Home » Security Leadership » Metrics/Budgets

Security Budgets: Money Well Spent

When it comes to security budgets, less can be more. Here are seven tips for discovering how to squeeze every bit out of yours.

Automation of tasks such as patching software can also produce tremendous cost savings. When the Blaster worm started making its rounds, the security team at Willis had to manually patch the software on many of its machines as well as get on the phone to offices around the world to walk them through the patching process. It was a successful effort, but Burnette estimates that the task took his team the equivalent of about 200 workdays to accomplish. It clarified the importance of automating patching as well as other rote tasks that zap his organization's time and funding.

Deputizing individuals in other business units to act as ad hoc security personnel is another effective strategy that CSOs use to expand their security staff without stretching their budgets. At PPG, Becker utilizes the human resources and health and safety individuals at some remote locations as his onsite security people. "If you can increase the amount of time someone spends on security by 5 percentthat's a free-to-me cost savings," he says. Bacon does the same thing by treating security as a team sport and relying on multiple business units to complete a project. "They don't work for us, and we don't work for them," he says. "But we use four to five business lines to complete a projectanother reason that our funding efforts are successful." When Bacon makes a presentation, it's not just his name on the bottom line, it's a team effort.

CSOs need to be able to speak the business language; they should make their security decisions based on the business fundamentals of risk and ROI. Nowhere is that more important than in the budgeting process, where CSOs need to be able to weigh cuts and expenditures with the clear-eyed steadiness of a CFO. "Typically, the average life of a CSO at a company is something like 18 months," says Allison. "During the first six months, they ask for the moon, and by the last six months they probably don't get anything. That's not a casual effect," she adds. "It points to the lack of business skills needed to get the budget through."

CSOs who learn to marry an intelligent evaluation of where to cut with some of the softer business skills and techniques needed to make a compelling case for funding are destined to be the real players within their companies.