How to maintain security and service on a tight budget

Commentary - In the UK there has been much made of the statement that“ Government debt is the highest it’s ever been.” Whether this is actually true is a matter of debate as, some would argue, that it is lower than during 1920 and 1960 when it failed to fall below 100 percent GDP (the total amount of goods and services produced in one year). In fact, it is a matter of public record that after the second world war government debt actually reached the dizzying heights of 250% of GDP due to a ‘once in a generation’ economic and political crisis! Another statement that gets many a politician hot under the collar is that “The UK’s dept crisis is one of the worst in the world” – let’s face it, our PM wouldn’t deliberately mislead us – would he? Regardless of whether UK debt is the highest it’s ever been, or worse than anyone else, the fact that the UK currently spends £43 billion on debt interest, which is more than it spends on schools in England, just about sums it up. It can’t go on. Whatever the hype and blustering that echoes through the corridors at Westminster what can categorically be said is that “Government cuts are coming”. UK Plc can no longer continue to borrow from Peter to pay Paul.

The reality is that some of the cuts are already here with many more are on the way. On October 20th, last year, Chancellor George Osborne spelled out what some were as he fixed spending budgets for each Government department up to the 2014-15 financial year. In his speech he confirmed that an average 19% was to be cut from departmental budgets over the next four years, an additional £7bn would be lost from the welfare budget and police funding would be reduced by 4% per year. Now, I wouldn’t claim we’re a selfish nation but the question on everyone’s mind is “how will this affect me?”

As individuals this is certainly an important question but let’s spare a thought for the IT department managers who now face the even tougher predicament of maintaining the same level of service with less money. Only the very fortunate few will see their budgets untouched as Government and local councils attempt to safeguard frontline services at the expense of back-office activities.

So, is it possible to make some savings and still provide a good quality of service?

It would be too depressing if the answer was no so, thankfully, it can be yes. However, any areas where savings are to be made must be carefully chosen to ensure that you do not jeopardize the mission of the organization.

As an example, consider the situation where an authority has thousands of users working on a Windows based platform. A new version of the OS is released which has some nice features but is it really needed now? The cost of upgrading thousands of users will be high, not just to buy the software but to install it and re-train the users. It could involve using external contractors and might necessitate upgrading hardware. Delaying this decision for a few years could be fiscally prudent at the moment unless the new release contains a must have security feature. Similarly delaying the upgrading of hardware will produce mid-term savings. Eventually it will have to be done but much of it can be put off until times are easier. Reducing the cost of external consultants can provide big savings. This doesn’t have to mean that the work won’t get done – just not yet. What it will mean is that external consultants will share the pain of reduced overall budgets and that contracts will have to be re-negotiated to produce more efficiency and lower hourly rates. It can be done in the interest of long term relationships.

It’s evident, then, that cuts can be made and just about everyone could think of an area to start on but one area that needs careful consideration before anything is done is IT security. Recently the Government identified “hostile attacks upon UK cyberspace” as a major risk to our national security. Anyone thinking of cutting back spending in this area needs to be certain that security is not being compromised. The Government said that it would be spending large amounts on this, figures of £500M have been mentioned, but has anyone actually seen any additional funds yet?

There are, however, things that can be done in the security area that can reduce short to mid-term costs without placing the organizations IT security at risk. Today, every organization should be using security solutions at the desktop and network level.

• There can be no compromise at the desktop level. Antivirus software must be kept up-to-date as the expense to the organization curing an infection can be immense – not to mention lost downtime, risk of data breaches, etc.
• At the network level it’s important to know that your firewalls/IDS/IPS/UTM work correctly as this is your first line of defense against hackers

It’s always tempting to splash out on the latest and greatest software or piece of hardware because the vendor claims it’s the “best thing since sliced bread.” However, there are ways to make existing network security kit work more efficiently and thereby extend its life. To do this you’ll need to use one of the IP filtering testing solutions that are available. These tools test your network security and tell you if, and where, there are problems. The better ones will actually give you a fix should a problem be found. By applying the fix to the IPS/IDS/UTM/ Firewall you can put off the day when you will need to replace it. Regular testing could extend the life of the kit by a considerable amount. Using one of these tools can also produce further savings by reducing the need to employ external penetration testing which is time consuming and expensive.

By employing IP filtering testing you can significantly reduce the amount of time spent on testing, can enable more regular testing to be performed, can enable the testing to be done by internal staff and can reduce the reliance upon external pen-testers. This will save money and improve security. It’s a double windfall.

It’s always going to be hard to tell fact from fiction – especially when the statement is made by a politician. However, what you can take as gospel is that, in the present economic climate, budget cuts are very real and we haven’t heard the last of them. Another fact is that improved security comes at a price - but isn’t it refreshing to discover it can be at a lower one!

biography
Will Hogan, Idappcom Ltd, author of Traffic IQ Professional, a network vulnerability assessment tool which allows the user to efficiently test the response and recognition capabilities of security defenses across a network. For further information, and to download a free licensed version of the software, visit www.idappcom.com.