Businesses can spend less on security and still be more secure, according to analyst firm Gartner.
Speaking at the annual ITxpo conference in Orlando last week, Gartner analyst Neil MacDonald said organisations needed to focus on processes, rather than products for effective security.
"The rest of the business is moving to a process-focused discipline of measurement and management; why shouldn't we expect the same from information security?" he asked.
He recommended either reducing the percentage of revenue that is spent on security, or increasing the amount of protection delivered from established security spending levels.
When threats emerge, MacDonald advised users to define the processes necessary to ensure the business is not affected. He said, "This discipline helps to avoid different groups duplicating efforts and purchasing solutions for each new threat."
Separately, Gartner warned users to expect radical changes to their IT departments over the next five years. It predicted that by 2011 IT's contribution would be cited in the top three success factors by at least 50% of top-performing businesses. Gartner expected 75% of IT departments to change their focus, with 20% fewer staff and 40% less in-house IT in 2011 than in 2005.