April 16, 2009, 4:29 PM — 2009 is proving to be a difficult year for CIOs as they are managing through this most difficult economic period. Our observation is that the trade-offs being made by our clients are done thoughtfully and in the context to the impact to the business. Among the areas that are getting the funding and investment (capital and expense) are security, identity management, privacy, compliance-related programs, asset lifecycle management, IT organization, and expense reduction analysis.
As internal and external threats continue (and increase) all firms must maintain their attention to IT security. The impact of breaches to both a business's operation as well as its brand are well understood and drive the continued focus to overall IT security. What has become a greater focus, though, is the attention to the employee. As turnover has increased, the opportunity for malevolent activity has also increased. Our clients have been proactive by increasing security awareness training as well as data leakage monitoring. Sometimes these require a revision of security policies but usually it just requires a reinforcement of a program that is already in place. Greater attention has also been required to ensure that existing identity management processes and practices are adequate – and being adhered to. This is especially important when users are changing roles in an organization or, unfortunately, leaving them.
Companies continue to work hard to ensure compliance to their own policies and standards as well as to those driven by legislation or industry practice. As new requirements come into effect (like data privacy laws in Nevada and Massachusetts) or existing laws are modified, incremental investment is being made to adhere to them. Privacy-related legislation and consumer sensitivity are driving organizations to constantly monitor what information they have, know how they process and store it, and ensure that it is only being accessed by authorized personnel.
In order to reduce costs and even fund incremental investment, we have found that there has been a good return on work in several areas. Improving the management of all assets a firm has (including IT equipment) has been a common focus. Historically, the tracking of assets from procurement through disposal has not been as effective as it could be – and improvements have saved companies a lot of money. Organizational structure to support a firm is not looked at often enough. Especially in IT, we have found that aligning the services provided with the structure for delivering them has allowed increased efficiency and effectiveness through reworking processes and rebalancing the skills delivering them. All of our clients are re-evaluating what they do, how they do it, and the services levels they provide in order to find additional economies in their operation.
It is a difficult balancing act and the pressure to perform has not waned. But even in these difficult times, firms are investing in core IT areas.
Cal Slemp is Managing Director - Security and Privacy Solutions at Protiviti Inc.