ADVERTISEMENT

ADVERTISEMENT

ADVERTISEMENT

ABOUT US

Launched in 2007, WhiteHatWorld.com is the online resource for key decision makers working in the security industry.

WhiteHatWorld.com looks at all aspects of the security industry, with in-depth analysis, webcasts, whitepapers and targeted regional training opportunities.

Think of WhiteHatWorld.com as your security information gateway!

LATEST NEWS

(ISC)2 members can receive CPE Credits for all WhiteHatWorld webcasts.

 

Upcoming Events Date Event/Topic 6/30/2009 2:00PM EST RSA Authentication Decision Tree Webcast Sponsor: RSA Speaker: Karen Kiffney Authentication Decision Tree Webcast Abstract: With so many authentication choices to evaluate, so many business needs, objectives and regulatory guidelines to factor in, making a decision on the best strong authentication technology for your organization is not an easy task. That is why RSA, The Security Division of EMC, has developed a simple new tool — the RSA Authentication Decision Tree — to help you evaluate and select the most appropriate authentication solution for your business based on: o the value of the information being protected, o the strength of user authentication to apply, o your planned usage, o the needs of the end user population, and o your technical environment. The RSA Authentication Decision Tree takes you through a series of five questions to narrow down the right technology (or combination of technologies) that balances risk, end user convenience and cost. You will also receive a customized report that compares the relevant authentication solutions for your business and your customers 7/14/2009 2:00PM EST Triple Play w/Paul Asadoorian, John Strand & Larry Pesce Best Of Hardware Hacking Tools For Penetration Testers Much of the focus on penetration testing has been on the software and network side. However, there is a whole world of hidden vulnerabilities in most organizations, if you have the right tools. These vulnerabilities come in the form of RFID access systems, Bluetooth cell phones, scanning for data in the 900Mhz range, and more! Explore the tools and techniques that you need in order to exploit and audit these vulnerabilities in your environment. Note: This webcast will not cover 802.11, we have dedicated an entire webcast to that topic. 7/22/2009 2:00PM EST THOUGHT LEADERSHIP ROUNDTABLE Vulnerability Management 7/29/2009 2:00PM EST LATE BREAKING COMPUTER ATTACK VECTORS hosted by Paul Asadoorian Sponsor: Core Security Technologies 8/4/2009 2:00PM EST The Mortman Briefing Risk Management Moving Beyond Red, Yellow, Green Sponsor: Core Security Technologies

Click Here to register for any upcoming WhiteHatWorld.com webcast.

Security Spending Meltdown

Just when it seemed security programs would be spared from the economic ax, security spending and hiring have begun to decline.

By Deb Radcliff

Last year, analysts painted a rosy picture around security spending despite the sagging economy. Then suddenly the market hit the “Q4, 2008 Meltdown,” as Derek Brink, VP and Research Fellow at Aberdeen, calls it.

Despite reports citing eight, ten and 25 percent growth in security spending late in 2008, security budgets and spending suddenly flattened out. At the same time, head counts began to shrink, and the number of security incidents began to rise, according to a February Aberdeen report authored by Brinks. Other recent studies are reporting similar trends.

“In Q3 of last year, security spending was increasing at a modest pace. Now, we’re seeing those spending numbers turn upside down,” says Bill Trussell, managing director of security research at the InfoPro.

InfoPro reported that in Q3 2008, 43 percent of 211 organizations interviewed increased security spending, 26 percent kept spending on par with 2007, and 31 percent experienced a decline in spending. In Q1 2009, preliminary results show that 51 percent of interview subjects are reducing their security spending, only 23 percent are increasing spending, and 26 percent say spending remains the same.

Overall, that means security spending has flattened out, say Trussell and other analysts. They predict organizations will spend about what they spent on security last year, but will limit expenditures to those that are necessary to keep them whole, deferring anything they deem discretionary at least for the duration of 2009.

