LAS VEGAS: With many IT departments facing stagnant or shrinking budgets, experts are advising firms to be smarter with their security spending.
Speaking at the 2012 McAfee Focus conference, executives from Microsoft and EMC joined members of the government and military in calling for both public and private sector firms to solidify their existing infrastructure and optimise their security platforms before investing in new technology.
“Fix what you have before you buy something shiny,” said Dave Aucsmith, Microsoft director of security solutions.
“Then figure out how to monitor beyond your own network, so you can see what is coming.”
The panelists noted that by nature, security can be difficult for executives to quantify in terms of monetary value. With executives looking closely at IT spending and value, the executives suggested that organisations look at the risk and value associated with different data sets and the cost of possible breaches and attacks.
“All data is not worth the same amount,” noted Terry Halvorson, CIO of the US Department of the Navy.
“We have got to start having honest discussions about what the data is really worth.”
Ultmately, however, the panelists agreed that companies and government organisations around the world could do more to optimise their existing security assets. The experts suggested that companies look to tie down their existing infrastructure and patch possible holes before bloting on new security protections.
“That is where the first dollar has to go,” said Halvorson.
“For all of the really impressive advanced threats that are out there, we are still losing more stuff because of all the holes we did not fix.”