Reducing the Cost of Security

Michael Vizard

While IT people have debated the relative value of investing in security, security investments don't drive additional revenue for the business. No matter how you cut it, security is a cost of doing business.

That's why focusing on reducing the total amount of money spent on security should be a critical component of any effort to reduce IT spending. The good news is that security vendors are finally waking up to this development.

Case in point is IBM, which this week introduced a new intrusion prevention system (IPS) appliance that integrates many security function on to a single platform.

According to Dave Ostrowski, product line executive for IBM security solutions, reducing the total cost of spending on security by consolidating security appliances and automating as many routine security functions as possible is at the center of IBM's security strategy. As Ostrowski notes, 'it shouldn't take a small army of people to own and operate security products.'

One of the things that is enabling the wave of consolidation of security appliances at the edge of the network is much faster hardware and the ability to run multiple virtual appliances on those machines. In IBM's case, the focus is more on faster hardware that allows multiple sub-system engines to share the same device. But in either approach, the end goal is the same. By reducing the number of physical appliances that need to be managed, the amount of time it takes to manage the overall security portfolio declines.

Ostrowski notes that these changes to the overall security portfolio are coming at a time when the complexity of securing the enterprise is increasing. Hackers are increasingly targeting Web applications rather than Windows because as Microsoft has improved Windows security, Web applications have become the path of least resistance. In addition, IBM researchers note a marked increase in attacks aimed at Macintosh and Linux systems, due in part to their growing popularity and the advances made on Windows security.

This growing complexity, says Ostrowski, makes it more important than ever for IT organizations to rely on automation. For example, IBM's new Security Network Intrusion Prevention System can communicate with IBM's AppScan Web application security analysis software to identify security attacks aimed at Web applications and then deploy a 'virtual patch' to eliminate that problem until the application itself is updated.

IBM estimates that the average IT infrastructure deployment is attacked roughly 60,000 times a day. Unfortunately, when faced with complexity, there is an IT tendency to throw more resources at a problem. But when it comes to security, less spending done the right way can actually mean a whole lot more security.



Add Comment      Leave a comment on this blog post
Jul 21, 2010 10:07 PM Ashley_From_Absolute Ashley_From_Absolute  says:
Hi Mike - this is a great post. Security costs are an expense that cannot be spared, and I agree that there are cost-effective ways to get robust security solutions. Today we find these tools increasingly vital. Businesses are under the attack of more complex threats and need to continually ensure the protection of both information and hardware. It�s so important that the proper resources are allocated to the security vendor selection process and that the most effective solution is implemented, allowing companies to monitor and enforce configuration policies and use the data to remotely monitor and control all devices. Thanks again for your trusted insight. Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.