A TechTarget survey of information security professionals in the financial-services sector suggests there may be...
a glimmer of hope on the horizon for security-solution providers, many of whom are hurting for business. But experts in the field report things may not be looking up just yet.
The May 2009 survey, which had more than 175 respondents, found that approximately 45% said they expect budgeted security projects previously put on hold to be approved within the next six months. While it may indicate a future increase in security spending in the financial industry, solution providers said they haven't yet seen the corresponding business increase.
"Projects are being put on an indefinite holding pattern," said Allen Zuk, president and CEO of Sierra Management Consulting LLC, an independent technology consulting firm in New Jersey. "I wouldn't say that things are starting to ramp up right now."
Zuk said customers will be hesitant to bring in somebody external, such as a consultant or integrator, if it means shelling out additional budget dollars. Despite the results of the survey, staffing may still be an area that will be negatively affected by the economy.
"It's not just financial," Zuk added. "It's probably going to be across the board." Despite this grim outlook, Zuk noted that he does expect an uptick in the security industry at large by the end of the year, as budgets tend to increase later in the year.
Approximately 56% of survey respondents believe the financial industry is through the worst part of the recession.
The Red Flag Rules compliance deadline of Aug. 1 for non-banking institutions (the deadline for financial institutions to comply was Nov. 2008) adds another level of complexity to securing financial institutions. The Red Flag Rules are a federal compliance effort put in place to reduce the threat of identity theft in institutions that deal with financial and personal information.
Zuk predicted the financial sector will give this compliance regulation some attention, but companies won't necessarily go out of their way to become compliant.
"[The Red Flag regulation] may have more teeth to it," he said, "but I don't see companies funneling money to this on a grand scale."
Pete Sclafani, founder and CIO at 6connect Inc., an Internet infrastructure service company in San Jose Calif., said companies will spend to become compliant with regulations like the Red Flag Rules, but only if it provides more general benefits to the company.
"Companies are saying 'Look, if I have to spend the money, I can't spend it haphazardly; I need to make sure I'm killing as many birds as I can with this one stone,'" Sclafani said.
He added that offering a comprehensive security solution that addresses more than just a singular compliance regulation is a much more efficient way of growing a business. "The goal is finding solutions that allow you to 'double dip,'" he continued. "For example, something as simple as endpoint encryption addresses ISO 27001 guidelines, NIST 800-53 and others."
So is there any hope at all for solution providers in the financial industry? Both Zuk and Sclafani said that acting as a trusted advisor to customers -- even in instances when it may not directly result in revenue -- will allow solution providers to reap massive benefits later when the economy improves.
"Companies are looking for more long-term relationships," Sclafani said, specifying that managed or outsourced services are a good way of getting in the door. He said offering customers managed services is a way of letting them maintain the overall integrity of their environment, while also bringing in some revenue for your own business.
Sclafani also distinguished between simply "slinging boxes" and being an actual business partner. "In this industry," he said, "especially financial, it's easy to lose friends, and it's easy to find them when you have money."
Another way of working with customers in tough times is to offer what Sclafani referred to as low hanging fruit. He noted data encryption as one example.
"Given all the data losses we've had," Sclafani said, "it's ridiculous that more companies don't encrypt their data. If [your customers] are shopping around looking at these solutions, it can be daunting." The sheer number of different technology choices is yet another reason why customers need a trusted partner.
Approximately 56% of survey respondents believe the financial industry is through the worst part of the recession. Zuk cautiously admitted that there could be some merit to this, although he noted that just because things have bottomed out doesn't mean they're improving yet. "I would say that's a pretty fair statement. But, I say that with caution."