Boards are expecting CIOs and chief security officers (CSOs) to provide increased security at a time when budgets are either flat or increasing only slightly, according to IDC program manager Eric Domage, who was speaking at the analyst firm's IT Security Conference today.
The increase in security requirements is related to the fact that the IT skills of staff are no match for the increase in volume and complexity of security threats, he said.
"This means there's a gap between what you have to do, and what you're given as a resource to do it."
Domage said a survey of delegates at the event showed that 40 per cent of respondents had had their security budgets frozen, and that many were making cuts in order to fund mobile device protection.
Domage said he had seen four strategies employed by CIOs looking to achieve improved security from a smaller budget.
Domage added that 70 per cent of respondents to the survey believed that squeezing vendor pricing was the best way to get the most from tight security budgets.
Des Powley, director security and identity management, Oracle, said that part of the problem is that boards do not fully understand security.
"Does the business understand the value of security? My US paymasters think the whole world revolves around compliance."
Domage concluded that compliance was a key factor of security, but is an increasingly complex area as more regulations appear, placing further demands on budgets.
Does Google know too much about you?
The trend towards non-desktop-based devices is enabling more flexible working practices and behaviours
Date: 29 May 2013
THIS EVENT HAS BEEN POSTPONED DUE TO ILLNESS. Business intelligence is enjoying an upsurge of interest. In an era in which businesses and organisations...
Date: 11 Jun 2013
The enterprise mobility summit will examine how organisations can manage the increasing array of endpoints which are enabling mobile computing in business....