Seven Ways to Make Your Security Budget Pay Off in 2010

Seven Ways to Make Your Security Budget Pay Off in 2010By Brian Prince

The process begins with security pros determining what gaps exist in their security defenses. In the graph here, analyst firm IDC asked hundreds of organizations how susceptible they are to various security threats.

From database activity monitoring and vulnerability management to data loss prevention tools, enterprises are investing in technology to secure corporate data. “For database security, (look for) tools that support multiple databases and correlating activities across them and across the network with other systems,” said Forrester Research analyst Jonathan Penn. “For DLP, tools and use cases where you can maintain a consistent understanding of the data and policy as it moves across servers, desktops, and applications.”

In particular, organizations are focused on single sign-on, privileged user management and provisioning.

When enterprises compare intrusion prevention products, they should consider signature quality as well as the product’s ability to correlate events and provide an integrated view of all devices being managed. They should also consider performance and test vendors to make sure they deliver promised throughput rates deployed in the customer’s network environment, said Gartner analyst Adam Hils.

This includes testing and scanning tools, as well as developing a secure application development program. Earlier this year, the SANS Institute noted that many of the top security threats are tied to unpatched applications. But the reason those apps have to be patched starts with flaws that go undetected before the programs are finalized.

With IT budgets shrinking, tying your security wish list to other business and IT initiatives can increase the likelihood of you getting what you want. For example, supporting mobility or collaboration, facilitating outsourcing, improving business intelligence and the like may help you when you make your pitch for security money.

“In your proposals, outline quantitative benefits resulting from these projects,” said Forrester’s Penn. “How will projects improve operational metrics, reduce costs, or reduce risks? You need to be able to report on what those metrics are today, and how they improve after initial implementation and through continued expansion.”