Skip to content

Doing More with Less

Tight economy, everyone struggling, no budget, more work, etc etc. Here are six tips for doing more with less in information security.

This list really should be called “six things you should have been doing all along that tough economic times remind you about,” but that’s not a very catchy title. This list makes me mad, really. Why? At the risk of being overly verbose, let’s take them one by one:

1. Get out of the deployment business.

Why are you in the deployment business in the first place? Did you ask for responsibility for full disk encryption and web application firewalls? If you did, then, well, you asked for it. Pulling an ‘oh nevermind’ and giving it back isn’t going to make running information security any easier. If you didn’t ask for responsibility for these things, then you’ll have a tough time getting rid of them anyway.

2. Spread the cost of security with other groups.

Yes yes yes! But doing this in the midst of tough economic times is a recipe for disaster. You’re effectively trying to sell services into groups who have just as little money in their proverbial wallets as you do. Do you think they’ll want to buy? No. What happens when they don’t? You either continue to offer the service and manage the cost yourself (“if I don’t pay for this, what happens? Nothing…oh…”) or you don’t provide the service and security gets thrown under the economic bus.

3. Get more out of your existing security tools and systems.

Can’t argue with this one. Should be doing this all the time, of course. Just like the government, gotta cut expensive programs that don’t work.

4. Tie a security purchase to your compliance mandates.

Again, if you weren’t doing this before…

5. Outsource or automate some security functions.

As long as you’re not outsourcing your own job, that’s cool. Of course, outsourcing is addictive when successful, and expensive when it’s not. Taking new risks isn’t always a recipe for economic success.

6. Take advantage of a security buyer’s market.

“Reasonable security vendors will be flexible on pricing and payment terms, especially when they know you are well-informed about competing solutions,” WhiteHat’s Grossman says. “Ask for additional discounts if purchasing decisions are made quickly, or by committing to multiyear contracts. Then once you’ve selected a solution you really love, forge close relationships and help the vendor evangelize by serving as or reference or case study.”

Quick, everyone call Whitehat and tell them Jerimiah told you to ask for a discount! Really, it is a vendor’s dream that the customer will trade discounts for public endorsement of product. I suggest a tattoo with the vendor’s name, priced based on bodily location. It worked for this guy, I’m sure.

Zune Tattoo

Post a Comment

Your email is never published nor shared. Required fields are marked *