Professional Documents
Culture Documents
John Pescatore
10,000
60,000 Client
Clients
Enterprises
5,500 100,000
Benchmarks IT End-User
Inquiries
65% of
Fortune 1000; 2 Million+
85% of IT End-User
Global 500 Searches
10,000
3,700 Media
CIOs Inquiries
0.7
EMEA -0.5
2.1
Asia/Pacific 0
-3 -2 -1 0 1 2 3
Percent
www.news.com
Customers,
Rentahack
Command/control employees
Targeted Threat Growth
Best of
Flying blind, Breed
without a
? Or
net Really,
Very Low Really Lucky
(<.1% of rev)
- Efficiency 30
- Effectiveness 25
20
• Avoiding an incident is
generally less expensive 15
than surviving one 10
5.96
• Steering nonsecurity 5
spending in the right 0
direction has high leverage As of December 2008
How Much Should You Spend on
Information Security?
Network
Phased Intrusion
Access Evolve to Platforms
Deployment Prevention
Control
IT Infrastructure
Stop Chasing Rainbows and Unicorns
• Unless you're an early
adopter/Type A, kill projects
that are chasing mirages.
• Require 18-month payback
periods — incremental results
are OK!
• If service costs are greater than
50% of product costs, think
twice and maybe wait, or
descope:
Someday …
- Single sign-on
- Digital rights management
- Security/risk dashboards
- "De-perimeterization"
Transferring Security Spending to
Other Budgets
Off-Premises Cloud
Native Cloud
Applications
Outsourcing
Web Hosting
SecaaS
AIaaS
Hosting Web Platform APaaS
IaaS
Infrastructure Utility
size of the cloudlets and overlap shown is not to scale Shared application
infrastructure (AI)
Dedicated Web Applications, Commodity
Web Content (industrialized) APaaS -Application
Programmable or computing resources Platform as a service
Dedicated applications Programmatically accessible IaaS – Integration as
resources a Service
Leverage Big Infrastructure Migration
Projects as a Catalyst for Change
• Run users as standard user
Windows 7 migration • Switch to IE8
• Switch AV vendors for better pricing
Detection
SDLC
Analysis Design Construction Testing Operations
Prevention Correction
John Pescatore