Five steps to cutting IT security costs

Threats to enterprise systems are likely to increase in the downturn

Security chiefs were today urged to undertake a "cost-focused restructuring" of their departments to improve efficiency, survive job and funding cuts, and emerge better equipped to tackle the likely increase in threats during the downturn.

Stuart Okin, former Microsoft chief security advisor and now UK managing director of security consultancy Comsec, highlighted five areas that security leaders should focus on when approaching the board with cost-cutting initiatives.

"At the end of the exercise you should be able to save money, but at the very least you'll be reducing risk by focusing on these parameters," he said.

"We don't know how long the recession will last, but everyone's experience is that we're heading for a threat increase, and every department is under financial pressure."

Embedding security into the development lifecycle will remove threats from IT projects earlier, thus saving on the cost of recoding, while consolidating security service suppliers can reduce outlay through economies of scale, according to Okin.

Chief security officers should also look at removing unnecessary security technology in the enterprise.

"The world has moved on from strict firewalls and intrusion detection systems everywhere, because firms have opened up to third parties," Okin explained.

"So if you look at the controls, a lot of them are redundant, but people are fearful of removing them."

Okin urged companies to simplify the security environment, for example by combining Sarbanes-Oxley, International Organization for Standardization and Payment Card Industry security awareness training.

He also advised organisations to use many of the inbuilt security features of current products in order to boost cost containment and security efforts.