Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:00 PM
Robert Meyers
Robert Meyers
Connect Directly
E-Mail vvv

How to Control Security Costs During a Down Economy

Three key areas security professionals should watch when managing their budgets.

Change is a part of business, but rarely does it happen as quickly and with such little warning as it did in early 2020 when the pandemic hit. During this time, the digital transformation we've been talking about for years shifted into high gear. As a result, organizations reallocated their planned IT and non-IT budgets to rapidly prioritize technology and network security to accommodate their new distributed workforce.

However, now we're starting to see another shift that many didn't consider: Organizations are back to finding ways to control their IT costs, and in some cases their security budgets will take a hit. Research by Pulse, which found 75% of IT budgets were frozen in May, bears that out.

That, of course, could put your company at risk. So how can you control costs during such a chaotic time? The key is to focus on three main areas: managing your logs and security and information and event management system (SIEM), reducing licensing overload, and focusing on the right migrations to the cloud. Each has a direct impact on IT spending in the new distributed workforce.

Logging Data and Cutting Costs
It might seem surprising to focus on logs before licensing, but managing your network activity is top priority with so many people working from home. Remote access logs exploded in volume overnight, with users and data spread across a multitude of different networks and services. Inputting more data into the SIEM feels like the only option for log management as it's the only tool most companies have to meet legal compliance requirements.

However, it's important to note that most SIEMs charge for how much data they collect on a daily basis. In a distributed workforce, these costs can continue to rack up. Think about what happens when a small company needs to go from simply 1 GB to 10 GB per day? That could cost over $16,000 of additional expenses per year. 

What if it's not a small business, and instead it's an increase of terabytes? The numbers are staggering. To cut costs, organizations should make sure they're inserting the right kinds of data in their SIEMs. Sending all data can waste operational expenses. For example, auditing logs provides more security value than operational logs. Through this kind of evaluation, companies can trim as much as 60% to 80% of their SIEM's daily data ingestion, cutting the cost along with it.

Saying Goodbye to Non-Essential Licensing 
At the beginning of the pandemic, many companies forgot to check which of its licensing was paid for on a month-to-month basis. This contract concept allows companies to cancel the licensing it doesn't need while its employees are remote, and then pick up the licensing again when it's relevant. In other words, non-essential licensing, which is typically paid for on a month-to-month basis, could have been cut from the beginning.

In our on-demand world, it's common to walk into a company and find it has an excess number of licenses for email, helpdesk, and other services. This isn't from buying licenses on an annual basis but buying an excessive amount to be safe. For example, it is common for companies on month-to-month contracts to keep 10% to 15% extra licenses because, in the days of perpetual licenses, they would have been required to in case of a short-term expansion. With the new licensing model, these licenses should be deprovisioned and released. Cutting back on these noncritical systems could save companies 10% to 15% of their monthly licensing expenses.

Responsibly Migrating to the Cloud
As companies migrate to the cloud they need to understand how to do so cost-effectively. The key is to put the right elements in the right cloud infrastructure, and base that infrastructure off of the right components. 

A good example of this is how many companies are still basing their infrastructure off Windows server 2008 R2 or Windows Server 2012 R2. Very few companies have converted to either Windows Server 2016 or 2019 because of the cost. But there’s an immense benefit to updating. Most up-to-date operating systems have cloud interconnections that automatically install when you update the system. If companies would have made that update when the system was released, they wouldn’t have to use a new migration system that requires a larger budget.

It might sound counterintuitive, but controlling security costs can mean spending the right money on the right upgrades and tools, in addition to determining how you can scale back your current systems. Spending wisely is all about looking for advantages with every purchase, and that begins by evaluating your current operational budget.  

Robert Meyers is the compliance and privacy professional and channel program solutions architect at One Identity. He is a 30-year veteran of the identity and access systems and information security industry, with more than 10 years of that time focused on planning, ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-15
Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerability. An attacker in the same LAN can craft a packet with a malicious User-Agent header to inject a payload in its logs, where an attacker can take over the system by through its plugin-running function.
PUBLISHED: 2021-04-15
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the network access to DNS server. See the referenced GitHub security advisory for patch details.
PUBLISHED: 2021-04-15
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
PUBLISHED: 2021-04-15
LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images.
PUBLISHED: 2021-04-15
An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associa...