IT Security Spending Up For Some
Though a new Forrester survey suggests more security spending in 2009 despite the economic downturn, some security professionals see a different story in their own companies. Here's a look at how they're managing
By Bill Brenner , Senior Editor
January 07, 2009 — CSO —
The Cambridge, Mass.-based research firm interviewed nearly 1,000 firms for its State Of Enterprise IT Security: 2008-2009 report and found, among other things, that the security portion of IT budgets is expected to rise 12.6 percent in 2009, up from 7.2 percent in 2007 and 11.7 percent in 2008.
"Even during challenging economic conditions, IT security remains an integral part of business operations as firms look to maintain their current environment as well as plans for the implementation of new initiatives," wrote Forrester analyst Jonathan Penn, the report's chief author. In a follow-up interview, he told CSOonline that companies still aren't looking at security as a business enabler. But they now understand that it's at least better to take steps to prevent attacks than to do nothing.
"Security is getting a bigger slice of the IT pie, with the focus less on reactive vulnerability defenses and more on looking at what's necessary to protect the business," Penn said. "More often than not, the focus is on protecting the data itself."
Spending not up for all
CSOonline conducted its own poll on the subject and found, not surprisingly, security professionals who see a different picture in their own environments.
A security officer who manages IT security operations for a county government on the east coast said he has faced tough budget choices.
"As with all other state/local governments, we are directly impacted by the housing decline, unemployment and a decrease in state funding," said the security officer, who asked to remain anonymous because he isn't authorized to speak to the press. "Because of this, revenue decreases for next fiscal year (beginning in July) are estimated at between 10-25 percent."
His choice was either to cut staff from an already lean team or decrease operating expenses. He decided to reduce existing spending, largely on the technology front.
Zach Lanier, senior network security analyst at Harvard Business School, said overall, security spending at his organization will be down, mainly because it has completed initiatives that started and closed in 2008. Costs for those projects in 2009 will be mostly operational expenditures, he said.
"We're not immune to the economy's poor performance. While Harvard Business School has traditionally been a big spender, the current conditions have caused us to think twice just in case," he added. "I would be inclined to add that it's also caused my organization to think twice about different ways of tackling problems."