IT security costs can be managed by simplifying and effectively restructuring what departments already have.
With the launch of its advisory paper ‘managing the cost of information security' Comsec Consulting is aiming to improve the cost-efficiency of information security solutions in the current financial climate.
The company claimed that this methodology can lead to higher efficiency with potential cost savings in IT security, as well as maintain and possibly reduce the risk profile of the enterprise, through security simplification.
Stuart Okin, managing director of Comsec Consulting, advised that rather than waiting for the board to slash the IT budget, focus on key areas where money can be better implemented and used, and restructure to help reduce your costs.
Okin said: “People wait until someone slashes 10 per cent of the IT budget, and this can mean a cut in people. Don't wait for this, go to the board and say that you need to restructure and use the opportunity to consolidate this by saying that you can reduce cost, this could improve your lot and raise the benefits too.
“If the heads of security put the cost lens on it because of the credit crunch, then it will help as there will be the opportunity to improve security and reduce cost at the same time.”
Comsec pointed to five key areas where IT security can be restructured: standardisation and industrialisation by embedding security into the enterprise, through standards such as the security development lifecycle; consolidation and optimisation of security controls, by removing unnecessary security technology and improving processes that are layered on top of existing systems without examining the change in the threat landscape, which results in potentially older redundant controls; utilising security features across other divisions of the business and capitalising on inbuilt software technologies to provide central management and ongoing cost reduction as well as increased security; simplifying the security environment can aid in cost containment and reduction and will also lead to a more secure enterprise and consolidating suppliers of security services.
Okin said: “Due to the current economic climate, business priorities are shifting and areas such as spend on security may be under pressure, when in reality the threats may be on the increase.
“As security projects often involve several different departments and stakeholders, all with different risk appetites, they can suffer from frequent delays and scope changes. Therefore with a centralised agenda, as well as a clear cost focused business case, security programmes and operations are going to be implemented faster and more efficiently, with an overall improvement to the enterprise's risk position.
“It is not about cutting costs for the sake of it, it is about you having a cost lens on information security so you can restructure and reform your department, and that will lead to simplification, reduced risk and reduced cost.”