CIOs Cut Costs (And Improve Security Effectiveness?)
Posted by Bob Craig - Dir Prod Marketing on Tue, Mar 03, 2009
CSO Magazine recently conducted a survey that reported 41 percent of organizations expect to see a decrease in spending on security staff, while close to 60 percent have either implemented, or plan to implement, a hiring freeze.
Can companies freeze or cut security staff and still deliver appropriate levels of security and compliance? Yes, actually they can:
- Lower costs
- Improve security and compliance
- Deliver increased business effectiveness
How? One answer is a comprehensive approach to access assurance. Companies find that implementing password management, access provisioning, role management, or compliance management and attestation, lets them do more with less which can have a significant impact on overhead costs.
An excellent example is Brookdale Senior Living, which was recently profiled in CIO Magazine. Brookdale grew by acquisition from $400 million to more than $2 billion in just three years to become the nation's largest owner and operator of senior living communities.
One consequence of Brookdale's rapid growth was their internal IT staff was overwhelmed with the sheer volume and complexity of change requests, due primarily to two factors: high turnover in certain positions and the need to provide access to dozens of systems acquired as a result of the mergers, each with its own unique user access requirements.
Automating account provisioning/de-provisioning allowed Brookdale to slash the time required to implement user-access changes from 5 days to less than 24 hours. This productivity boost enabled them to trim three security staff positions, reducing overall IT overhead costs by about $150,000.
Not only did Brookdale save money, but they also improved compliance with regulatory requirements (primarily HIPAA and Sarbanes-Oxley), delivered stronger security (automate ensuring only the right people have access to the right resources) and enhanced end-user productivity (by reducing the amount of time spent waiting for access to IT resources.)