"Everything is on the table now, and you can bet that when the smoke clears, budgets and processes will be a whole new animal."
Many people discuss bubbles, such as the dot-com bubble and the real-estate bubble. Well, there is another bubble that should be discussed - the IT security budget bubble. Why? Because it has popped.
In the early to midpart of the past decade, we were seeing budget increases each fiscal year to the tune of 30 percent or more in IT security spending. This went on for years because senior leadership felt it was the right thing to do and the economy appeared to be roaring. Like all things where money is involved, eventually someone begins asking the right questions. Mix that with the worldwide economic fallout and the questions come even quicker and with great clarity.
In simple terms, enterprises can no longer afford IT security spending as we've come to know it. This is evident already in the drastic cuts seen in personnel, contractors, hardware contracts and new project budgets. CIOs are now spending money as if it was their own. When asked about this new perspective on IT security spending, one business manager said, "If I'm a shoemaker, how can I afford the outrageous costs of IT security and still make shoes at a profit?"
This question overlays even the largest organizations today with one CEO saying, "All of our employees need to understand that from here on in, they're fungible commodities."
Speaking on the agreement of anonymity, a CIO of a financial services firm, whom we will call Bill, explains his perspective. "We're faced with tremendous pressure from a budget standpoint. Even if the spending we've seen over the years actually added up to value and significant risk mitigation, we cannot keep pace with the hard dollar cost of traditional in-house IT security services, and that is the problem in a nutshell."
Read the rest at Enterprise IT Planet.