quarters, there’s growing desire to start rationalising entire IT estates as part of wider digital transformation projects that are in place so banks and FS businesses can embrace things like Open Banking, real-time banking and blockchain.
The question to IT leaders now, however, is how do you stop the silos emerging in the first place?
For the most part, technology towers emerge because businesses (even IT departments within businesses) are made up of smaller teams with their own priorities. The procurement problem sets in when poor communication between them results in solutions acquired for a single team or a single purpose, with no thought to how it might benefit others, or the business as a whole.
The knock-on impact of this can be that technologies are under-utilised by businesses; that two or more solutions serving the same purpose can be in the business at once; or that solutions conflict. Whichever’s the case, it represents poor efficiency and little value for money. Neither of which is tenable, particularly as finance continues to experience disruption by innovators who don’t suffer from these silos.
Just think about firewalls. The network services team in a large financial institution will likely procure and manage it. However, the CISO has to deploy an intrusion detection system (IDS) as part of their role. Many modern firewalls are already capable of doing this, and yet some banks purchase separate IDS solutions from different vendors. Complicating the matter further, the CISO might not be able to influence what firewall network services buy, but they will need to ensure that whatever they buy can cover multiple challenges.
Not only does this take longer and add unnecessary complication, it’s also inefficient in terms of price. There are cost savings to be made in moving from a legacy solution, to an intrusion prevention service (IPS) that provides a combined automated solution with a firewall.
With all of this in mind, it’s not hard to see how procurement that happens in silos can be genuinely harmful to businesses.
Breaking the silo mentality
Siloed procurement is inefficient, there’s potentially a high cost attached and it also creates security risks, which can be more damaging in FS than in most other industries.
So why is it so pervasive? If this were a simple issue, it wouldn’t be so widespread in the first place. Seemingly, what CISOs need is help in addressing the causes of procurement silos in the first place. Cultural change should be at the top of the agenda here. CISOs can be instrumental in encouraging their businesses to recognise silos and set about deconstructing them. Either through better collaboration between teams, or improving the way departments in different offices or regions communicate.
Company culture can be the spark that gets IT buyers looking in more detail at the capabilities that current technology vendors have, and raising their expectations of what these vendors can do. It’s then a case of getting people to think laterally about how the solutions they use might serve the business beyond their own four walls.
It’s likely the case that vendors already on side have much more to offer – but it’s down to the people who buy IT to understand what that might be and what challenges it might solve. In the case of firewalls again, a network access gateway is capable of more than many use it for, including IDS. As such, it can potentially save millions every year. Similarly, automation across platforms and processes is easier to achieve when things aren’t siloed. The trouble is that businesses that procure in silos might never know any of this, so they remain stuck in a trap of overspending and under-utilising.
At the same time, IT buyers should think carefully about licensing agreements – while these can provide access to every piece of technology a vendor can provide, they can also limit agility, and may lead to teams using products that aren’t quite fit for purpose.
Better buying without silos
With IT budgets in enterprise FS always stretched and spending decisions needing justification, it’s down to everyone involved in procurement to ensure they’re using the right vendors for the right solutions (and at the right price). This is why leading CISOs know that the longer silos remain in their business, the more damaging they become. And that digital transformation and tech-led evolution in finance can’t properly happen if current working practices remain.
But it’s not just about avoiding the downsides. There are real business benefits to be gained from breaking down silos – whether that’s vendor consolidation, increased efficiency, better automation across platforms or cost savings. With all of these positives on the table, the opportunity for IT leaders to have a real impact is clear. Now, it’s time for those same decision makers to lead the charge towards more integrated, intelligent procurement.