Research

Organizations Cutting Back on IT Security Staff

  • By Jabulani Leffall
  • 10/30/08

The IT security function, as a percentage of total IT staff at enterprise organizations, appears to be in decline, according to an addendum on security in a research report released this week by Computer Economics.

The findings of the report, titled "IT Staffing Ratios and Trends," were gathered from respondents at 200 IT organizations and covered what the Irvine, CA-based research shop identified as 14 key IT functions, including security.

The study found that even as overall IT staffing across other functions-- such as database administration and application development--are still increasing, staffing levels for security pros have been in steady decline over the last three years, coming in at just 1.5 percent in 2008 (compared to 1.8 percent in 2007 and 2 percent in 2006).

This leads to the question: Is security no longer a top priority in lean times?

"Clearly, there are a variety of reasons for this decline but the lack of a focus on security isn't one of them," said Frank Scavo, president of Computer Economics. "Qualified security personnel are in short supply and security as a mechanism of an IT department inside an organization is becoming less specialized. Plus, you have people in other areas whose duties also include a security element."

Scavo added that if an enterprise does has a staff member or a small group of workers whose sole purpose is the design, implementation and monitoring of a comprehensive security program, then "you don't need a lot of people for that."

For instance, a systems administrator and network administrator who can configure security parameters for the processing environment can, in tandem with an outside consultant or a third-party security software, eliminate the need for a full-fledged security staffer.

In that vein, the reality that specialized security personnel must take into account is that even though they are still in high demand, the high cost involved in deploying in-house security professionals in a real-time, 24/7 environment can be prohibitive.

To that end, security software and outsourced security functions are becoming an ever-increasing alternative to hiring actual people--which may also account for the decline in in-house security staffers.

Comments

Fri, Jan 2, 2009 John Franks Washington, DC

Especially in light of cutbacks in staff and budget, I like to pass along things that work, in hopes that good ideas make their way back to me. Data breaches and thefts are due to a lagging business culture – and people aren’t getting the training they need. As CIO, I look for ways to help my business and IT teams further their education. Check your local library: A book that is required reading is "I.T. WARS: Managing the Business-Technology Weave in the New Millennium." It also helps outside agencies understand your values and practices. The author, David Scott, has an interview that is a great exposure: http://businessforum.com/DScott_02.html - The book came to us as a tip from an intern who attended a course at University of Wisconsin, where the book is an MBA text. It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. Necessary is a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action. In the realm of risk, unmanaged possibilities become probabilities – read the book BEFORE you suffer a breach.

Add your Comment

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above