By Sascha Giese, Head Geek, SolarWinds.
Each year, SolarWinds surveys IT professionals around the world and releases the results in an annual IT Trends Report. While the topic in 2020 was “The Universal Language of IT,” the 2021 theme is “Building a Secure Future”.
The findings of this year’s global report are based on a survey fielded in March/April 2021, which yielded responses from 967 technology practitioners, managers, directors, and senior executives worldwide from public and private sector small, mid-size, and enterprise organisations. The regions studied in 2021, as reported on the SolarWinds IT Trends Index, included North America, Australia, Germany, Hong Kong, Japan, Singapore, and the United Kingdom, with 967 respondents across all geographies combined.
State of Risk
Globally, 39% of all IT pros stated their organisation has had medium exposure to IT risk. This number is the lowest in Singapore and the highest in the U.K., but there is little deviation.
The understanding of the root causes of attacks shows major differences. The global number points to classical external attacks with 46%, but there’s a massive gap between Germany with 16% and the U.S. with 76%.
The impact of the COVID-19 pandemic varies between regions, too, but the survey shows remote work policies, the exponential growth of data based on work from home, and the distributed workforce are the top three vulnerabilities. But we also see regional differences—for example, Singapore points out problems with securing digital transformation.
When it comes to risk mitigation, the results are similar in each region. Fifty percent of the respondents said security and compliance ranked in the top three technologies most critical to managing/mitigating risk within their organisations, followed by network infrastructure (38%) and automation (25%).
It’s important for IT teams to look at current processes from the outside-in and deploy solutions providing complete visibility into all systems to identify areas of risk and opportunity, ultimately helping businesses avoid falling into complacency.
Eighty-one percent of the tech pros surveyed “agree” or “strongly agree” their IT organisations are prepared to manage, mitigate, and resolve risk factor-related issues due to the policies and/or procedures they already have in place, and there’s little deviation globally.
The shifting demands and priorities based on the pandemic have had an obvious impact on various IT policies. SolarWinds asked if standard risk management policies have been followed, and the global number says 51% of the organisations surveyed had to bend or stretch their rules to ensure workforce mobility. This isn’t too bad, considering there wasn’t much time for proper planning. In Germany, only 38% managed to stay within their policies—in Japan, this number was 69%.
Another interesting question was about focus areas, and we can see not only the priority of future investments but the challenges involved and how companies plan to overcome them. IT teams prioritised investment in security and compliance (36%) and network infrastructure (33%), followed by cloud computing (27%).
As expected, there are two evergreens in the challenges: the lack of budget/resources (45%) and the lack of training for personnel (45%). The third challenge—at 38%—is unclear or shifting priorities, which is most likely based on the uncertainty of whether employees will keep working remotely or if another virus mutation will require businesses to change plans again. Some regions reported their current tool set is no longer suitable or lacks features.
Tech pros are overcoming these barriers by prioritising development of policies and processes (36%) and the introduction of new technologies to the environment, such as multi-factor authentication and/or additional/new monitoring (34%). Additionally, tech pros are seeking opportunities for training.
Fifty-nine percent of the respondents are confident their IT organisations will continue to invest in risk management/mitigation technologies over the next three years, and this number is higher than 50% in every region.
Another interesting question was about the buy-in of senior leadership.
This group has different interests, which are usually centred around increasing productivity and lowering overall costs, so increasing the budget for security isn’t exactly a welcome topic.
The good news is 58% of the tech pros surveyed perceived their organisations’ senior leaders or decision-makers to have a heightened awareness of risk exposure, believing it’s not “if” but “when” they’ll be impacted by a risk factor. But while 31% believe their organisation is prepared to mitigate and manage risk, 27% said their senior leaders have difficulty convincing other leaders of this reality, ultimately limiting resources to address risk. These numbers are close to each other around the globe.
But What About Future Collaboration?
One-third (33%) of the tech pros surveyed stated their IT organisations are improving alignment between IT business goals and corporate leadership in response to other tech adoption barriers, such as a lack of skilled IT staff triggered by cost-cutting, consolidation, or outdated skill sets and a lack of available IT management tools. This number isn’t extremely high, and we see a great deviation again, this time between Germany (17%) and the U.S. (48%).
But “improving” means “work in progress,” so we can hope the alignment of business needs and tech adoption will increase.
This is a necessity, especially considering how the role of IT has changed over time. In the past, IT just supported the business. Nowadays, it’s running the business.
Strategic conversations around risk mitigation investments between IT teams and senior business leaders are critical after a year of cuts and restrictions for many companies. Tech pros must present proof points and justifications to gather senior buy-in so they can implement policies and technologies effectively and at scale.