It might not surprise some IT organizations to find they spend more on security consultants than they do on security technology.
EMC's RSA security division wants to address this issue by revamping its security practice around more holistic approaches to security management. To that end, the practice has been reorganized around the following strategic disciplines: industry standards and compliance regulations; risk mitigation, virtualization and private cloud computing; and advanced security technologies.
According to Branden Williams, director of security consulting for RSA Security Consulting, EMC is creating a dedicated business unit around security in response to customer requests for more complete security consulting engagements. All too often, customers wind up bringing in various security professionals to handle specific issues, which over time drives security costs higher, leaving customers without funds to buy the products they need to defend against the next generation of threats.
Like all major vendors in tight times, EMC is expanding its services capabilities to maintain existing profit margins while increasing revenue. Some of that growth might come at the expense of more specialized consultants that might even be better than the people working for RSA. But in this economy, customers are trying to better balance their security investments against the risks involved, and a natural place to start is with the consulting budget.