CSO Online from IDG refers to InfoSec Shelfware as “the elephant in the room for many chief information security officers (CISOs)” Here is the article in it’s entirety:

How to stop wasting money on security shelfware

Osterman Research and Trustwave report that “organizations waste money on underutilized security software because IT often doesn’t have enough time or resources to use it”. Here is the article from TechTarget in it’s entirety:

Wasted spending on security shelfware affects small businesses more

Malware evolves daily, and too many companies think throwing money at the problem is a failsafe way to mitigate risk.” – says Brian Wrozek in this article from informationsecuritybuzz.com;

Three Steps To Reduce Technology Sprawl And Optimize Cyber Defenses

if everyone is talking about that brand new thing and many of your peers are buying that brand new thing then you must be missing something if you don’t buy the brand new thing“.

Read more on expel:

How to avoid shelfware

Software that was purchased to help solve a specific security challenge that has since become shelfware or is otherwise “under-implemented”“. Read more in this article on IANS:

Infosec Pros Know Everything We Need to Know, But that’s Not Enough

CyberSecurity Portfolio Management

This slideshow from FireCompass, lists the likelihood of these 12 technologies becoming InfoSec Shelfware:

  1. SIEM  (Most Likely)
  2. IDS
  3. WAF
  4. GRC
  5. IPS
  7. Forensics
  8. Vulnerability Management
  9. FIM
  10. AV
  11. Web Filtering
  12. User Awareness

Why infosec projects bomb

– an article on ITWeb. “According to Du Plessis, information security projects end up as ‘shelfware’ because”:

  • They don’t meet  expectations;
  • They aren’t operationally effective;
  • They fail to effectively mitigate risks;
  • There is user, business and IT adoption failure;
  • The project did not develop and embed processes and procedures;
  • There was too much focus on the technological aspects and not enough on ‘soft’ issues;
  • There was a lack of appreciation of the required resources, skills and capacity;
  • There was a lack of ; and
  • The project had over-ambitious goals and lacked a long-term approach.


InfoSec Redundancy Audit
InfoSec Utilization Audit

2020 InfoSec is dedicated to helping our clients save money through reduced spending on Under-Utilized, Non-Applicable or Overlapping Technologies

Our InfoSec Utilization Audit is developed specifically to identify the level of benefit technologies offer in YOUR unique environment.