Security investments are increasingly business-led with a bigger focus on getting value out of technology systems, according to security firm Check Point.
Despite increased threats, security budgets are static at around 4 to 6% of the overall IT budget, said Amnon Bar-Lev, president of Check Point.
“But, nowadays, most businesses are aiming at investing in security in the right way and putting the savings into other things to grow the business,” he told Computer Weekly.
Knowledge is key and education is ongoing, said Bar-Lev, but increased awareness of the importance of information security is to the business, is driving smarter security projects and investments.
“Security is no longer about compliance, it is about businesses wanting to protect their information assets and mitigate any data breaches that do occur,” he said.
Check Point believes the most efficient and cost-effective way to do this is to put the infrastructure in place that enables a company to manage and upgrade its security systems from a central point.
According to Bar-Lev, businesses no longer want the training and management cost associated with multiple security point products.
“I believe a modular product with a single, central management console is the way to go,” he said.
This means that once the basic infrastructure is in place, businesses can add new security functions as they are required or become available.
In 2011, for example, Check Point introduced a module designed to help businesses protect against computer hijacking by cyber criminals and advanced persistent threats (APTs).
Check Point’s product set is designed to support the fact that security is a three-dimensional business process, combining polices, people and enforcement.
In the second half of 2012, the company plans to extend policy enforcement capabilities using document management technology gained through the acquisitions of data security firm Liquid Machines.
“We have not yet decided exactly how to take this to market, but the technology will enable businesses to protect sensitive data directly by controlling how it is accessed, used and distributed,” said Bar-Lev.
He expects the data-centric approach to security to appeal particularly to businesses that are either struggling to enforce or are seeking improvement in enforcing data protection policies.