1Seven Ways to Make Your Security Budget Pay Off in 2010
2Finding the Security Gaps
3Data Security on the Menu
From database activity monitoring and vulnerability management to data loss prevention tools, enterprises are investing in technology to secure corporate data. “For database security, (look for) tools that support multiple databases and correlating activities across them and across the network with other systems,” said Forrester Research analyst Jonathan Penn. “For DLP, tools and use cases where you can maintain a consistent understanding of the data and policy as it moves across servers, desktops, and applications.”
4Identity Management in Your Christmas Stocking
5Protecting the Front Door with IPS
When enterprises compare intrusion prevention products, they should consider signature quality as well as the product’s ability to correlate events and provide an integrated view of all devices being managed. They should also consider performance and test vendors to make sure they deliver promised throughput rates deployed in the customer’s network environment, said Gartner analyst Adam Hils.
6Application Security a Priority
This includes testing and scanning tools, as well as developing a secure application development program. Earlier this year, the SANS Institute noted that many of the top security threats are tied to unpatched applications. But the reason those apps have to be patched starts with flaws that go undetected before the programs are finalized.
7Link Security to Business Objectives
With IT budgets shrinking, tying your security wish list to other business and IT initiatives can increase the likelihood of you getting what you want. For example, supporting mobility or collaboration, facilitating outsourcing, improving business intelligence and the like may help you when you make your pitch for security money.
8Outline the Benefits to the Business
“In your proposals, outline quantitative benefits resulting from these projects,” said Forrester’s Penn. “How will projects improve operational metrics, reduce costs, or reduce risks? You need to be able to report on what those metrics are today, and how they improve after initial implementation and through continued expansion.”