Osterman Research found that for every $115 a company spends per user on security-related software, $33 of the investment is “not working as well as it can” or is never used at all.
Osterman Research found that for every $115 a company spends per user on security-related software, $33 of the investment is “not working as well as it can” or is never used at all.

For every $115 a company spends per user on security-related software, $33 of the investment is “not working as well as it can” or is never used at all, according to a new study from Osterman Research and commissioned by Trustwave.

In its “Security on the Shelf” report, Osterman breaks down the idea of “shelfware,” or security software that is purchased but never deployed. The research group found that 35 percent of the survey respondents credited the lack of software usage to an IT team being “too busy to implement the software solution properly,” and 33 percent said IT “did not have enough resources to implement properly.”

“There's a theme of ‘we don't have the skills or resources,' and that's not a great answer,” said Josh Shaul, vice president of product management at Trustwave, in a Tuesday interview with SCMagazine.com. He went on to question why security and IT teams are not planning their software's uses and integration.

“Security is a process, not a product,” he said.

This lack of planning, Shaul said, could attribute to shelfware's existence, and furthermore, a lack of communication and understanding between IT and enterprise operations could be leading to unnecessary purchases.

“Operations doesn't really understand security, security doesn't really understand operations,” Shaul said. “That gap in understanding leaves a lot of projects unsuccessful. I would love to see the two combined…they'd have to do things together and come up with adequate solutions.”

The research also showed that smaller organizations spent more per user on security-related software, hardware, services and other technology than larger enterprises. Small organizations spent $156.52 per user while large enterprises, or those with more than 1,000 internet-enabled users, spent $72.55.

The higher per user cost, Shaul said, can be attributed to smaller organizations having to pay list price for software solutions.

The study compiled data from 172 online surveys with IT professionals from SMBs and enterprises. The mean number of employees in the surveyed organizations was 18,128.