IT device compliance, governance, and cost. The CFO perspective.
Device compliance and the structural integrity of an organisation’s IT infrastructure are pivotal issues facing the business community right now.
While security is a big focus for IT departments, resource constraints often mean end user compute is reactive. However, a business’s fleet of devices is, without doubt, its biggest vulnerability to cyber-attack.
There are several key factors around end user device compliance and its associated risks that we as a specialist are seeing across many companies:
- Lack of processes to ensure regular patching and reporting
- No capability or capacity to manage urgent out of cycle patches
- Uncompliant device issue diagnosis and rectification.
Though the initial reaction may be to classify these as IT issues, we believe not knowing the answers to these questions represents an organisational risk and as such warrants the attention of the CFO.
ThingsAt takes a very pragmatic approach to device compliance, because it is not part of any internal team or reporting line. Our binary approach means devices are either compliant or not, there is no in-between.
The threat of cyber-attacks and data breaches
We see many organisations that struggle with ensuring compliance of all their devices, and with the multitude of threats from cyber-attacks exploiting vulnerabilities in devices, this is a growing risk area for many organisations. There are several consequences to a lack of compliance:
- The cost and reputational loss of a breach in itself
- Implications on duties of officers of the business e.g. with things like illegal content on devices
- Inability to obtain cyber insurance should your business seek it.
ThingsAt provides customers a single pane of glass to see all and any non-compliant devices and policies and procedures to rectify as needed. We manage the user communications where needed to drive compliance removing the burden and cost from internal teams.
Our external independent reporting also reduces time and cost when customers are seeking cyber insurance.
Device compliance – an Executive and Board issue
As previously mentioned, the number of issues around end user device compliance and associated risks is growing day by day. While many see this as an IT issue, we see it as an organisational risk.
Do you and your Executive team / Board have clarity on the following:
How many employees are in the business and how many devices are in the business today?
- What is your device ratio and what is the target ratio when budgets are allocated?
- How many devices are not being used or worse, are idle with active software licenses billing right now?
- How many contractors have a corporate device?
Of all devices in the fleet, how many today are not compliant in all aspects, and what is the risk of a breach or data loss for your business?
- Where is this data on compliance, who sees it, and how often is it updated?
- Who owns the actions to rectify non-compliant devices, and what is the policy for users who are not compliant?
If there is a security alert, what is the communication, timing, and plan for this?
- Is the business notified or is this limited to being “an IT issue”?
What is the fully allocated cost to provide a laptop to a user and how is this managed?
- Has the executive team got a transparent view of device utilisation, or do you think this is IT jargon?
- Is the right device provided to each user relevant to their role or are they using more powerful (costly) devices than they need?
- Does the business refresh devices based on age regardless of condition or performance?
Are the users provided with an outstanding experience from their device and is this even measured?
- Are new team members greeted with a ready device that works on their first day?
- How many times does a device crash and reboot without IT knowing or recording it?
- What is the hidden cost implication of un-recorded device issues?
- Is vendor selection done on preference or historical performance?
- Is the business locked into a vendor due to concerns about performance of applications on another vendor device?
Device management delivers multiple benefits
For a fleet of 3,000 devices, we saved a customer $1.2M just on device ratio over three years. This was done by accurately tracking every asset and where it was, knowing the ongoing cost of it, its included software, who was using it, and by measuring how many devices each user had.
Business models have fundamentally changed — and with them, the role of the finance function. CFOs can lead the way on business process standardisation and digitisation in the finance function and beyond.
Enterprise digital transformation needs advanced analytics, artificial intelligence applications and cloud technology, the backbone of advanced financial tools. As a finance leader you can plan for the cost of digital assets, as well as digital upskilling and mentoring, as people functions combine with technology.
If you’d like to know how device as a service (DaaS) could reduce your capex and strengthen your IT compliance, contact us today.