February 10, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Peter Schooff
Peter Twenty-Four Seven Security
 Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

« Internal Threats the Focus of Data Protection | Main | Many Companies Will Fail PCI Deadline »

September 26, 2007
Better Security Means Spending Less

Companies should look to spend less of their IT budgets on security, Gartner VP John Pescatore said in an keynote speech reported on at Computer Weekly. Where retailers typically spend 1.5% of revenue on security and typically lose 1.5% more due to theft, organizations typically spend 5% of its IT budget on security (a number which excludes disaster recovery and business continuity), and IT managers are being asked for more.

In Gartner’s annual survey, security has dropped from the most important issue in 2005 to sixth today, according to the CIOs surveyed. CIOs do not believe that security is a journey without a destination, as many other areas of IT are able to offer companies more business benefit for their buck.

That means the answer is to spend less. And to do that, security should no longer chase the latest threats, instead evolving into a model Pescatore called “Security 3.0.” The key to this model is security would anticipate threats instead of fight them off once they’ve already struck.

Pescatore compares this as evolving from a game like “Whack the Mole” to more of a game of chess, where security no longer relies on reaction speed and is firmly rooted in a long-term strategy. To do this, Pescatore recommends prevention, which means considering a system's security in the very beginning, and refusing to purchase products that are inadequately protected. While this may result in paying more upfront, we all know that prevention is better and cheaper than cure.

Pescatore also explained that, while a digital rights management system would not appear in time to make a difference in their lifetimes, what made most sense in protecting data was to keep track of where the data is flowing, and block it from flowing to insecure locations.

Gartner estimates that by 2010, a fifth of companies will have achieved “operations excellence,” where they will be spending just 3 to 4% of their IT budged on security, while two-fifths will still be stuck in the corrective stage, spending 7 to 8 percent.

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/2347

Comments Post a comment




Remember Me?

(you may use HTML tags for style)

We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
Subscribe
News Feed
Recent Posts
Categories
Archives
Blog Roll
Blogosphere
This Work
Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
Your E-mail Address:
BAM: The Killer App for CEP
Date: Feb 12, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Event Processing Market Pulse
Date: Feb 14, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map