IT resources are no exception to cost-cutting methods, but those methods can be very risky if they aren't executed...
properly. One of the first things to understand about IT cost reduction strategies is that they come at a price, typically in the form of convenience, reliability, effort or security. All of these items are often critical in a modern data center, but sometimes corners need to be cut.
When determining what to cut, start by asking, "Is it necessary?"
One of the hardest things to gauge when developing IT cost reduction strategies is how efficiently each resource is being used. Equipment in the data center can be days or years old, and with many organizations, the IT staff has changed over time. This is where you tend to find unintentional gaps. It might be something as simple as retiring an application without ever notifying the infrastructure staff. Other times, the application is no longer active, but rather than place the data on archival storage, it's kept and the application servers keep running. In many shops, servers continue to run simply because the IT department feels its job is to keep things running. Often we get so fixated on the uptime, we forget about the purpose of the server in question.
Taking virtualization into account
One might assume that virtualization has already taken care of the hardware that can be removed, but that's not usually the case. Many companies completed a physical to virtual migration and removed all unnecessary hardware years ago. However, it's possible that some applications could not be virtualized at that time due to technical or vendor restrictions. Did anyone go back to these vendors to see if the servers could be virtualized after the initial migrations? Application vendors can change their stance, and double-checking after some time can yield surprising results as well as possible opportunities for additional migrations.
The other piece to this is in the virtual environment itself. During a budget crunch, the administrator needs to take a long look at the VMs running at 0% utilization and ensure they still have a purpose. Virtual environments tend to be a dumping ground for a lot of test and development servers that often get abandoned as applications are tested and discarded. These environments may not consume a lot of CPU and memory, but they can take up a lot of disk space, which drives up costs. They can also impact OS licensing. This may not be much of a concern if you're running Windows Server Datacenter edition in your virtualized environment, but if you're still using standalone installs or you're talking about licensed physical equipment, it can add up quickly.
It often requires detective work to find out who might own the applications and servers. Also, the actual value of applications versus the value the owners place on them can vary greatly. While data center documentation should be your guide for today's older physical environments, the documentation for a modern virtualized environment is often lacking or nonexistent. Usage charts will help; just keep in mind that some systems, such as domain name system or Active Directory controllers, use very little resources but would have devastating impact if removed. Always investigate and, once you're sure, power down the questionable resource for at least one month before removing or deleting any server or resources. Also, for an additional layer of protection, make a full backup, just in case someone misses it and needs it brought back online.
The importance of security
IT security is often targeted when budgets are tight because people assume that they only need it when a problem occurs. Contrary to popular belief, security is not something you can simply scale back or pause during tight times. You can reduce the number of internal servers exposed to outside networks, but that makes the ones you have left more valuable targets. In an ideal environment, security is prevention and then reaction, and those are things you simply can't scale back. If you're holding back the hackers today, expect to do the same tomorrow. While additional spending might be a little harder to come by, it can't be ignored. The cost of data loss starts at the data, but depending on what is lost, it can quickly escalate to negative public exposure, financial risks and lawsuits.
A budget crunch is never pretty; compromises must be made and with them come additional risks. In IT, everything we do has a risk factor, and when faced with a lack of resources, the risk goes up. Before executing IT cost reduction strategies, always ensure you clearly communicate the risk to management, so they understand both the risk and impact of cutting costs.
In the next installment of this two-part series on IT cost reduction strategies, we'll dive into resource control as a specific method.
Read up on additional cost-cutting tips
Should you use a managed security service provider?
Find places to save in your data center labs