Businesses are managing more data than ever—and spending more money, year after year, to protect that data. Yet spending more money on security doesn’t equate to actually being secure. A significant amount of software is purchased and never property implemented – leading to a problem called “shelfware”.
To put into context how prevalent the “shelfware” problem has become, Gartner predicts by 2022, the global information security spending will exceed USD 170 billion. Additional research shows that nearly 30% of all security investments are underutilized or never implemented. That’s over $51 billion. Most of that spend is driven by financial institutions and Fortune 500 companies.
In contrast, cybersecurity damage is expected to exceed $6 trillion by 2022. The COVID pandemic is also putting a strain on everyone’s budgets. CEOs, CIOs, and CISOs are looking at cutting costs where possible, so we’re forced to do more with less. We don’t have the luxury to let cybersecurity software sit around. Evaluating software usage and maximizing its effectiveness can be a strategic method of cost-cutting. A properly implemented solution will address your business requirements and free up your resources to focus on higher priority tasks.
No one wants their company to be the next mega-breach headline. Cybersecurity is just as important in the board room as the bottom line. The problem is important enough to where non-technology business leaders are putting more emphasis on security. Budgets are being allocated and money is being spent on protections, but a large part of that security investment is sitting around doing nothing—it’s unimplemented shelfware.
As you’re reading this, you’re probably looking over at your whiteboard thinking “Yeah, we still have to implement that”. Trust me, you’re not alone.
So why are security solutions sitting around collecting dust?
The main reasons – IT departments are just too busy to properly implement what was purchased. Revenue generating tasks and keeping the engine running take precedence over something that may happen. This is followed closely by not having enough staff available and not understanding the purchased software well enough. According to the same report, the year 2014 finished with 49% of security positions left unfilled.
Interestingly enough, the least serious reason contributing to not getting security properly implemented was the IT staff not understanding the security problems they faced. On the contrary, IT understands the security problems and threats to the organization very well, they just lack the resources to implement the right solutions.
So how do you solve the problem?
Purchasing a vendor’s onboarding service will ensure security technologies are properly installed, monitored, and maintained throughout their lifecycle. 79% of IT professionals believe leveraging managed services reduces or even eliminates the possibility that security goes unused in their organization.
XYPRO’s Professional Services Team is regularly brought in by Fortune 1000 companies to perform security assessments of HPE NonStop server environments. As your trusted security partner, we will ensure your business objectives are thoroughly understood before a solution is implemented. Whether those needs are auditing, compliance, monitoring, training, or help with your overall security initiative, XYPRO’s Services Team can be an invaluable partner to protect your business and the investment you’ve made in security.
Steve Tcherchian, CISSP, PCI-ISA, PCIP is the Chief Product Officer and Chief Information Security Officer for XYPRO Technology. Steve is on Forbes Technology Council, the NonStop Under 40 executive board, and part of the ANSI X9 Security Standards Committee.
With over 20 years in the cybersecurity field, Steve is responsible for the strategy and innovation of XYPRO’s security product line as well as overseeing XYPRO’s risk, compliance, and security to ensure the best experience for customers in the Mission-Critical computing marketplace.
Steve is an engaging and dynamic speaker who regularly presents on cybersecurity topics at conferences around the world.