Putting a Price on Security - Page 2

By some measures, George Lee is one of the lucky ones. Lee is director of IT at The Leading Hotels of the World, a hospitality organization that represents more than 450 hotels, resorts and spas across the globe.

Like that of some other IT leaders, his budget has seen cuts, with training and travel being the first to go. However, the organization was able to fit in a major revamp of its network infrastructure in 2008, putting in Cisco Systems firewalls, switches and other upgrades.

The move was precipitated by plans to bring the organization's financial accounting operations in-house.

"I was very lucky I was able to put [the security systems in] in 2008," said Lee. "If I were confronted with that same issue, I would do my very best to make sure that the company was protected, or get the funds to make sure the data is safe from the outside world."

Yuval Ben-Itzhak, CTO of security provider Finjan, said he expects to see IT professionals watching every dollar.

"CIOs will look for more value for every dollar they will spend," Ben-Itzhak said. "They will look for simpler solutions that are easier to manage while having less people on their staff."

Indeed, tough times often call for creative measures, according to Scott Ksander, chief information security officer for Purdue University.

"We've been very successful at having some strategic partnerships with vendors, and focusing in on what we wanted to do," Ksander said.

A case in point is the negotiation with Q1 Labs to pull off a log management project the university was planning. According to Ksander, the university generates somewhere between 10GB and 12GB of logs a day-compressed-and that necessitates having the right tools in place to correlate and organize log data.

"We have a very dispersed set of systems, and when we do incident response work, we need a lot of log data," he explained. "As various parts of the university are trying to cut back, they're either not hanging on to the log data, or they don't care about it or it's not their primary focus. ... So we put in place an initiative we wanted to do this year, which basically said, 'You don't want to keep it, give it to us.'"

After putting the project out for bid and receiving responses that were over budget, the university staff sat down with Q1 Labs to come up with a way to make things work.

"It turns out we ended up doing some development work with the vendor, and they gave us some quid pro quo for that, and we were able to pull this off with the money we had," said Ksander. "I really don't want to cite a specific number on the savings because that really doesn't compare apples to apples. Where we ended up isn't exactly where [we] started on either side. I would characterize the savings as very significant, however."

The contract negotiation process started in early November and concluded very early in January, he said, adding that work with the product will continue after delivery.

Said Ksander, "It was absolutely worth it."