“Resources are scarce,” explains Jon Gossel, president and CEO of SystemExperts, a technology consulting firm to more than 300 mostly Fortune 1000 clients. “Organizations are tightening their belts and making better, clearer plans around how and where they’ll spend their security dollars.”

Vendors need to prioritize as well, innovating around a higher level of ROI by baking security into everyday IT operations so that security is no longer seen as a separate line item, advises Chenxi Wang, principal analyst at Forrester.

Certain big-ticket esoteric projects such as application security and collaboration are the first to be put on hold during this period of flat spending, according to Wang. But, she predicts security that meets compliance demands, particularly data protection by means of encryption, will continue do well in this market.

Content security gateways, which grew 25 percent in 2008, are predicted to continue double digit growth through 2009, according to a March report released by Infonetics. But there are no numbers in on Q1 2009 to indicate what effect the Q4 Meltdown has had on this segment early this year. And, in terms of keeping them “whole,” as Gossel put it, organizations have continued to spend money on network security appliances, which experienced eight percent growth last year (Cisco, Juniper, Checkpoint were the leaders).

Another area Wang sees growing in this economy is selective cloud services such as e-mail security, Web content filtering, authentication, and network firewall monitoring. Her argument is that small- and medium-sized businesses (SMBs), are being forced to divest of their security staffs and purchase these services in the cloud.

For example, in what looks to be an upper mid-sized organization, J. F. Rice, author of Computerworld’s “Security Manager’s Journal,” lost half his security staff in a Q1 layoff, according to a March 16 article.

These layoffs are leaving a vacuum wherein there is no one to complete or start new projects, explains Pam Casale, chief marketing officer, Intellitactics. Therefore, the log management company recently unveiled an add-in deliverable that amounts to three free days of onsite installation as a bundled service.

While services might appeal to SMBs trying to save money with outsourcing, large-scale reductions in security staff aren’t taking place at the enterprise level, based on Gossel’s experiences with Fortune 1000 clients. At the enterprise level, he says, organizations are struggling to hold onto their precious security staff at the expense of buying into new projects.

Your browser may not support display of this image.With security spending flat, and with this mixed security spending story, analysts advise vendor organizations to invest in innovation during this slow down—particularly around recession-enhanced pain points of regulations, data protections, layered complexity, lack of ROI, and lack of infrastructure integration.

“Organizations will continue to invest in what critical security programs they have,” adds Carol Clark, director of ID and Access Products for RSA/EMC. “They should also prioritize projects for new investments based on criticality, regulatory requirements, and revenue streams the new projects could facilitate.”

Deb Radcliff is an award-winning writer who has covered information security and online crime since 1994. Radcliff is also editor of the technology research community’s SANS Analysts Program and editor of the consumer-safety publication, myIDmatters. Her articles are carried regularly in SC Magazine, Computerworld, Networkworld, CSO, The Register, CNN Online, and other leading computing and business magazines. They’re also translated into many different languages, cited in research and law journals, and used verbatim in college textbooks.

FUN STUFF

WhiteHatWorld.com polled 3,585 participants in a non scientific poll conducted between May 1, 2009 and June 8, 2009. We asked the following question: “What was your favorite 80’s sitcom?”

The results are as follows:

Top 10 80's Television Sitcoms:
10. Charles In Charge
9. Silver Spoons
8. Newhart
7. Who’s The Boss
6. Night Court
5. Bosom Buddies
4. Three’s Company
3. Family Ties
2. Alf
1. Cheers

The results of this poll are not intended to represent any expressed opinion of WhiteHatWorld.com, its associates, zombies, affiliates, advertisers, bots, employees, managers, pets, owners or sponsors.

CONTACT US

Please fill out the form below to be included in our weekly email communication, which will notify you of our upcoming webcasts and/or other events.
First Name		Address
Last Name		Address2
Company		City
Job Title		State/Zip
email		Phone
message