Gartner says that the average enterprise is spending more than 5 percent of the IT budget on security and close to 12 percent, if disaster recovery spending is included. However, Gartner has seen little or no correlation between enterprises that spend the most on security and enterprises that are the most secure. While there are definite areas that require additional investment, there are just as many areas of security that can be done more efficiently. "The most effective ways to become more secure while reducing security spending are to avoid vulnerabilities — to ensure that security is a top requirement for every new application, process or product, whether built in-house or acquired from a vendor," said Ray Wagner, managing vice president for Gartner. "Just as important is understanding where security funds are being spent and where that spending is effective or ineffective. Security metrics should be established for all major security spending areas." The approach to security needs to move from a reactive approach to a mix of strategic planning and rapid tactical execution. "The key is to identify major technology changes and start taking steps to reduce the cost of dealing with today's mature threats — viruses, worms and denial-of-service attacks — to free up funding and manpower to influence the new systems and business processes that are being built today and that will bring on the next generation of threats," said Pescatore.
NEXT>>
Meet the top Decision makers of Large enterprises from the 18th to 20th Feb '09
Explore the partnership options now
When budgets are slashed but the targets are not, you need greater ROI. Take a look at this special advertising offer from CIOL.
know more