Sentor
Home Managed Security Services Professional Services About Sentor Contact us
Sentor MSS UK
79-89 Pentonville Road
London N1 9LG, UK

Phone: +44 (0) 207 183 35 53
E-mail: info@sentormss.com


Page in Swedish In Swedish

The problems with IT security budgets

2009-09-22

Companies looking to avoid a data breach will most likely have to use up at least some of their IT security budget. However, as Gartner has explained, it is not so easy to justify such business security budgets, particularly during the economic downturn.

The company named a number of risk management mistakes that should be avoided if businesses wish to keep their security budgets intact. One of these errors is to make plans based on what the security organisation wants, not what the business requires. Gartner asserted that it is not possible to defend security budgets for security plans that are not focused on the aims of the business in question.

Making risk-related communications too difficult to understand for businesses was also advised against by Gartner, asserting that security professionals need to maintain the consistency of how they explain the importance of security in IT systems, data assets and business processes.

According to Gartner, letting line managers move their risk to the IT organisation and the IT security company is not advisable. This means that either of the two latter bodies can be made scapegoats for security failures and then any subsequent reduction of perceived service or flexibility.

Jay Heiser, research vice-president at Gartner, commented: "The keys to justifying and optimising security spending are to ensure that security and risk control practices are meeting explicit business objectives and, crucially, to persuade the business to take ownership of risk.

"Most corporate IT expenditures are inevitably under intense scrutiny during this period of economic uncertainty and IT security and risk management - although less radically affected than overall IT budgets - is no exception."

In other recent news that could interest those seeking to prevent an IT intrusion, Gartner revealed that security services offered in the cloud reached the peak of inflated expectations on its 2009 Hype Cycle for Infrastructure Protection. It said that these services could offer cost-savings in comparison to equivalent-capacity, premises-based equipment.

Read more security news.

© Sentor 2012