eIQcast Episode 16: The Need for Automation
June 11, 2009
As noted in the previous post, the results of spring surveys show that security spending is trending down. While that’s not exactly a surprise, it puts security managers in a pickle. Given the economic situation, how are they to keep their systems secure and compliant, especially since the regulations haven’t changed and the hackers don’t take time off during a recession? That question is the subject of the latest episode of eIQcast, where Ross Levanto interviews eIQnetworks senior vice president of strategy Mike Rothman.
Running time: 10:46
Direct Link: http://eiqcast.podomatic.com/entry/2009-06-11T14_33_26-07_00
Don’t be like Dick and check out eIQ’s video at logdataisnotenough.com
Security Spending Going Down. What Now?
June 11, 2009
Personally, I’ve been shaking my head for the past 8 months as most folks maintained that security spending was going to remain stable during the economic downturn. Huh? Everything gets cut in a downturn, yes Marge – even security. But the optimisists out there (how an optimists ends up in a security role is beyond me…) maintained that security spending would still happen for a couple of reasons:
- Compliance – None of the regulations are going away, nor are the auditors being furloughed. Thus, you still have to comply, regardless of the horror show that is the organization’s balance sheet.
- Attackers – It seems the attackers haven’t gone on vacation either. If anything, as things get tight they act more desperately to keep ill-gotten food on their table.
- Breaches – Successful attacks continue to happen every day, and they need to be fixed. Again, this is not dependent on the economy, so enterprises will still have to clean up their messes.
Those reasons are plausible, but I still didn’t believe it. Though I kept seeing survey after survey saying everything was OK. I was starting to think maybe it was me that was crazy.
Thankfully we are starting to see some rationality happen and perhaps even some honesty from the folks that fill out these surveys. I’ll point to a survey done by my friends at MetroSITE Group (PDF of the survey), as well as some research done by Peter Kuper and the IANS folks. Both show spending going down and even deteriorating a bit.
You can peruse the results yourself and draw your own conclusions, but ultimately the laws of economics have not been repealed. When an organization tightens the belt, EVERYONE needs to tighten. Even us security folk. So what? Budgets are down, what do we do now? The optimists do make good points in that compliance isn’t going away and neither are attackers.
It gets back to the age old need to “Do More With Less.” And the only way to do that is to automate. That’s right, the only way to continue to 1) comply and 2) secure with 3) less budget is to figure out how all that computing horsepower can be brought to bear to analyze what’s happening in your environment, allow you to react faster to threats, and to document your controls when the auditor comes to party.
So even in a “down” market, there is still a lot of need for security and compliance management solutions.
eIQcast Episode 3: Compliance Automation
December 24, 2008
In the third episode of the eIQcast, John and Mike tackle the concept of compliance automation. What exactly are you automating? And how do you delve into some of the specific compliance regulations and frameworks to figure out how to do more with less. Given the economic backdrop heading into 2009, we believe that all customers will need to figure out how to make their operations much more effective and more importantly, efficient. Automation is one way to do that.
Running time: 12:41
Photo credit: Gastev
Direct Link: http://eiqcast.podomatic.com/entry/2008-12-24T09_50_13-08_00
