What Does the Financial Meltdown Mean for Security?

At first, this was going to be a column about the PR machine’s hyperbolic efforts to connect the state of IT and security with the current financial crisis. Indeed, some have shamelessly sent me story pitches that try to get some bang out of the Wall Street meltdown.

This pitch, from a PR flak whose name I won’t mention, even starts with an admission that the proposed IT angle is a stretch:

“This might be a bit of hyperbole, but as companies like AIG and Lehman Brothers look for a bail out, it’s not surprising that adoption of open source software is increasing significantly in the wake of today’s economic downturn,” the person wrote in an e-mail that circulated around my office. That’s right, the financial crisis means companies are fleeing to the safety of open source software, whether it’s for security or other purposes. By the way, the flak wrote, her vendor client would be more than happy to talk to us about this all-important issue.

But as I started to look around for more examples of FUD, I started stumbling across blogs and articles examining the potential impact of the crisis on security in a more reasoned fashion. Now my take on things isn’t as black and white as it was a couple days ago.

Columnist Rob Kall suggests in this OpedNews.com piece that the financial crisis itself may be a sham dreamed up by government officials who want to scare us into allowing their excesses much as we did after the 9-11 attacks:

“The news is abuzz with the reports of the solemn, haggard faces of the leaders of Congress when Bush’s economic czars Paulson and Bernanke informed them of the deadly threat of financial meltdown the US, even the world economy, faced if something dramatic was not done immediately. So, of course, they came out, shaking in their boots, telling the nation how awful things were, how close to the abyss we’ve come,” he writes, adding, “This sounds far too similar to Bush’s surrogates Condeleeza Rice and Colin Powell warning us – at the UN and in Congress in 2003 – that Iraq and its WMDs was an imminent threat to the nation and the world.”

Dan Blacharski at IT World writes about the “Financial Meltdown and Impending IT Crisis,” suggesting that the current crisis will trigger a drastic pullback on IT investments.

“There’s more evidence that [the financial crisis is] hitting the IT business, which until now has been relatively untouched, he writes, citing a Channel Insider Mid-Year Outlook survey of 300 vendors. “Not too long ago,” he writes, “at the beginning of this year, the survey said about 75 percent of resellers expected profits to be up compared to 2007. Today, only half said that. According to the report, providers say their customers have delayed IT projects, are taking longer to make purchasing decisions, scale back deployments, and push back on pricing.”

And in his blog, StillSecure Chief Strategy Officer Alan Shimel writes about the potential impact of the financial meltdown on security vendors:

“On one hand, under the present conditions, the financial sector – long a foundational vertical for just about every security vendor – will not have a lot of spare cash for IT in general and I am sure security in particular,” he writes. “It will be rough sledding trying to convince financial firms that now is a great time to invest money in the latest security technologies. On the other hand, new regulations and oversight could lead to more compliance.”

Who can argue that Sarbanes-Oxley did not boost security spending, he asks, suggesting that by the same measure, any new regulation of the industry should have a corresponding element of security and data integrity as part of it.

“Overall, the security industry will make out better than many other IT sectors,” he concludes. “This meltdown is going to reshape not only Wall Street but Main Street as well. But in the end there will still be storefronts selling IT security.”

That may well be the case. Time will tell.

Those in the PR world need to be careful about the pitches they make, because stirring the FUD well will only make things worse. There’s something about using a crisis to drum up a little business that leaves me cold every time.

But that doesn’t mean we shouldn’t be taking a look at what the security impact of all this might be down the road. To think these things through now puts us in a better position to maintain the right amount of security later. All I’m saying is that we should be mulling these things over calmly and reasonably, as Shimel does in his blog posting.

Whatever happens with this government takeover of Wall Street, there will always be ways to keep security afloat even if the investment dollars dry up. For some examples, I direct you to our recent series on how to ensure security during a recession:

• Making Security Work When Staffing is Tight
• Cost-Cutting Through Green IT Security: Real or Myth?
• Recession Woes: What People Steal
• Cheap IT Security? The Tools Were There All Along

Remember, cooler heads – armed with balanced information – will prevail.

About FUD Watch: Senior Editor Bill Brenner scours the Internet in search of FUD – overhyped security threats that ultimately have little impact on a CSO’s daily routine. The goal: help security decision makers separate the hot air from genuine action items. To point us toward the industry’s most egregious FUD, send an e-mail to bbrenner@cxo.com.