As budgets start to tighten for countless businesses concerned about the potential financial winter that many are predicting, security teams across the world are reviewing where best to place their investment to ensure they get the best “bang for their buck”. With that in mind, now might be time to explore some key areas where I see organisations spending wisely to deliver great results on a budget.
Keeping up to date
In general, taking a proactive approach to infrastructure refreshes and patching processes remains a key area where businesses could deliver superior protection with minimal cost. After all, patches and updates are normally already baked into the cost of most software solutions. Whilst there is a human cost of testing and applying these prior to production deployment, organisations with suitable planning can easily deliver on this area at minimal cost.
For larger infrastructure updates such as operating system refreshes and new hardware deployments, there are greater costs. However, considering these often come with other benefits such as improved system performance, it’s often a far easier cost to absorb into the business. And, don’t forget that aging infrastructure also comes with a cost. For example, larger “leaps” to upgrade from out-of-date products to the latest and greatest version likely taking much more effort than smaller, incremental updates.
Incident Response and Rollback
One area where security can deliver cost-savings to the business is by speeding up incident response. Though, achieving more efficient incident response may require some strategizing. Recurring incidents like AV detections or firewall intrusion alerts can be expedited by ensuring you have a robust run-book, which helps responders consistently and reliably deal with everyday issues. Similarly, reclassifying some incidents to better prioritise and triage incoming concerns can ensure that teams don’t waste time chasing down low-severity items. In return, your team can benefit from a reduction in “daily churn,” and you can ensure prompter responses and reduced downtime related to security incidents.
Alongside incident response, developing rollback, availability, and disaster recovery strategies can round out a strong security incident response toolkit. Planning ahead here is key. Consistent, reusable processes for testing and rollback are a critical component that can reduce administrative overhead for implementing changes, as well as handling options for when those changes might go wrong.
Minimizing Unplanned Work
Never understate the importance of ensuring that changes do not negatively impact operational services. Whilst many might not consider this as part of the security team’s responsibilities, too many “emergency changes” creates an environment in a state of flux. Undocumented changes can too often cause issues that result in incidents that could have been prevented.
Popular options like automation or machine learning for analytics are interesting from a technology perspective and incredibly promising in the near term. Unfortunately, only few organisations have successfully implemented full automation solutions or AI detection mechanisms that deliver significant benefits that couldn’t be achieved by improved process and run-book development. Whilst I can certainly see some exciting developments going on in this space and even some specific use cases that are starting to see some pay-offs by reducing the workload of busy security teams, this type of investment would still be one I would avoid for now.
No One Size Fits All – but a smart plan never goes wrong
The most important way to place your budget is on time spent planning security processes, as it is time well spent. Whilst hardware, software, and services are key components to budget for, it’s actually the money you spend on people planning out your security strategies that can stand to deliver you the best starting place for saving money whilst staying secure.