SIEM in the days of recession

In October 2007 Gartner published a paper titled “Clients Should Prepare a ‘Recession Budget’ for 2008″. It suggested that IT organizations should be prepared to respond if a recession forces budget constraints in 2008. Its still early in 2008 but the FED appears to agree and has acted strongly by dropping key interest rates fast and hard.

Will this crimp your ability to secure funding for security initiatives? Vendor FUD tactics have been a bellwether but fear factor funding is waning for various reasons.These include

* crying wolf
* the perceived small impact of breaches (as opposed to the dire predictions)
* the absence of a widespread, debilitating (9/11 style) malware attack
* the realization that most regulations (eg HIPAA) have weak enforcement

As an InfoSec professional, how should you react?

For one thing, understand what drives your business and align with it as opposed to retreating into techno-speak. Accept that the company you work for is not in the business of being compliant or secure. Learn to have a business conversation about Infosec with business people. These are people that care about terms such as ROI, profit, shareholdervalue, labor, assets, expenses and so on. Recognize that their vision of regulatory compliance is driven mainly by the bottom line. In a recession year, these are more important than ever before.

For another thing, expect a cut in IT costs (it is after all most often viewed as a “cost-center”). This means staff, budgets and projects may be lost.

So how does a SIEM vendor respond? In a business-like way of course. By pointing out that one major reason for deploying such solutions is to “do more with less”, to automate the mundane thereby increasing productivity, by retaining company critical knowledge in policy so that you are less vulnerable to a RIF, by avoiding downtime which hurts the bottom line.

And as Gabriel Garcia Marquez observed , maybe it is possible to have Love in the Time of Cholera.

– Ananth