Smarter purchasing cuts security costs

IT security chiefs must focus on integration, say experts at the Gartner IT Security Summit

IT security chiefs can reduce cost and complexity of their systems by buying integrated solutions, but they need to change the way they deal with vendors to make this happen, according to leading experts at the Gartner IT Security Summit in London this week.

Vendors typically sell separate add-on products to combat each newly discovered major threat, such as spyware or spam, complained Gartner managing vice-president Vic Wheatman in his keynote.

“It’s time for the industry – the people providing us with software and hardware tools – to become more mature,” he said. “It’s insanity that the vendor can say ‘this is something new, we’re going to charge you extra’, when the functionality often shares a lot of common processing [with current solutions].”

There is a similar lack of convergence in operations as firms often use two or more engines to apply patches onto their kit. However, convergence is taking place, and IT buyers need to take advantage of this by consolidating where possible, Wheatman added.

“Combining security functionality eliminates redundancy and simplifies life; do more and pay less is at the heart of convergence,” Wheatman said.

Firms should therefore look for products that offer them “best of need, not best of breed”, because the best-in-class solution may not be the most appropriate for their specific needs, may add unnecessary cost and may be difficult to integrate, Wheatman continued.

John Meakin, group head of information security at Standard Chartered Bank, argued that information security chiefs must demand more from their vendors.

“We need to move from the back foot…we are being managed by [the vendors] – we need a real partnership, which means they change their products because we tell them,” Meakin said. “There is little integration in the IT infrastructure and the infrastructure won’t be secure unless we move the buy-side and the sell-side towards greater integration.”

He added that IT security chiefs may become marginalised in their organisation unless they are more proactive in relationships with vendors, and foster greater professionalism and collaboration among peers. They should also take advantage of the fact that as products mature, operating systems, application platforms and the like are increasingly built with security in mind, Meakin said.