Skip to content

Security Spending Is Going Down…. What Now?

June 11, 2009

Personally, I’ve been shaking my head for the past 8 months as most folks maintained that security spending was going to remain stable during the economic downturn. Huh? Everything gets cut in a downturn, yes Marge – even security. But the optimisists out there (how an optimists ends up in a security role is beyond me…) maintained that security spending would still happen for a couple of reasons:

  1. Compliance – None of the regulations are going away, nor are the auditors being furloughed. Thus, you still have to comply, regardless of the horror show that is the organization’s balance sheet.
  2. Attackers – It seems the attackers haven’t gone on vacation either. If anything, as things get tight they act more desperately to keep ill-gotten food on their table.
  3. Breaches – Successful attacks continue to happen every day, and they need to be fixed. Again, this is not dependent on the economy, so enterprises will still have to clean up their messes.

Those reasons are plausible, but I still didn’t believe it. Though I kept seeing survey after survey saying everything was OK. I was starting to think maybe it was me that was crazy.

Thankfully we are starting to see some rationality happen and perhaps even some honesty from the folks that fill out these surveys. I’ll point to a survey done by my friends at MetroSITE Group (PDF of the survey), as well as some research done by Peter Kuper and the IANS folks. Both show spending going down and even deteriorating a bit.

You can peruse the results yourself and draw your own conclusions, but ultimately the laws of economics have not been repealed. When an organization tightens the belt, EVERYONE needs to tighten. Even us security folk. So what? Budgets are down, what do we do now? The optimists do make good points in that compliance isn’t going away and neither are attackers.

It gets back to the age old need to “Do More With Less.” And the only way to do that is to automate. That’s right, the only way to continue to 1) comply and 2) secure with 3) less budget is to figure out how all that computing horsepower can be brought to bear to analyze what’s happening in your environment, allow you to react faster to threats, and to document your controls when the auditor comes to party.

So even in a “down” market, there is still a lot of need for security and compliance management solutions.

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: