All the latest UK technology news, reviews and analysis
|
|
|
30 Jul 2009
A former chief information officer at Google has used the opening keynote of the Black Hat USA 2009 conference to warn companies against useless security spending.
Douglas Merrill said that security budgets had been largely unaffected by the recession, and in some cases had increased by as much as five per cent.
Executives are signing off on unnecessary and, in some cases, harmful security spending because they do not understand the technology, according to Merrill.
"Everyone listens to security officers. Executives are, in fact, terrified of us. So they write us cheques," he said. "The thing is, they don't know why."
Part of the problem is down to a poor understanding of the return on investment for security spending, because security professionals tend to focus on negative rather than positive outcomes.
Some security professionals are actually harming their company by being overly restrictive, delegates were told. Merrill said that he had shifted his schedule onto Google Calendar in violation of his current employer's policy because it is much easier to access on the road.
Merrill added that companies benefit from having staff who are unencumbered by overly tight regulation, since they work in a more liberated environment. Google engineers, for example, are free to explore their own projects.
Latest stories from Security
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
TFL director of Games transport Mark Evers discusses how the public transport network is preparing for this summer's event
Connect with V3.co.uk
The wrong printers, for the wrong tasks on the wrong contracts
Who leads the BI pack and who should we be watching out for?
A client, a major financial services organisation, is...
Sharepoint Administrator, Sharepoint 2010, Sharepoint...
Proteus Europe, operating as an employment business...
Salesforce.com Senior Consultants and Leads Salesforce...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Get better security by spending less - focus on the right areas
Interesting findings! During the recent Gartner IT Security Summit, we conducted some informal interviews with CISOs on security spending. We touched on how they determine what to spend on security; How to fight for your budget; How to move costs to somebody else?s budget and How to be more efficient and effective. In addition, we ran an ad-hoc poll on our blog which received a great response. When asked what the most effective method was to get security budgets approved: ? 57% voted ?must do for compliance? ? 33% voted ?prevent a data breach? ? 5% voted ?avoid negative press? ? 5% voted ?saves us money? It shows that security industry is rapidly maturing as previously security spending was often a fixed percentage of a company?s IT budget and regarded as an obligatory tax, a cost of doing business (and also called ?covering your ass?). Nowadays, companies are working towards concrete security benchmarks, dictated by external regulations (compliance) or internal risk assessments. This is good, because spending more doesn't always mean that security is better. Avoiding incidents is less expensive than surviving incidents. Thus companies with the least number of incidents (highest level of security) also tend to be the organisations with the lowest spending on security. Expanding and optimising an existing solution is often cheaper than deploying a brand new one. You can leverage much of your existing investments and training and integration costs will be lower. This is good news in a difficult economy.
Posted by: Dominique Levin, Executive Vice President, LogLogic 04 Aug 2009
Who could have imagined?
I guess it's a real stretch to find out a former Google employee is advocating the use of Google apps. Big surprise. I'd say let's balance this out and have you read this article from the "Fail and You" column on The Reg: http://www.theregister.co.uk/2009/07/20/dziuba_twitter_hack/page2.html
Posted by: EJ 30 Jul 2009