How to sustain security on a tight budget
Whether you believe we are in or about to enter a recession, IT budgets are certainly tightening up for 2009.
In a climate of uncertainty, CIOs are asking for across the board budget "constraint" until the uncertainty clears. Perhaps spending on operations is not being cut, but capital projects are being postponed unless they have clear and short-term return on investment. Even then it may be difficult to get the initial investment approved. So in this environment, what happens to security budgets?
Security spending has been increasing for most of the past decade. Our research has seen security budgets increase from about 2% to about 8% of IT budgets. With sustained investment in security we have also seen a correlation in reported success. Companies that have consistently invested more than 5% of the IT budget in security report fewer challenges with malware, security breaches and identity theft. Sustained investment in the technology, people and process leads to increased security. In a time of constrained budgets, this type of sustained investment can carry a company through a period of cutbacks. Having developed operational processes and trained security and risk management professionals, companies can reduce capital-intensive projects and sustain consistent levels of security for a short period of time. Of course, at some point capital investments have to resume or companies will fall behind the technology adoption curve and find themselves scrambling to catch up.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
