ÐÇ¿Õ´«Ã½

With over 40% of businesses last year spending 7% or more of their IT budget on security as opposed to the 3% to 6% guidelines recommended by Gartner, corporate organisations need to question just what IT enhancements are being sacrificed to appease the demands of ever-changing security threats.

Without a doubt, the combination of sophisticated, Internet-based security threats and a climate of fear have played right into the hands of the security industry. Over the past ten years, investment in security technologies has evolved from a grudge payment to an almost fanatical desire to protect every person in the organisation from every possible threat.

That said, organisations cannot simply continue to grow the budget for IT security, adding point products to meet specific perceptions of threat. Finding the right security solution for any business demands an excellent understanding of the value of information, how it is delivered to individuals across the organisation and the implications should that information be disclosed, corrupt or unavailable.

Only when armed with this information might a given organisation make a valid risk assessment, map threats to business values and define a security policy that truly reflects the level of risk identified.

The spotlight is on the security spend. Any IT director continuing with the expensive, ‘secure everything'-style approach will have little choice but to divert funds from elsewhere in the budget, thereby constraining the ability to deliver other services.

Isn't it time to face up to the fear, and make security investments on the basis of quantifiable business value?

Tom Salkield, Managing Directo, Netstore Security