This is the first in a series of blogs exploring the role and impact of security solutions for the convergence/mobility space. Check back often for additional blog posts on this subject
It is no surprise that IT budgets come under scrutiny when companies look to cut costs. In light of our economy, IT leadership teams are calculating how to balance long-term strategic needs with the daily demands of deploying and managing technology for the enterprise. In a recent webinar, Gartner addresses this very topic and provides real steps enterprises can implement now.
Whether driven by a down economy or lackluster corporate performance, internal business units are defending their budgets. IT security is no exception. In these economically challenging times, how can IT best maximize its security posture while lowering costs?
1: Examine Current Expenses
First, identify if any current project costs can be reallocated to another organization’s budget. If a major project for customer service is underway, such as upgrading computers and telephony or implementing a new IVR, what part of the total cost can be applied to the customer service business unit versus IT?
2: Protect Vital Organs
Enterprises must identify the vital organs within the company that enable essential business processes. For an online retailer it may be the operation of a company web site; for a professional services firm it may be the accessibility and confidentiality of client information. Knowing the information and business processes that are mission critical, will allow IT security teams to focus their people and resources. Avoiding an incident related to the vital organs, such as data exposure or a DDOS attack, is less expensive than surviving one.
3: Stop Chasing Rainbows
First, use this economic time to stop ongoing projects that IT has been chasing for years, without a return on investment. Require 18 month payback periods; incremental results are ok. What’s important is that the projects deliver results in a timely manner. This is the time too, to halt or de-scope the nice-to-have projects such as the single sign-on dashboard. While budgets are limited, think about those tactical projects that will reduce real organizational costs like data center virtualization.
4: Leverage Big Infrastructure Migrations
Integrate security into everything you do. Technology projects can become a catalyst for including security. If your enterprise is migrating to Windows 7, then move from IE6 to IE8. If business units are implementing software as a service, then include security as a service too. Finally, as new applications are deployed and integrated, make sure application vulnerability testing is mandatory.
5: Do It Yourself or Connect to the Cloud
If procurement dollars are limited, leverage open source software and built-ins. Staff may have more availability too, for these in-house efforts as other projects are cut or put on hold. Also, security as a service may be less expensive than buying products and deploying yourself. For companies that rely on a mobile workforce, consider web security as a service.
Especially today, every IT security team is challenged to know the true cost of security. This includes not only actual security expenditures, but also the cost of an incident or breach, and the cost of restraining business when security impedes essential business processes. It is a delicate balance to cut spending and maximize security. It can be done, and your enterprise will be better for it. Remember too, that the economy and corporate profits will one day improve, as will IT budgets. That is the silver lining.