CSO Online from IDG refers to InfoSec Shelfware as “the elephant in the room for many chief information security officers (CISOs)” Here is the article in it’s entirety:
How to stop wasting money on security shelfware
Osterman Research and Trustwave report that “organizations waste money on underutilized security software because IT often doesn’t have enough time or resources to use it”. Here is the article from TechTarget in it’s entirety:
Wasted spending on security shelfware affects small businesses more
“Malware evolves daily, and too many companies think throwing money at the problem is a failsafe way to mitigate risk.” – says Brian Wrozek in this article from informationsecuritybuzz.com;
Three Steps To Reduce Technology Sprawl And Optimize Cyber Defenses
“if everyone is talking about that brand new thing and many of your peers are buying that brand new thing then you must be missing something if you don’t buy the brand new thing“.Read more on expel:
How to avoid shelfware
“Software that was purchased to help solve a specific security challenge that has since become shelfware or is otherwise “under-implemented”“. Read more in this article on IANS:
Infosec Pros Know Everything We Need to Know, But that’s Not Enough
CyberSecurity Portfolio Management
This slideshow from FireCompass, lists the likelihood of these 12 technologies becoming InfoSec Shelfware:
- SIEM (Most Likely)
- IDS
- WAF
- GRC
- IPS
- IDAM/SSO
- Forensics
- Vulnerability Management
- FIM
- AV
- Web Filtering
- User Awareness
Why infosec projects bomb
– an article on ITWeb. “According to Du Plessis, information security projects end up as ‘shelfware’ because”:
- They don’t meet business expectations;
- They aren’t operationally effective;
- They fail to effectively mitigate risks;
- There is user, business and IT adoption failure;
- The project did not develop and embed processes and procedures;
- There was too much focus on the technological aspects and not enough on ‘soft’ issues;
- There was a lack of appreciation of the required resources, skills and capacity;
- There was a lack of communication; and
- The project had over-ambitious goals and lacked a long-term approach.

2020 InfoSec is dedicated to helping our clients save money through reduced spending on Under-Utilized, Non-Applicable or Overlapping Technologies
Our InfoSec Utilization Audit is developed specifically to identify the level of benefit technologies offer in YOUR unique environment.