A Web poll conducted by the Computer Technology Industry Association (CompTIA) provides interesting data on likely IT expenditures this year and, perhaps more importantly, on how IT professionals are thinking about security itself.
Generally, Web polls are taken with a grain of salt because those running them can't control who participates. While not as valuable as more rigorous surveys, they provide valuable input when compared to similar surveys conducted in the past.
This year, 24.3 percent of the 1,100 people who took the poll said security will have the greatest impact this year. Last year, security finished second behind convergence.
It is important to note that security is a horizontal discipline. Most of the top 10 finishers are specific (vertical) applications, such as wireless and VoIP and related convergence applications. This suggests security may even be more important to these folks, since it undoubtedly will be an element of each of these discrete applications as they roll out. Participants likely are not thinking in those terms as they take the survey.
The findings track with research from Forrester, reported on in this IT Week story. The firm found that 55 percent of IT security directors plan to increase budgets during the next year. One reason cited for the increase is the evolution of security from a reactive discipline to one in which risk is actively managed. To do this requires "baking" security into various disciplines, which is more costly than slapping on a layer or two of self-contained perimeter defenses.
The idea that spending is on the way up comes after suggestions during the middle of last year that expenditures would be flat to negative. Higher spending -- in line with the CompTIA and Forrester results -- were foreseen toward the end of the year.
Increased spending also may be seen at the federal level. This Federal Computer Week story says that a bipartisan group in the House of Representatives has introduced the Cyber-Security Enhancement Act of 2007. If it becomes law, $10 million would be added to the budgets of various governmental agencies each year until at least 2011.
Of course, total spending is only one indicator -- and a mediocre one at that -- of how IT departments are thinking about security. The notion that security has become the enterprise tool that came in from its cold and lonely vigil on the network's periphery to a central role within systems and applications is far more important than precisely how much money is being spent.