Security has traditionally been a very good business to be in. Whether youre a weapons producer supplying the military with tanks or a software company supplying an e-business with antivirus utilities, there is always money to be made in defense.
And it promises to get even better for data security firms. A report released by Gartner last week said that on average, 0.4 percent of U.S. companies revenue is spent on information security. But by 2011, spending on security will increase tenfold, to 4 percent of revenue. Gartners report details the additional costs for hardware, software and personnel that will be required as companies increasingly use the Internet as an integral part of their business processes.
Obviously, security vendors will be competing to get a bigger slice of this rapidly growing pie, and hence more of your overall information technology (IT) budget.
Selling data security has always been about marketing not what someone wants, but what someone needs. Ask an IT manager, "Are you concerned about the efficiency of the accounting software in receivables?" Well, that might not be high on his or her list of priorities. But if you ask IT managers whether theyre concerned about network security, they certainly wont say, "No, but thats something well get around to someday."
However, asking a consultant or security technology vendor for advice on your security infrastructure is like taking your car to a mechanic. There are a few unscrupulous mechanics out there. You may think all you need is an oil change, but you could end up with a new carburetor instead.
In sizing up security, its important to be sure you know who youre dealing with. Furthermore, you should have a clear idea of what the security threats are to your IT infrastructure so you can determine whether the cost of new security measures is warranted.
Can you pay too much for security? Thats almost like wondering whether a car crash survivor paid too much for airbags. For network security managers, its their gluteus maximus on the line if someone breaks into their network. In that event, it had better not have happened because they didnt use a security product on the market already.
Keep in mind that even the best in the business sometimes need help. A recent internal audit of the Department of Defense — folks who are supposed to know security — found the majority of break-ins could have been avoided by using standard security practices.
Brian Ploskina is Senior Writer, eBusiness Applications and Security, at Interactive Week. He can be reached at firstname.lastname@example.org.