It all started with a budget review. Our budget had seemed to be in pretty good shape. Last October through December, we proposed, defended, cut and rescued various IT initiatives through a fairly normal budget planning process. The result was a final IT budget for 2011 that we had been able to stick with. Until now, that is. Now, our executives have asked us to make some cuts.

That can't be good.

So the entire IT management went back over the budget last month, looking for any unnecessary spending. We also took a good, hard look at our purchase orders and invoices, to find any automatic or unnoticed expenses that we don't need. Through this process, we managed to save quite a bit of money. But we also had to cancel any new projects and planned purchases for the rest of the year that weren't absolutely necessary to run the business (or to keep the lights on, as they say) in order to make the target reduction our execs are looking for. And we still fell short.

Starting to get a bad feeling about this?

We went back over the budget again this month, looking for additional places to save money. There really wasn't much we could do other than to cancel virtually all new projects and any in-flight projects that we haven't spent the money on yet. This includes my data protection, vulnerability management and network access control projects, which were in my road map for the second half of the year. And those are really important for protecting the company's information assets. Well, maybe I'll get to do them next year. But for now, the advance of my security program has ground to a halt, at least on the technology side.