Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Most Secure Companies Spend The Least?

Posted by timothy on from the paradox-of-the-flesh dept.

iPodBoy writes "The Reg has an interesting article with some choice quotes from Gartner, showing that the most secure organisations spend less than the average and that the lowest spending organisations are the most secure. Gartner also had a choice quote for Microsoft, describing Windows as 'the biggest beta test in history,' and warned warned IT security pros not to expect too much from Microsoft's vaunted Trustworthy Computing initiative."

2 of 29 comments (clear)

  1. Makes perfect sense by photon317 · · Score: 4, Insightful


    A company will always be somewhere in the spectrum between two extremes:

    1) They have knowledgeable, competent staff in the areas of computer security, who can get all the practical computer security that's possible with minimal money spent on 3rd party products and consulting.

    2) They don't have anyone who knows what they're doing about security, so they just fall into a cycle of throwing money at the problem, fail to get it right, throw more money, repeat ad nauseum. The money gets spent on consultants and on whatever whizbang buzzword laden security product the PHCIO just heard about in his favorite IT Mag for Dummies.

    Hence the companies that are the most secure tend to be the ones spending the least money on security. I get the feeling that shops which are closer to category 2 are going to read the Gartner summary and decide to cut their IT security budgets in half in hopes that fixes all their problems, instead of investigating the real underlying issues: hiring competent people who can do security.

    --
    11*43+456^2
  2. Securing people is the hard part. by uncoveror · · Score: 4, Insightful
    You can password protect every system in the place, install a firewall and every kind of malware scanner, but people can still be hacked.

    If somebody calls the twinkiehead receptionist claiming to be from I.T., will she answer every question he asks? If an outsider claiming to be one of the big bosses calls the help desk saying he's locked out, and needs his password reset, will they do it for him? When the guys in the server room go to lunch, do they lock the door? If you sweet talk the fat old man dressed as a cop, will he use his own keycard to let you into a secured room?

    People are easy to hack, and hard to secure, but training courses for them are a better investment than new whizbangs.

    --
    The Uncoveror: It's the real news.