3. Learn from other areas in your company. Many process-oriented disciplines can be a good area as a proxy for the type of evolution facing security; network operations are a good example. In the early days of network operations, the only scrutiny came if things werent working correctly. Over the years, it has matured to a level of operational metrics for uptime and performance, and is embedded in quarterly and annual performance goals. These metrics allow a continuous cycle of performance, measurement and improvement. In addition, network operations can provide an important lesson of single solution economies of scale. Find solutions that work across your entire enterprisethis is the only way to get economies of scale in implementation and ensure you get the critical enterprise-wide risk information that can deliver the metrics you need.
4. Take steps to automate your compliance process. Are you compliant and can you routinely deliver the reports that auditors request? The economic benefits that come from doing this correctly are significant. Audit costs are directly related to how complicated it is to audit and prove the integrity of a business process, so finding a way to save the auditors time is one of the single biggest opportunities to drive down costs. Even though your audit costs may be hitting the finance areas budget, meet with your companys finance team to understand what audits are costing you, and how the right kind of automation could lessen them and there will certainly be time and resource savings for the security team as well. There isnt an exact recipe for compliance automation, so talk to your auditors, look at your environment, and begin the discovery of how much time is spent preparing for and reacting to audits. If youre a company that allows your divisions to individually automate, its time to think about taking those principles enterprise-wide.
Regardless of budget conditions, you will still be faced with decisions on which projects have the biggest impact on the business. The threat environment requires that you make the absolute best decisions with your available budget by investing in the right places and getting better use of your resources. Lastly, remember that times of difficulty are often the times of opportunity. Lessons learned now in the face of tighter budgets can spark valuable models of efficiency and progress for the future.
Elizabeth Ireland is Vice President Marketing of nCircle Ltd. nCircle Ltd is exhibiting at Infosecurity Europe 2009, the No. 1 industry event in Europe held on 28th 30th April in its new venue Earls Court, London. For further information please visit www.infosec.co.uk
Sign up for Computerworld eNewsletters.