But we're in a recession?!?!?!?

WPA has been cracked. Twitter and other "web 2.0" technologies have been hacked. Payment process Heartland Payment Systems was recently compromised. Regulatory compliance requirements continue to increase while the range and scope of threats continue. What's the matter? Don't the bad guys know we are in a recession and my budget for security has been cut?

The fact is that during times of economic trouble security requirements don't decrease, they increase. Organizations may scale back hardware upgrades or the implementation of a new cool technology but they simply cannot choose to ignore security. A compromise in a strong economy is bad. A compromise in a weak economy, where profits are lower and competition is greater could make the difference between a business that succeeds and one that fails. So what can organizations do to maintain security and regulatory compliance while at the same time reduce costs?

Recent industry activity has shown that organizations are doing a few things to meet these seemingly conflicting requirements. Many organizations are looking automation and outsourcing. These approaches allow organizations to do more with less. "Security as a service" can allow organization to take advantage of high levels of expertise without the high employee overhead. Replacing highly manual and labor intensive processes with technology can replace those costs further. Managed security services look to play a big role in the coming year.

Many organizations are looking to blend physical and logical security. Technologies such as smart cards and proximity cards can provide "single sign on" to the building, the data center, the network and applications eliminating the need to manage and maintain multiple solution.

Larger organizations are also looking to centralized a sometimes distributed security infrastructure. Moving security technologies into a central data center can reduce administrative costs significantly.

So what can be done?

First, organizations need to understand where their security strengths and weaknesses are. They need to not only understand their risk of compromise, they need to identify areas where consolidation, centralization, automation and outsourcing would result in better security at a lower cost. If organizations have already addressed their security concerns, they should focus on testing their solutions to validate effectiveness.

One final thought. In a troubled economy it is important that organizations assess the financial stability of their security technology vendors. The failure of a security company could result in organizations relying on unsupported technologies. This would be a problem if we are talking about a firewall. It would be a disaster if we are talking about technologies, like anti-virus and intrusion detection, that require constant updates from the vendor. While technology replacement may not be high on the list of priorities for many organizations, replacing security technology from troubled vendors may be a requirement.