Hardly a week goes by without yet another report of a security breach. So it's no surprise that enterprises and other organizations are stepping up spending on IT security.
A new IDG survey commissioned by Datalink Corp. (Nasdaq: DTLK), an IT provider, quantifies that increase. Seventy percent of the 100-plus IT executives and senior managers surveyed ranked data security as their number one IT budget priority, and 75% consider IT security more important today than two years ago.
As with many surveys, digging behind the numbers reveals additional insights. For example, 74% of respondents said they currently have security initiatives running, while another 21% are planning or building them. But remember that IDG only surveyed IT leaders. They're often unware of, or not responsible for, their organization's other security-related initiatives, such as those headed by the risk or compliance departments.
"There's probably a giant percentage of those organizations that have additional security-related projects that aren't tied to the IT security projects," says Jason Rader, Datalink's chief security strategist.
That's not necessarily a good thing, though, such as when the same organization buys more security products than it needs because multiple departments didn't bother to consult one another. But the survey identified opportunities not only to minimize that duplication, but also to achieve multiple business goals with a single security-related investment.
For example, respondents ranked improving customer experiences, managing costs and boosting operational efficiency as second, third and fourth among the factors they consider when choosing where to invest IT dollars. Some banks are replacing traditional authentication mechanisms such as PINs and passwords with voice biometrics, where the interactive voice response system (IVR) analyzes the caller's voice. So with voice biometrics, those organizations are tackling the top four priorities with a single purchase order: security that's nearly impossible to spoof, easier and faster authentication for customers and improved costs and efficiency because live agents aren't required as often, such as to reset passwords.
Respondents also said security is by far the most challenging technology initiative to deploy or maintain. That's noteworthy partly because it highlights a major reason why a lot of breaches occur: Security often isn't a consideration early on in IT initiatives. When it's considered late in a project -- or too late, as in after a hack has occurred -- it becomes more difficult and expensive to address.
"Typically IT people don't like to admit a challenge," Rader says. "Usually the challenge is related to budget or skill set. The majority of their challenge is they bought a lot of security things in a tactical fashion: the bolt-on approach, which you can do for only so long [before] you have to do a redesign."
The challenge also is related to culture: Many chief security officers are learning as they go after finding themselves in that role rather than choosing it as a career path.
"People who are in the information security office or security officer position didn't go to college to be information security officers," Rader says. "The vast majority are business guys, managers, heads of manufacturing or maybe they came up the IT ramp."
— Tim Kridel, Freelance Contributor, special to The New IP
Click on the infographic below from Datalink for more insight from the IDG study: