BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
With IT budgets potentially lower in 2010 than in 2009 at many shops, senior managers have a short list of projects that will get funding this year. One thing many will not be skimping on: the information security budget.
We asked 958 respondents to our annual IT Priorities Survey about 38 high-profile projects or technologies. Of the 10 technologies that will be most deployed, three were security-oriented, and a fourth was compliance, which has a substantial security component. At the enterprise level (companies with more than 1,000 employees), there were four security projects in the top 10, plus compliance. More than 80% of respondents are implementing some kind of security project in 2010.
The four information security initiatives highlighted by our enterprise-level respondents are data protection (42%), network-based security (42%), application security (27%) and identity and access management (26%). The first two rank almost as high as server virtualization and disaster recovery/business continuity; in other words, these technologies are being broadly implemented across many kinds of companies at many stages of IT development. Even many companies whose overall budgets are flat or down are investing in these areas.
In fact, when asked which IT budget is most affected by the economy, respondents tabbed security as the least likely to be affected (17%), compared with the most affected areas, staff (30%) and hardware (23%). In the enterprise, networking edged out security as least likely (14% vs. 19%), a testimony both to the centrality of networking to large, dispersed companies and the need for rebuilding networks with gear that implements network-based security. Perhaps the biggest indicator of just how high on the radar screen security has become is that, among companies that are in fact cutting their overall IT spending, only 9% say their information security budget is the most affected part.
Data privacy laws, PCI, compliance, high-profile data thefts and the centrality of computer processing of company data -- all these have made security no longer an afterthought in IT. IT managers who ignore security do so at their own peril and are clearly bucking a trend.
Source: TechTarget's IT Priorities Survey
Let us know what you think about the story; email Mark Schlack, Vice President, Editorial.