The Right Way and The Wrong Way To Optimize IT Security Costs

The Right Way and The Wrong Way To Optimize IT Security Costs

In many organizations, the IT security cost line item in budgets just keeps increasing year over year. Companies like Bank of America are spending over $500 million on IT security. IT managers need to be prepared to respond to executives if and when they ask for a reduction in IT security costs. However, there is a right way and a wrong way to optimize IT security costs. To find the right path, use our tips.

The Wrong Way To Optimize Your IT Security Cost: Avoid These Mistakes

 The fundamental mistake lies in cutting the budget because there is no understanding of the value. For example, a non-security specialist might see a lack of IT security incidents recently. This lack of problems may be seen as a reason to cut the budget. In fact, the lack of incidents is one of the best indications of a successful program. This type of misguided IT security cost-cutting is more likely to happen in organizations where there is a lack of regular IT security reporting and monitoring. Without such reporting, IT security quickly suffers from an out of sight, out of mind challenge.

Another misguided way to cut the budget is to reduce specialist staff. For example, you might have six highly trained security analysts and consider eliminating some of those roles. In this approach, you transfer the workload to the remaining staff and hope for the best. This approach, common in many companies, tends to lead to burnout problems. When IT security staff become overworked, they are less likely to detect issues proactively and spend on emerging risks.

Reducing the IT security cost assigned to technology and software is the ultimate wrong way to improve the budget. You might expect us to say that since we sell IT security software! There’s some truth to that. However, let’s take a moment and put ourselves in the shoes of a hard-working IT security analyst. They have hundreds of applications, thousands of users, and many hardware assets to protect. Without the right software tools, it is going to be extremely difficult to check for vulnerabilities. With a manual approach to IT security, mistakes are more likely to happen.

The Right Way To Optimize Your IT Security

Even if you manage to avoid all the mistakes outline above, the worst still sometimes happens. Your executives demand you cut 5% or 10% or even more from your budget. Ideally, you will have discretion and adequate time to develop a plan. Let’s assume you have sixty days to propose a new IT security budget that cuts 10% of your budget. Here are some practical ways you can look at cost optimization.

1. IT Security Projects: Pause, Delay and Cancel

Technology projects have an unfortunate reputation for running over budget. That reality is partly due to the fact that technological innovation involves risk and uncertainty. Like losing out on innovation is never attractive, it is one valid way to reduce your IT security cost. To reduce IT security project costs, consider a combination of pausing projects if possible or delaying project start times to another year. Alternatively, you may decide to put a hold on all projects that are not absolutely required to keep the lights on.

2. Audit Current Programs vs. IT Security Strategy

Does this sound familiar?

A manager comes to your office with a great idea to improve IT security. There is a solid business case to support the idea, so it receives funding. Over the next year, several more new ideas receive funding. Each individual proposal has merit. Yet when you add them up, the combined picture is different. The total result is a drift from your department’s core IT security strategy and goals.

To use this technique, audit your current programs against your goals. For example, you might find some functions and staff no longer make sense, given your strategy.

3. Identify Technical Duplication For Reduction

How many different IT security monitoring tools do you need? What about antivirus tools? By piling on more and more software tools that serve the same purpose, your organization may not be any safer. These multiple systems may be working against each other and causing more false alarms.

Ask your staff to compile a list of all of the IT security software services and apps currently in use. You will probably find a few cases of duplication. In that case, eliminate the least valuable application from your IT security cost base.

4. Automate Repetitive IT Security Administration Tasks

Doing the same task over and over again at work isn’t fun. In IT security, the problem is much worse than merely not being fun. When you do the same tasks over and over again, it becomes difficult to pay attention to detail. That can lead to issues like not paying attention to violations of IT security policies. To move simple administrative tasks like password resets off your plate, use an IT security chatbot to handle those requests.

Before you make the final decision on making IT security cost reductions, there is one more strategic question to consider.

The Ultimate IT Security Cost Question

There are companies like Bank of America spending hundreds of millions of dollars on IT security. Is that too much or too little? Fundamentally, this is the wrong question to ask. The better question to ask about IT security costs is this: Is our organization equipped in terms of people, processes and technology to meet the IT security threats of today and tomorrow? Industry surveys from Verizon suggest the volume of IT security attacks are increasing over time. Even worse, 86% of data security breaches are financially motivated. To keep up, your organization needs to invest in cutting edge tools. That means you might cut the budget from IT security tools that are no longer updated or relevant to cloud services. You might have to spend more budget on security to keep up. Or you might be able to leverage tools like access management software to systematize your protection further.

Written by Nelson Cicchitto