Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

8/19/2020
02:00 PM
Robert Meyers
Robert Meyers
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

How to Control Security Costs During a Down Economy

Three key areas security professionals should watch when managing their budgets.

Change is a part of business, but rarely does it happen as quickly and with such little warning as it did in early 2020 when the pandemic hit. During this time, the digital transformation we've been talking about for years shifted into high gear. As a result, organizations reallocated their planned IT and non-IT budgets to rapidly prioritize technology and network security to accommodate their new distributed workforce.

However, now we're starting to see another shift that many didn't consider: Organizations are back to finding ways to control their IT costs, and in some cases their security budgets will take a hit. Research by Pulse, which found 75% of IT budgets were frozen in May, bears that out.

That, of course, could put your company at risk. So how can you control costs during such a chaotic time? The key is to focus on three main areas: managing your logs and security and information and event management system (SIEM), reducing licensing overload, and focusing on the right migrations to the cloud. Each has a direct impact on IT spending in the new distributed workforce.

Logging Data and Cutting Costs
It might seem surprising to focus on logs before licensing, but managing your network activity is top priority with so many people working from home. Remote access logs exploded in volume overnight, with users and data spread across a multitude of different networks and services. Inputting more data into the SIEM feels like the only option for log management as it's the only tool most companies have to meet legal compliance requirements.

However, it's important to note that most SIEMs charge for how much data they collect on a daily basis. In a distributed workforce, these costs can continue to rack up. Think about what happens when a small company needs to go from simply 1 GB to 10 GB per day? That could cost over $16,000 of additional expenses per year. 

What if it's not a small business, and instead it's an increase of terabytes? The numbers are staggering. To cut costs, organizations should make sure they're inserting the right kinds of data in their SIEMs. Sending all data can waste operational expenses. For example, auditing logs provides more security value than operational logs. Through this kind of evaluation, companies can trim as much as 60% to 80% of their SIEM's daily data ingestion, cutting the cost along with it.

Saying Goodbye to Non-Essential Licensing 
At the beginning of the pandemic, many companies forgot to check which of its licensing was paid for on a month-to-month basis. This contract concept allows companies to cancel the licensing it doesn't need while its employees are remote, and then pick up the licensing again when it's relevant. In other words, non-essential licensing, which is typically paid for on a month-to-month basis, could have been cut from the beginning.

In our on-demand world, it's common to walk into a company and find it has an excess number of licenses for email, helpdesk, and other services. This isn't from buying licenses on an annual basis but buying an excessive amount to be safe. For example, it is common for companies on month-to-month contracts to keep 10% to 15% extra licenses because, in the days of perpetual licenses, they would have been required to in case of a short-term expansion. With the new licensing model, these licenses should be deprovisioned and released. Cutting back on these noncritical systems could save companies 10% to 15% of their monthly licensing expenses.

Responsibly Migrating to the Cloud
As companies migrate to the cloud they need to understand how to do so cost-effectively. The key is to put the right elements in the right cloud infrastructure, and base that infrastructure off of the right components. 

A good example of this is how many companies are still basing their infrastructure off Windows server 2008 R2 or Windows Server 2012 R2. Very few companies have converted to either Windows Server 2016 or 2019 because of the cost. But there’s an immense benefit to updating. Most up-to-date operating systems have cloud interconnections that automatically install when you update the system. If companies would have made that update when the system was released, they wouldn’t have to use a new migration system that requires a larger budget.

It might sound counterintuitive, but controlling security costs can mean spending the right money on the right upgrades and tools, in addition to determining how you can scale back your current systems. Spending wisely is all about looking for advantages with every purchase, and that begins by evaluating your current operational budget.  

Robert Meyers is the compliance and privacy professional and channel program solutions architect at One Identity. He is a 30-year veteran of the identity and access systems and information security industry, with more than 10 years of that time focused on planning, ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15216
PUBLISHED: 2020-09-29
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revisio...
CVE-2020-4607
PUBLISHED: 2020-09-29
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
CVE-2020-24565
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25770
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25771
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...