We as an industry have this love-hate relationship with security - a necessary evil doesn't do enough to describe the growing portion of our IT budget consumed by making certain only the people we want are in, and they can only see the bits we want.

And because of that, one of the first things to get hit on a downturn is security spending. It's a larger budget, it doesn't generate a cent of revenue, and frankly, it pisses most of us off. Until the breach that is. Then we want to know why that hole existed (and likely someone is getting fired for it). We've been playing this game for going on two decades, you would think we could play it a little better...

But according to ESG's Jon Oltsik in this CNET article, we haven't learned too much. Rather than paraphrase him, here's the quote:

Under constant pressure to "do more with less," some chief security officers I speak with are abandoning strategic security initiatives and replacing these projects with tactical Band-Aid solutions--the old check box mentality at work.

Yeah, we need to increase the complexity of our security environments by implementing point solutions... After all, we're growing staff in all of our IT departments, right? Right?

It'll be a fun time for hackers in the next few years while we remember that security is insurance - you spend on it or you regret it. Meanwhile, pay attention to the rest of Jon's article, I've long been a fan of ESG - since before the S stood for "Systems" - and Jon has some great advice for managing the new/old mentality.

We've got some tools to help you with security, of course, but you don't need an advertisement here - check out this link if you care to know how F5 can help in the downturn.

Now, back to secret project #3,872. ;-)

 

Don.

Share this post :