Posted by Paul Stamp on February 13, 2008
OK, for arguments’ sake let's suppose we’re in a recession. What does that really mean for us security folks?
To answer that question, let’s turn the question on its head. What did security spending look like when times were pretty good? Say from early 2005 to 2007 for example - did we see an upturn in spending? Our research found that security spending was flat or declining as a proportion of overall IT spending during that period. So then why, when the economy goes south would we spend less on security?
The vast majority of organizations spend money to counter threats and incidents that they’re seeing, and to comply with governmental and contractual requirements. Neither of these two factors are hugely dependent on economic cycles.
OK, so there’ll be less cash floating around for the big banks to fill their labs with new product evaluations, but does that really affect the majority of us? I would say not. Yes, we’re going to have to show more business justification for our technology. Yes, we’re going to have to consolidate. Yes, we’re going to have to streamline process. But weren’t we doing that anyway?
We’ve come to learn that security is a necessary cost of doing business – not a luxury item where we can turn spending on and off at the behest of economic demand. Luckily for us, I reckon there’s fewer of us that are going to be on the streets looking for jobs than other disciplines.