Firms Not Cutting IT Security

This is an article I found in business weekly which addresses Endsight’s main IT Security direction. Although the economy is down, companies cannot afford to skimp on security and IT maintenance. Endsight now offers virus and spam protection at the desktop and server levels. Many of our clients are realizing the value in protecting their most important asset- their knowledge. Back up is becoming more practicle, affordable and important these days. It’s a safe guard that many companies only realize the importance of once its too late.

Please enjoy this article written by Stewart Baines of silicon.com

Despite tight budgets, CIOs, faced with rising threats from malware and disgruntled employees, have decided it pays to be wary, surveys show

With IT budgets flat or declining, you might have expected security spending to be similarly under pressure. But it seems CIOs faced with rising threats—including those from malware and disgruntled employees—have decided that it pays to be wary.

Indeed, several surveys have reported that enterprises are increasing their security budgets in 2009 despite cuts in overall IT budgets, with tech chiefs expecting security issues to grow this year as a result of the economic uncertainty.

Speaking to IT directors, the story is the same: downturn or not, cutting security spending is not worth the risk.

Jane Kimberlin, the IT director of Domino’s Pizza, which is bucking the trend of depressing financial results thanks to diners downsizing to a takeaway, said: “We are in fortunate position of finding the downturn not affecting sales. Consequently I am not experiencing any budget constraints at all.

“Having said that, I don’t think we would ever reduce our security budgets. I often talk to other CIOs in the FTSE 250 and it’s not something anyone has said they would do.”

Similarly David Supple, IT director for Ecotec, a management consultancy working in the public sector, said despite the tricky economic climate: “Overall our IT security budgets are not down a lot.”

Crisis, what crisis?
So with IT security budgets largely intact, are companies well prepared for the challenges ahead? Over the past year there have been a string of high profile data breaches, and embarrassing cases of lost laptops, USB drives and CDs in the public and private sector.

But the fear is that such mistakes could be replaced with the deliberate theft of data, with disgruntled former employers made redundant in the downturn fuelling the insider threat to IT security.

Alan Rodger, senior research analyst, Butler Group said: “The insider threat is the most significant. With people’s jobs coming under threat, some will make the most of the opportunity before they leave. For others, simply being told their pay is being cut might inspire them to breach security.

“Investment over the years has focused on security threats outside of the organisation but I believe companies now need to spend a lot more time looking at the threats from within.”

Rodger’s stance is underlined by a recent Ponemon Institute survey of 950 people who had lost or left their jobs during the last 12 months. The research found nearly 60 per cent of them took company information, such as customer contacts, when they left.

The threat of flexibility
As the downturn rumbles on, there is pressure from business managers to be more flexible and cut costs: get closer to customers, work from home more often, and reduce the overhead on centralised offices. The counterpoint is that data leaves the once fortified confines of a company’s premises.

“My internal customers need to be more mobile and so we have seen an explosion of devices on market like netbooks which help them do this. I have to get the balance between making services accessible and security, and security has to win every time,” Domino’s Kimberlin said.

“But we have to recognise that there is a blurring between our work and personal lives so if our employees want to use social networking for instance, we let them do it as long as it doesn’t compromise our security,” she continued.

Ecotec’s Supple added: “Employees are working at weekends and in the evenings from home, maybe when they were not doing it before and using equipment that is not ours,” adds Supple. “Our perimeter has grown.”

So what can an IT director do when faced with conflicting pressures to make working practices more flexible, yet make access to sensitive corporate data more secure, particularly when there is little money around for investment in anything other than business-as-usual security? The trick is to focus investment on where it makes a difference.
Burton analyst Rodger said: “Over the years, most IT security projects have not had to be qualified by a business case but that is changing. Many businesses are recognising that they need to assess the risk, and find a balance between financial cost and the probability of a breach happening.

“When you understand the risk—and how the economic crisis could increase risks—you stop making short-term cost savings in the IT security budgets in ways that leaves you open to the worst risks.”

http://www.businessweek.com/globalbiz/content/mar2009/gb2009039_621530.htm?chan=top+news_top+news+index+-+temp_global+business

Red Bull IT Management

Hi, my name is Lauren and I drink Red Bull.

I’m not afraid to say that. Maybe it’s my generation. Maybe it’s my college past. But when I need a picker upper, I just don’t want coffee. Working in the Bay Area grind, it seems almost sinful to forgo coffee. Popular culture hasn’t over looked the obscene and often comical number of coffee shops in the land of business. But somehow Red Bull, which should be the “trendy” drink, has become a symbol for no-frills energy. I like the taste. I like the fact that my sugar free Red Bull has the calories of a stick of gum. I like that it’s not any more expensive than a cup of coffee.  But I don’t like the bad looks and feeling that I’m breaking the rules (or maybe I do!)

We all just need to admit that coffee shops are not just for taste, ambiance, or status. They are for when the corporate world needs their picker upper. Would it be necessary to have one every few blocks, with constant lines and an insider’s vocabulary to even order a drink if it weren’t for the stimulus it provides? Give me your decaf argument all you want, but besides for the select few decaf drinkers (I like to think of them as the coffee world version of ordering an O’Doul’s at a bar), you enter that coffee shop for a specific reason- to wake up!

So if I need Red Bull to liven up, please allow my generational disposition for energy drinks to not be frowned upon. Just because the twenty-year old coffee monkey on your back has now become status quo, don’t sneer my Red Bull - let me drink in peace. Red Bull Rocks IT Management!