What can you do to maintain security in a large enterprise when your cyber budget is shrinking?

Security & GRCSecurity Strategy & Roadmap
3.4k viewscircle icon17 Comments
Sort by:
VP, Information Security in Healthcare and Biotech3 years ago

Though a shrinking cybersecurity budget is thankfully not the current situation for my organization, if I were in that position, I would look to trim costs by using a risk-based approach.  We would try to focus more on training, awareness, and governance activitiies, and look to limit our spend on tools and systems that yield overlapping benefits.  

Chief Director of Technology in Media3 years ago

With the available budget, one can surely bring in some static and dynamic analysis tool and have that implemented with frequent runs to keep a check on the cyber issues/vulnerabilities with proactive steps and root cause analysis to have them investigated and fix over the period of time.

Director, Information Technology in Services (non-Government)3 years ago

Making sure all employees are well trained, keeping technology up to date, and enforcing good security practices overall can help maintain security in all enterprises.

Additionally, the following could be helpful:
1. Enabling multi-factor authentication (MFA)
2. Having good documentation and mapping of assets and data
3. Leveraging tools enterprises may already have available but haven't made full use of, due to lack of expertise, training, or time.

PMO – Engineering in Software3 years ago

Proactively building strategy around top security deployment and maintenance. Focus on cyber attack trend analysis. Align internal stakeholders priorities. Speed up ML/AI technology transformation. 

MSP & IT Director in Services (non-Government)3 years ago

Empower users with ongoing knowledge and training. 
Ensure proper network segregation , permissions and access are all in place.
Lock down as much as possible.

Content you might like

Are CISA's current recommendations for preventing Maui ransomware attacks sufficient?

Yes, if followed correctly.39%

Unsure38%

No, there is still a significant risk.19%

Other (please tell us in the comments)3%

View Results

What are your organization’s drivers for implementing RegTech?

Support future growth36%

Automate manual processes59%

Demonstrate compliance49%

Reduce risk exposure43%

Improve customer experience16%

Reduce costs13%

View Results

Which vendor solutions are being considered to "read, identify and redact information" in unstructured data sets? I'm specifically looking at solutions that can mask / redact or hide content within documents, that allow documents to be consumed but certain piece of information to be hidden.

We are considering a scanning solution for detecting Personal Information (PI) in our data assets, mainly AWS S3, DynamoDB, Salesforce, etc. We need the solution to detect PI, identify the type (e.g., infotype), and optionally map it to our own PI categories. We are currently considering BigID. Do you have experience with this tool or any other tools that can help us scan across different data platforms and technologies?

Read More Comments

We implemented Oracle HCM recently including Redwood.  Defining the long term plan for support, we face challenges with our Oracle Security knowledge depth specifically (defining and maintaining roles/ SOD/ SOX etc). Is there anyone who has experience in setting this up after a successful Oracle HCM plus Redwood implementation and would like to share best practices with me?

What can you do to maintain security in a large enterprise when your cyber budget is shrinking? | Gartner Peer Community