The Gartner Security and Risk Management summit has just come to a close and while it covered ground in many areas, two particular topics caught our attention: social media and spending. Gartner is not the only company concerned with social media, Deloitte has been looking at it and the problems of e - Discovery too.

Gartner Examines Security And Spending

The Gartner Security and Risk Management summit is finishing today. Unsurprisingly, there were a few interesting matters that came up in relation to GRC that companies might consider.

For example, Gartner (news, site) Managing Vice President Vic Wheatman made one of the key-note contributions in which he urged IT managers to take a “shrewder” look at their security spending and instead of cutting back, which many have been forced to do for economic considerations, look at what they are spending budgets on.

Companies, he said, cannot afford to ignore security and urged them to use free or low-cost systems to protect their data systems rather than ignore them.

The goal here is to do more with less. There's almost no correlation between how much is being spent and how secure the organization is,” he said.

In a recent survey of CIOs at SMBs and larger enterprises, Gartner found that businesses are planning to spend an average of 5 percent of their IT budgets on security this year, down one per cent since 2009.

Gartner Addresses Social Media

Another area of GRC interest that also came up was the fraught area of social media and its use in the enterprise.

According to Andrew Walls, research director, Gartner, who was also speaking at the Gartner security conference, trying to ban Facebook, or services like LinkedIn and Twitter is pointless.

He said enterprises biggest fear is that accessing social medial will result in uncontrolled malware outbreaks, phishing, breaches of confidentiality and trade secrets.

However, he pointed out that this activity happens in the cloud and is not, for the large part, in the enterprise infrastructure and those privacy settings make monitoring almost impossible.

The best thing for enterprises to do, he said, was to develop a governance policy that defines what and why an enterprise wants to control and while it can be enforced by IT security teams, it will only be a successful policy if everyone is on board.

E-Discovery And Social Media

If you missed it earlier this week, new research by financial giant Deloitte shows that almost two thirds of companies are concerned about the use of social media in their company and its implications for e-Discovery.

The research, which was carried out for the Deloitte Forensic Centre by the Economist Intelligence Unit, shows that of the 337 e-Discovery professionals surveyed, 25% said that their company is not ready for e-Discovery requests based around business-related use of social media, while a further 36% said they were only “ somewhat prepared”.

Both sides appear to be blaming the other for the lack of communication with only 23% of legal departments suggesting their IT departments understand e-Discovery needs, and 23% of IT departments saying that their legal departments understand IT limitations in this respect.