Is Infosec seeing "Death by a Thousand Budget Cuts"?
This diary is a bit different than the tecky ones i usually write, I'm hoping we can have a discussion on what trends folks are seeing in their security budgets and projects for 2011.
I'll go first, I hope that's ok. I'm seeing IT budgets trending towards modest increases, but with a real difference. IT budgets all seem to be skewed towards things that have quantifiable, hard returns on investment. Things like virtualization, storage upgrades and updates to core business applications are the big winners this year. The exception to this trend seems to be at the plus end of the spectrum. I've got 10gig network upgrades, trill and fcoe projects left and right.
What I'm not seeing is increases in security budgets. There seems to be fewer audits and pentests, or in some cases none at all. Security teams seem to have a big helping of "more with less" this year. While you can get a lot done with a good imagination, good skills and free tools, a zero budget and no time allocated is still a big pair of obstacles. What managers often overlook is the rate of change in this field. Standing still in your securuty efforts in most cases means walking backwards in varying degrees of briskness. I'm seeing lots of folks walking slowly backwards lately.
So, please, use the contact form and let us know what you see coming up for security projects and budgets this year. Is what I'm seeing matching what's happening in your company, or am I off base completely?
=============== Rob VandenBrink Metafore ===============
Comments
Our team is small, we have little, if any budget, and we cobble together innovative solutions as best as we can, based on the hard work of others in the community.
Management seems to be all excited about "the cloud," virtualization, and "employee-owned IT."
There is a strong push into buzzword areas and a pronounced lack of interest in security, from what I've seen.
merkur
Jan 13th 2011
1 decade ago
yourdatacenter
Jan 13th 2011
1 decade ago
The buzz in the press is that IT Security is going to be in big demand in the next few years in particular so its kind of confusing hearing about everyone being work hard on small budgets.
CH
Jan 13th 2011
1 decade ago
What a proper information security department does is work with your IT teams to make sure that your virtualization, storage upgrades and updates to core business applications are all done with security as a partner. And you don't need an increase in your security budget to do that. As we replace applications and infrastructure - we take the opportunity to fix past security mistakes and make things better. In addition - new infrastructure and applications are now designed with security in mind.
yoshi
Jan 14th 2011
1 decade ago
w00ten
Jan 14th 2011
1 decade ago
krinsh
Jan 14th 2011
1 decade ago
halagad
Jan 14th 2011
1 decade ago