Each government agency must allocate funds from their IT budget every year. Part of these budget requests and allocations are the dollars earmarked for cybersecurity. While investment in cybersecurity is generally increasing from where it historically was, it still is a far cry from where it needs to be for most agencies. The reality for many agencies is that their leaders must make tough decisions in prioritizing where the limited funds should go. In some cases, that can leave cybersecurity capabilities with insufficient funds to meet future goals and objectives.
Chief Information Security Officers (CISOs) may find themselves in a difficult position when their budget is cut or they do not receive the funds requested for the fiscal years ahead. When that happens, it takes a hard look in the mirror to effectively assess the status quo.
The following questions can be a guide to determine how to use the limited budget strategically:
- How can the funds best be aligned with agency goals and objectives?
- Where are the greatest pain points and areas of need?
- How can we prioritize what is important?
- What actions produce the best return on investment?
- What can be deferred to a later date?
Of course, there are many other factors at play, but it is important to recognize that more spending and more tools do not necessarily equal better security. Investments in technology products should be strategic and complementary to one another. Many agencies have multiple security tools that perform the same function. However, these tools require two different support teams to maintain.
Consolidating security tool footprint may be a wash in terms of licensing, but significant savings will be found through more efficient operations. Additionally, there is less support staff and training required when there are fewer technology products to maintain. It simplifies the agency technology roadmaps, IT lifecycle management and digital transformation efforts.
While security tool consolidation is one approach to streamline operations and save money, there are other methods to maximize a limited budget. Each CISO, in conjunction with their Chief Information Officer (CIO), should evaluate the best options for their respective agency. They should continually plan ahead to be agile in managing their infrastructure and the support staff needed to keep agency data and people protection.
Jason Yakencheck is part of the GovLoop Featured Contributor program, where we feature articles by government voices from all across the country (and world!). You can follow him on Twitter. To see more Featured Contributor posts, click here.