My obsession with talking about low-cost security tools all started with an article for TechTarget. It morphed into a session for Interop, then a sponsored webinar (by a vendor, go figure) and finally a longer mega-webinar for Ipspace.net. Maybe it’s because I’ve spent most of my time in the non-profit realm, but I simply hate spending money unnecessarily on products that replicate functionality of something my organization already owns. What follows is an excerpt of a post I wrote for Solarwinds on the topic.
Security tools: sometimes it seems that we never have enough to keep up with the task of protecting the enterprise. Or, at least it seems that way when walking the exhibit floor at most technology conferences. There’s a veritable smorgasbord of tools available, and you could easily spend your entire day looking for the perfect solution for every problem.
But, the truth is, IT teams at most organizations simply don’t have the budget or resources to implement dedicated security tools to meet every need and technical requirement. They’re too busy struggling with Cloud migrations, SaaS deployments, network upgrades, and essentially “keeping the lights on.”
Have you ever actually counted all the security tools your organization already owns? In addition to the licensing and support costs, every new product requires something most IT environments are in short supply of these days—time.
Optimism fades quickly when you’re confronted by the amount of time and effort required to implement and maintain a security tool in most organizations. As a result, these products end up either barely functional or as shelfware, leaving you to wonder if it’s possible to own too many tools.
There has to be a better way.
Maybe it’s time to stop the buying spree and consider whether you really need to implement another security tool. The fear, uncertainty, and doubt (FUD) that drives the need to increase the budget for improving IT security works for only so long. At some point, the enterprise will demand tangible results for the money spent.
Try a little experiment. Pretend that you don’t have any budget for security tools. You might discover that your organization already owns plenty of products with functionality that can be used for security purposes.
You can read the rest of my rant here.
Postmodern Security 