Organizations Cutting Back on IT Security Staff
The IT security function, as a percentage of total IT staff at enterprise
organizations, appears to be in decline, according to an addendum on security
in a research report released this week by Computer Economics.
The findings of the report, titled "IT
Staffing Ratios and Trends," were gathered from respondents at 200
IT organizations and covered what the Irvine, Calif.-based research shop identified
as 14 key IT functions, including security.
The study found that even as overall IT staffing across other functions --
such as database administration and application development -- are still increasing,
staffing levels for security pros have been in steady decline over the last
three years, coming in at just 1.5 percent in 2008 (compared to 1.8 percent
in 2007 and 2 percent in 2006).
This leads to the question: Is security no longer a top priority in lean times?
"Clearly, there are a variety of reasons for this decline but the lack of a
focus on security isn't one of them," said Frank Scavo, president of Computer
Economics. "Qualified security personnel are in short supply and security as
a mechanism of an IT department inside an organization is becoming less specialized.
Plus, you have people in other areas whose duties also include a security element."
Scavo added that if an enterprise does has a staff member or a small group
of workers whose sole purpose is the design, implementation and monitoring of
a comprehensive security program, then "you don't need a lot of people for that."
For instance, a systems administrator and network administrator who can configure
security parameters for the processing environment can, in tandem with an outside
consultant or a third-party security software, eliminate the need for a full-fledged
In that vein, the reality that specialized security personnel must take into
account is that even though they are still in high demand, the high cost involved
in deploying in-house security professionals in a real-time, 24/7 environment
can be prohibitive.
To that end, security software and outsourced security functions are becoming
an ever-increasing alternative to hiring actual people -- which may also account
for the decline in in-house security staffers.
In the end, though, there's still another level of security involved in, well,
"Needs in the enterprise security space are definitely changing," said Kelly
Kavanagh, a senior analyst for information security strategy at Gartner. "Yet
and still, the IT executive should so some footwork himself. This means logging
on and making sure who you're hiring is not a couple of guys with beepers in
an office suite. If you can, get references. We are talking about security,
Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.