The potential danger of cutting IT security budgets is too high for most companies, but tough times call for creative measures. Here's how some companies are tackling the issue of how to save money while maintaining security.
As
the economy takes body blow after body blow, companies are struggling to do
more with less. When it comes to security, however, the cost of not doing
enough can be immeasurable.
So,
just how low can companies go?
For
many companies, slashed budgets have forced a reassessment of priorities as
well as some creative negotiating with vendors. But the question of how to save
a buck without sacrificing security has some IT professionals both scratching
and shaking their heads.
Mike
Miller, director of IS at Media General, did the latter. Miller wanted to replace
some of the 3-year-old monitoring and event correlation systems the company
uses, but, with the capital portion of his budget dropping by about 50 percent,
he will be unable to do so.
"We're
running on older stuff for a little bit longer," he told eWEEK.
On
the plus side, Media General's operational budget has remained steady, and, as
of mid-January, the company's IT security staff has not been cut.
In
the five years Miller has served in his position, the business's concerns have
shifted from regulatory compliance to malware and phishing. With the economy
being what it is, Miller said, there are no plans for any major implementations
of new technology. These days, the company is more focused on making
incremental improvements instead of broad new deployments.
Miller's
story is not unique. Still, analysts say, overall security budgets have not
been hit hard-yet.
"In
the fourth quarter of 2008, we did not see security spending plans derailed,
nor in the first two weeks of 2009," said Gartner analyst John Pescatore. "However,
I think the first quarter will be tough-the natural tendency will be to delay
spending to see if things get better in 2Q. Upgrading firewalls or IPS [intrusion prevention
systems], for example, can usually be delayed a few months with no major
impact."
A
survey by Gartner put security at No. 8 on a list of the top 10 technology
priorities for CIOs. Business intelligence was ranked first.
Other
studies show that security occupies a larger segment of IT budgets than in past
years. For example, according to a Forrester Research report titled "The
State of Enterprise IT Security 2008 to 2009," security has gone from 7.2
percent of enterprise IT budgets in 2007 to 12.6 percent in 2009.
The
study surveyed 942 North American and European companies of different sizes.
The report lists data security as the top concern among IT security groups,
with 68 percent citing it as "very important." Fifty-one percent
cited business continuity and disaster recovery as "very important."
The
very largest companies tend to spend the most on IT security-measured as a
percentage of their IT budgets, noted Forrester analyst Jonathan Penn. These companies
also tend to spend relatively heavily on staff, as a percentage of their IT
security budgets. To compensate, they are slowing down or deferring security
technology upgrades, said Penn.
"There
are certainly companies whose IT security budgets are shrinking, and many
companies face an extremely difficult climate for capital expenditures,
delaying the rollout of new products," Penn said. "Overall, IT
budgets are slowing but not declining. Across both SMBs [small and midsize
businesses] and the enterprise, IT security budgets are gaining a greater share
of the overall IT budget. In other words, IT security is slowing less than IT
in general."
Email
Print
