Each year organizations around the world spend upwards of millions of dollars on security solutions, and rightly so. According to a study by McAfee and the Center for Strategic and International Studies, the cost that cybercrime and cyberespionage has on the global economy is more than $400 billion.
But, as enterprises attempt to make wise purchasing decisions within what is commonly referred to as a segmented market, many times the goal they envisioned never comes to fruition. This leads to what industry professionals refer to as shelfware, security solutions that are neither deployed nor used.
Now, how could a solution that can cost up to $60,000 possibly collect dust? At the end of the day, it's due to resources. Based on a recent study conducted by Osterman Research (and commissioned by Trustwave), 33 percent of respondents said their IT department lacked the resources to properly deploy the technology, while 35 percent indicated they were “too busy” to implement the solution. These findings shine a bad light on IT security as a whole, especially since there really is no net benefit when it comes to security.
of respondents said their
Source: Osterman Research
As simple as it sounds, Josh Shaul, vice president of product management at Trustwave, believes that communicating properly with upstream management is crucial to grappling with this issue. “It seems like many security teams buy solutions to show upstream management that they are doing stuff to improve security,” says Shaul. “Some teams will go so far as to buy solutions with no plan for how they'll be implemented, just to create an impression of progress.”
Larry Ponemon, founder and chairman of the Ponemon Institute, agrees with the concept of clear collaboration within the enterprise, especially when IT security teams are used to operating in “isolation,” which ultimately could increase the possibility of shelfware.
However, while organizations need to make sound decisions on purchasing new solutions based on their resources, Ponemon suggests that vendors could also help address the shelfware issue by being as transparent as possible concerning the technology these companies buy into.
“A lot of vendors have good products and solutions, but they might oversell the concept that it's scalable or that the technology has high interoperability,” Ponemon says. “When you put it all together, a lot of those assertions aren't necessarily true.