The Gartner Security and Risk Management summit has just come to a close and while it covered ground in many areas, two particular topics caught our attention: social media and spending. Gartner is not the only company concerned with social media, Deloitte has been looking at it and the problems of e - Discovery too.

Gartner Examines Security And Spending

The Gartner Security and Risk Management summit is finishing today. Unsurprisingly, there were a few interesting matters that came up in relation to GRC that companies might consider.

For example, Gartner (news, site) Managing Vice President Vic Wheatman made one of the key-note contributions in which he urged IT managers to take a “shrewder” look at their security spending and instead of cutting back, which many have been forced to do for economic considerations, look at what they are spending budgets on.

Companies, he said, cannot afford to ignore security and urged them to use free or low-cost systems to protect their data systems rather than ignore them.

The goal here is to do more with less. There's almost no correlation between how much is being spent and how secure the organization is,” he said.

In a recent survey of CIOs at SMBs and larger enterprises, Gartner found that businesses are planning to spend an average of 5 percent of their IT budgets on security this year, down one per cent since 2009.

Gartner Addresses Social Media

Another area of GRC interest that also came up was the fraught area of social media and its use in the enterprise.

According to Andrew Walls, research director, Gartner, who was also speaking at the Gartner security conference, trying to ban Facebook, or services like LinkedIn and Twitter is pointless.

He said enterprises biggest fear is that accessing social medial will result in uncontrolled malware outbreaks, phishing, breaches of confidentiality and trade secrets.

However, he pointed out that this activity happens in the cloud and is not, for the large part, in the enterprise infrastructure and those privacy settings make monitoring almost impossible.

The best thing for enterprises to do, he said, was to develop a governance policy that defines what and why an enterprise wants to control and while it can be enforced by IT security teams, it will only be a successful policy if everyone is on board.

E-Discovery And Social Media

If you missed it earlier this week, new research by financial giant Deloitte shows that almost two thirds of companies are concerned about the use of social media in their company and its implications for e-Discovery.

The research, which was carried out for the Deloitte Forensic Centre by the Economist Intelligence Unit, shows that of the 337 e-Discovery professionals surveyed, 25% said that their company is not ready for e-Discovery requests based around business-related use of social media, while a further 36% said they were only “ somewhat prepared”.

Both sides appear to be blaming the other for the lack of communication with only 23% of legal departments suggesting their IT departments understand e-Discovery needs, and 23% of IT departments saying that their legal departments understand IT limitations in this respect.

This is further complicated by the fact that the vast majority of companies would not be able to comply with e-Discovery requests for information stored on third party platforms.

IBM Launches Financial Framework

And while Gartner and Deloitte have been picking their way through the social media minefield, IBM (news, site) has been looking at compliance in the financial markets and has just released a new platform that will help financial companies manage the data related to capital markets and stay within regulatory boundaries.

IBM has unveiled a new technology platform designed to transform the way that financial services firms manage the ever increasing amount of data and transaction volumes generated by capital markets around the world.

The new Financial Markets Framework is an open standards based technology platform that combines IBM's industry technologies with advanced information management, analytics and process integration software.

IBM has spent a lot of time recently in developing software for specific verticals and with this Framework it is targeting a sector that annually spends US$ 14 billion on software, a good part of it to ensure regulatory compliance and risk management.

Kalido Manages Data Governance

Speaking of data governance, Kalido has just announced the launch of Data Governance Director which will increase the success of data governance programs by enabling companies to manage data policies, operationalize data governance processes, and measure and monitor compliance across the enterprise.

Data Governance Director will be generally available in Q4 for US $275,000. A free community edition will also be available in Q3 2010 and will include unified business modeling, data governance scope definition and policy creation, and industry standard integration of process, data and organizational models.

It has also set up an advisory board to see if its software is addressing current enterprise needs. Consisting of over 10 multinational corporations, the Board will provide feedback and input on product direction and features.