Cut That Security Budget, Says Azure Chip Consultancy
June 17, 2010
Now I don’t know about you but when one fires up a modern day search and content processing system, the licensee has to have its security system in World Cup form. Active Directory is a popular method. Some search systems put their moist noses in the air, sniff the Active Directory settings, ingest them, and happily index content. Then when a user runs a query, the search system respects the Active Directory security settings. The idea is that a user with certain permissions can see only the content to which that person has access. Goof up the security and permissions and you have addled geese looking at golf club contributions, drafts of documents related to some hush hush matter, or personal information about that last visit to the local doctor.
I read “Enterprises Advised to Reduce IT Security Budgets” and wondered if the headline were a typographical error. Nope. The azure chip outfit Gartner apparently recommends “a three percent cut as economic situation improves.” What? The economy is improving so cutting a security budget is a recommendation. What about exposing those contract terms to eyes not authorized to see them? What happens if medical information seeps into search results when an employee is looking for information about the company picnic? What happens when the financial details of the Board of Directors’ golf outing finds its way into the hands of a committee working on reduction in force issues?
You should navigate to this article and read it for yourself. For me the most interesting comment in the write up was:
Vic Wheatman, a research director at Gartner, explained that the average percentage of IT spending on security in 2010 is five per cent, down from six per cent last year. “In 2009, in the face of a significant IT spending downturn, security spending grew slightly as a percentage of the IT budget, while many other IT spending areas were gutted,” he added. “With the economic situation projected to improve in 2010, organizations are ramping up investments in other spending areas faster than they are for IT security.”
I am not sure I am comfortable with this recommendation or the analysis itself. But I am an addled goose. The crazy stuff I write is a direct result of drinking mine run off effluent. The news story may be the flight of fancy of an azure chip marketing person.
For me, I will keep my spending for security at its pre crash level, thank you. The risk of creating a more costly problem by chopping security spending is too high for my operation. Your mileage may differ. In that case, rely on the “real” consultants at the azure chip outfits. My unsolicited opinion: Avoid Harrod’s Creek.
Stephen E Arnold, June 17, 2010