Security Spending Heating Up

Carl Weinschenk

A Web poll conducted by the Computer Technology Industry Association (CompTIA) provides interesting data on likely IT expenditures this year and, perhaps more importantly, on how IT professionals are thinking about security itself.

 

Generally, Web polls are taken with a grain of salt because those running them can't control who participates. While not as valuable as more rigorous surveys, they provide valuable input when compared to similar surveys conducted in the past.

 

This year, 24.3 percent of the 1,100 people who took the poll said security will have the greatest impact this year. Last year, security finished second behind convergence.

 

It is important to note that security is a horizontal discipline. Most of the top 10 finishers are specific (vertical) applications, such as wireless and VoIP and related convergence applications. This suggests security may even be more important to these folks, since it undoubtedly will be an element of each of these discrete applications as they roll out. Participants likely are not thinking in those terms as they take the survey.

 

The findings track with research from Forrester, reported on in this IT Week story. The firm found that 55 percent of IT security directors plan to increase budgets during the next year. One reason cited for the increase is the evolution of security from a reactive discipline to one in which risk is actively managed. To do this requires "baking" security into various disciplines, which is more costly than slapping on a layer or two of self-contained perimeter defenses.


 

The idea that spending is on the way up comes after suggestions during the middle of last year that expenditures would be flat to negative. Higher spending -- in line with the CompTIA and Forrester results -- were foreseen toward the end of the year.

 

Increased spending also may be seen at the federal level. This Federal Computer Week story says that a bipartisan group in the House of Representatives has introduced the Cyber-Security Enhancement Act of 2007. If it becomes law, $10 million would be added to the budgets of various governmental agencies each year until at least 2011.

 

Of course, total spending is only one indicator -- and a mediocre one at that -- of how IT departments are thinking about security. The notion that security has become the enterprise tool that came in from its cold and lonely vigil on the network's periphery to a central role within systems and applications is far more important than precisely how much money is being spent.



Add Comment      Leave a comment on this blog post
May 23, 2007 3:10 AM Adam Stein Adam Stein  says:
Carl does a good job pointing out Security Spending increases (as noted by CompTIA/Forrester et al) but the real issue is security within every networked software or hardware application. Security is no longer a product, it's a process. Instead of the proverbial lock on the front door and "welcome" sign on the side window, both product vendors and service provider users are starting to proactively test/measure/verify during purchase/upgrade/patch. This process will help ensure robust, resiliant and ultimately secure products and real-time service offerings. Too much $$$ is at stake if services go down, security breaches occur or if users dump their existing vendor suppliers. Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.