With all the demands piling up on IT security teams (like securing mobile devices, dealing with new threats, compliance audits, etc.), there's been some really good thinking about how to meet growing expectations with modest security budgets. Not that security budgets aren't also on the uptick - research on 2012 spending indicates a mild growth in planned security spending. But after years of underinvestment due to economic conditions, this growth seems paltry in the face of what IT security is being asked to accomplish. And it's not like the essential pieces of good security have gotten cheaper over time. IT security has been one of the few bright spots in the job market when it comes to salary growth.
So how do you balance risk vs. budget? What can you streamline and make more efficient? How do you find the resources you really need? How do you manage expectations and justify spend?
This is a big challenge that security leaders have to deal with every day, so we decided to find out what they had to say about it. The result? See for yourself: http://www.secureworks.com/efficient/
Here's a snippet of the interview with Jody Tyrus of Gallo Winery on justifying security expenditures:
"The best advice I can give other security leaders is you have to partner with the business. You cannot operate in a vacuum anymore. Security is important, but doing business is even more important. You cannot be an obstacle, you really have to be an enabler. So we do a lot of education, a lot of outreach, at different levels of the company. We do our security awareness at the end user level, but we also do brown bags and one-on-ones all the way up to the vice presidents and C-level executives. Not only educating them about certain areas of security, but what the company should be concerned about. Later on when you go back to them, they're understanding what you're talking about. You're not just the security manager coming in begging for more money because the sky is falling. They see how that connects to the business and what they need to do."