The problem is that if this economic downturn is as bad as some project, we're in for a rough ride in IT. This hit me especially after reading Nouriel Roubini's op-ed piece in Forbes entitled The Worst is Not Behind Us. The piece offers one of the most concise explanations of the litany reason why we are economically hosed. One of the memorable lines is:

even if we avoid a meltdown, we will experience a severe U.S., advanced economy and, most likely, global recession, the worst in decades; that we are in the middle of a severe global financial and banking crisis, the worst since the Great Depression

Ok, so what's this have to do with security? Think of the pictures of former Lehman employees leaving their offices after the company tanked. How many were IT professionals? I have no idea but I'm sure plenty of system admins, network managers, and application administrators are going to be getting pink slips in the next several months. The staff who are left are going to have to cover those employee's responsibilities as well as their own and, since people get laid-off and servers don't, they'll be plenty of work to go around.

At times like this the IT professionals go into triage mode. Keep production systems running. Put out fires, and put off new projects. The problem is that (I suspect) cybercrime, hacking and other malicious activity does not follow the same downward cycle as the rest of the economy. Same level of threat, fewer eye balls watching out.

This is the time that investment in data loss prevention applications (DLP) and security information management (SIM) appliances is looking like a brilliant idea. Automated DLP solutions will keep scanning outgoing content and laptop encryption will keep protect data even if no one is watching. SIM systems will keep collecting log data, correlating events and sending out alarms to who ever is left to put our fires. It's not a pretty picture and if financial soothsayers like Roubini are right it's only going to get worse.