Slashdot Mirror

← Back to Stories (view on slashdot.org)

Shrinking Budgets Tie Hands of Security Pros

Posted by CmdrTaco on from the plastic-handcuffs-for-everyone dept.

An anonymous reader writes "RSA Conference released the results of a recent survey of security professionals regarding the critical security threats and infrastructure issues they currently face, including those exacerbated by the current economic climate. The study indicates that even though practitioners are most concerned about email phishing and securing mobile devices, technologies addressing these needs are at risk of being cut from IT budgets. The survey also asked what technology investments will likely be bypassed or curtailed due to spending freezes and budget cuts."

3 of 63 comments (clear)

  1. And then there will be a price to pay. by Z00L00K · · Score: 4, Interesting

    When the budget cut has gone far enough to strip down all security, certificates expires, competence leaves ship and nobody really knows how it works anymore. Then the cybercriminals enters the systems and use them for their purposes.

    And management sits there looking completely confused because they have cut down on the people knowing how to do security.

    Especially bad is it if it's about having a system that handles large amounts of economic transactions and are storing credit card and personal information about a lot of people.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    1. Re:And then there will be a price to pay. by Hammer · · Score: 5, Interesting

      And all of this is because IT never seems to be able to make management understand :
      1) Security is not a cost but an insurance.
      2) PHB's will never adhere to simple guidelines as to what is safe.
      3) The bad guys are out there

  2. Not just security pros... by Anonymous Coward · · Score: 4, Interesting

    In June of this year, my employers had a major business continuity scenario - an electrical fault with the UPS took out a lot of desktops, several servers and most of our network connectivity on one phase. This was at 6PM on a Friday. Not only is it incredibly hard to get your standard suppliers to ship any replacement gear for the following day on a weekend, its incredibly hard to actually get to talk to anyone! Now, I only recently took over the infrastructure management role, and one of my first goals was to put into place a proper Business Continuity plan. We have alternative premises with a major continuity provider on contract, but we have no plan and our actual capacity requirement now far exceeds what it was when the original alternative premises arrangement was put in place.

    When this event happened, we were in a very touch and go situation - we did not know if we could recover the business for opening on Monday. And we are extremely IT reliant!

    To cut a long story short - through putting in a lot of extra hours that weekend, and a lot of travelling to various IT shops within a 50 mile radius, we managed to get the business back to the point where we could open on the Monday without visible issue.

    When that event happened, my BCM plan had been on the desks of the company leadership for a month. After that event, it got bumped up to the next board meeting. And at that board meeting, the entire plan was indefinitely postponed due to funding. No intermediate plan was asked for, no alternative. The plan had several different levels of expenditure to choose from, and they ignored all of them.

    Barely one month after a 'can we continue to run the business' situation, the board rejected the plan which would have made that situation a non-issue, even at the cheapest option.

    I now have several interviews elsewhere. The sooner I can get out of here, the better.

    Posted anonymously for obvious reasons.