Knowing where organisations should be prioritising their IT spend has become increasingly challenging in recent years. The upheaval of the pandemic followed by an unstable economic climate means businesses are exercising caution, with many downsizing innovation projects, or scrapping them altogether.

Instead the focus has shifted to business critical functions including security, which is now overtaking innovation as a top IT funding priority.

Prioritising defences isn’t surprising when you consider that more than half of SMEs in the UK have experienced a cyber attack. But do implementing security measures and pursuing innovation have to be mutually exclusive?

Here, Rich Nelson, senior technical consultant at Probrand, outlines how businesses can strike the right balance and ensure they are staying safe – and staying ahead of their competition.

One of the biggest mistakes I see businesses make is where departments are failing to talk to one another. For example, you’ll often have a situation where HR attempts to implement a new software system without any input from IT, only to face issues down the line. This usually related to problems with integration, data storage or backup and recovery.

By keeping the IT team close at every stage, you can ensure that the necessary due diligence is being carried out and that you’re setting yourself up for success. The IT team can also ensure that security is always front of mind and that it’s running through every business system or initiative.

Depending on the nature of the project, various questions need to be asked of any new system of supplier, however these are a good place to start:

• Can the new system integrate with what’s already in place? When multiple systems can integrate and talk to one another, you can take advantage of any existing security capabilities you are already paying for. Bringing everything together also means you can centralise things like identity management which means users only need one set of credentials to access any sensitive data or company portals.
• Where does my data reside? – If you’re collecting or storing data, it’s vital to ask any new software provider where data physically and geographically resides, as laws and regulations can vary. For example, data protection rules in China are very different to other parts of the world and this might also impact how that data is being secured. Failure to get it right could even put your insurance policy in jeopardy.
• What does backup and recovery look like? – with an increasing amount of SaaS products being deployed as part of digital transformation projects, it’s important to probe into what security functionality is included, especially when it comes to backup and recovery. Many assume that SaaS vendors are responsible for the backup and recovery of a company’s data. In fact, this is rarely the case and organisations subsequently leave themselves vulnerable simply because the question hasn’t been asked, or clarity given.

Appointing a taskmaster within your organisation can ensure the right questions are being asked. This person can also look at opportunities for collaboration across the whole business and identify instances where greater value can be achieved.

There will always be a balance but by putting some of these steps in place, organisations can ensure they are continuing to innovate, but in a safe and sensible way.

Richard Nelson is senior technical consultant at Probrand.