Companies are paying far too much for their security software and they should change the way they buy security products, delegates at this week’s Gartner Security Conference were told.
Jon Mein, Gartner research director, said suppliers were taking advantage of undemanding IT departments by raising the prices of their services by between 25% and 45%. Although Gartner acknowledged that IT departments do not want to have to rip out their security products every year, it urged them to take a tough line on suppliers’ contracts.
Companies should stop simply accepting the standard contracts issued by security software companies and stipulate some terms of their own, said Mein.
The cost of security software is at least 50% determined by contracts and usage rights in licensing agreements, and specific terms can have a profound effect on total cost of ownership, Gartner’s research revealed.
The key to controlling spiralling security costs is in the detail of product and service contracts. Price caps on new versions of software and product updates should be key goals for companies, said Mein.
“The basic security software marketplace, including anti-virus software, is very mature, with market shares not moving very much,” said Mein. “As a result, we are getting a lot of calls at Gartner from companies wanting to know how to approach these increases.”
He said companies should agree to rises equivalent to the annual retail price index, plus 2%, or plus 5% at the most.
Views from the Gartner conference
John Girard, Gartner research vice-president
Companies considering large-scale roll-outs of wireless Lans may want to consider using an outside company to avoid being left behind on evolving standards, and to overcome technical difficulties when locating equipment.
John Pescatore, Gartner research fellow
The Trustworthy Computing initiative started by Microsoft 18 months ago in response to widespread attacks that use holes in Windows-based systems is making progress, but software quality from Microsoft needs to be improved, rather than the speed of patching.
Stella Rimington, Former MI5 chief
" In a world where the threats are increasingly unpredictable but where openness and freedom of information are expected, the successful management of information is vital for business as well as governments.”