About 1 out of 3 Gartner research note titles used to be of the form “Nouns: Interrogative Phrase?” It really helped increase the market share of the lowly “:” as a syntactical-deductive, but the Gartner editors decided research notes were supposed to have the answers, not the questions, in the title.
Since the Gartner security conference is in June, April is presentation preparation month for Gartner security analysts. One of the talks I’m doing is on dealing with budgetary pressures in the current economic environment. As a company Gartner started looking at the impact of the economy on IT budgets back in late 2007 and we put out many research notes with cost reduction advice throughout 2008. However, the actual volume of calls from Gartner clients directly related to dealing with reduced security budgets has been low.
That’s not to say the global slowdown hasn’t impacted security spending overall, but the actual average impact per security budget has been pretty light. Most of the necessary actions have been pretty low impact: delaying technology refresh for a quarter or so, looking at open source tools, some growth in outsourcing, putting the kibosh on some faddish approaches that never had any real security ROI anyway. That “:” doesn’t count – it was used as a syntactical-descriptive.
There is now a lot of mass media discussion about the worst being behind us, but all good security people need to be contrarians – we need to be prepared to deal with it getting worst and the potential for severe cuts still coming. However, as I put together the presentation I found myself focusing more on defending the security budget than simply cutting it. For many security organizations, cutting the security budget would result in a drop below the due diligence level – the enterprise would be put at an unacceptable risk.
Now, for many other security organizations the budget could stand to be cut – there are a lot of inefficient practices out there. The key is knowing where you fall in that spectrum and having the right ammo to be able to fight corporate battles to convince the slashers to go elsewhere. That’s just Management 101 – are you prepared?
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.