IT security spared from budget cuts

Companies like Malaysia Airlines, are still dishing out money to strengthen their IT security framework. But, product evaluation process is now more rigorous.
Written by Lee Min Keong, Contributor

KUALA LUMPUR--Despite the economic headwinds buffeting the Asian region, organizations are not cutting their budgets for information security--at least, for now.

Aran Buckley, Standard Chartered Bank's global head of information security, said the bleak economic landscape has not affected the bank's IT security operations.

"So far, there is no direct impact on my program of [information security] activities, compared to how I would have planned it six or 12 months ago," Buckley said during a panel discussion at the 3rd Annual SecurAsia congress here Wednesday.

The country's national carrier Malaysia Airlines, has also resisted any plans to reduce its budget for information security projects--despite the fact that the airline industry has been badly hit by the global financial crisis, acknowledged Abdul Rahman Mohamed, its head of IT, strategy and governance.

The current mantra for companies is to reduce cost and save money, but Abdul Rahman noted that Malaysia Airlines will not compromise on security. In fact, the first two IT projects endorsed this year by the airline's management committee were specifically to address security, he said.

"Whether there is a financial crisis or not, we should not be compromising on our security solutions," said Abdul Rahman, who was also a participant in the panel discussion. "The committee took just five minutes to approve the first security project." However, he added, the airline was focused on identifying the "best value" in security products.

According to Buckley, IT security vendors have to brace for more rigorous scrutiny by businesses before contracts are awarded.

He noted that companies are now conducting more rigorous evaluation process, and added that the spending cycle for IT projects have been considerably stretched. "The days of the short spend cycle are gone," he said.

Jonathan Shea, CEO of Hong Kong Internet Registration, said companies planning to implement an Internet security framework must be prepared to spend more time and incur added cost.

For example, he said, its annual security audit and security monitoring exercise is a major IT cost for Hong Kong Internet Registration, a non-profit body responsible for the administration of ".hk" domain names.

"There is no free lunch, you have to spend more money for security," Shea said during the discussion. He revealed that when he sat down with the company's chairman recently to finalize the company's budget, they "cut nearly everything, except the IT budget".

Lam Chee Keong, a partner with local ICT products and services provider Heitech Padu, said interest in IT security was still "very much alive and kicking", even though customers were now more cost-conscious and prudent with their IT budgets.

Customers remain focused on security and recognize the implication of not spending on security, Lam said, citing a Forrester Research survey that revealed companies still spent an average of 12 percent of their IT budgets on security.

Referring to his customers, Lam noted: "Now they ask more questions and seek more information about the features, capabilities and performance of various security solutions in the market before making their decision."

Lee Min Keong is a freelance IT writer based in Malaysia.

Editorial standards