IT administrators have battled worms, employee mischief and regulatory soup for so long they apparently haven't realized just how much spyware has gotten under their skin.
That's what Cambridge, Mass.-based Forrester Research found when it surveyed roughly 200 IT decision-makers from a variety of companies on the tools they're buying and the threats they're most concerned about.
"What's interesting is that respondents ranked spyware fourth -- behind viruses and worms, employees acting in unauthorized ways and failure to comply with regulations -- when asked to list the top threats to their organizations," said David Friedlander, a senior analyst at Forrester who authored the studies. "Yet 80% said they have antispyware."
Of those whose antispyware tools are either nonexistent or outdated, 65% said they plan to invest in first-time purchases or upgrades this year, he said.
"Viruses and worms are considered the No. 1 threat, and there has been a lot of investment in antivirus and firewalls," Friedlander said. "But spyware is the unknown element. It's viewed as something potentially serious but there isn't as much understanding."
Of those asked, 39% said they don't know the percentage of their spyware-infected systems. More than half couldn't say how many Help Desk calls have been related to spyware.
But one thing is clear, Friedlander said: "SMBs (small and medium-size businesses) and enterprises see spyware as something that must be addressed."
On other fronts, Forrester found:
Desktop encryption isn't much of a priority right now.
Though potential employee misbehavior was ranked as the second biggest worry, only 29% of respondents said they've deployed encryption tools to at least some desktops and laptops. And while recent data thefts highlight the need for encryption, 38% said they have no plans to implement the technology. An additional 23% said they do plan to deploy encryption technology in 2005.
Ned Lindberg, a systems engineer for Dallas, Wis.-based CTC Network Technology Center, agreed desktop encryption needs more attention.
"I see myself pushing encryption for laptops and some desktops in the near term," he said. "I think most of us supporting clients are really just getting into the mindset that we need to sell these ideas. Those of us in the field haven't been as good at pushing this issue as we might have. I've suggested [desktop encryption] at times, but people don't seem to get excited about it."
Companies aren't focused enough on personal firewalls.
While viruses and worms were ranked as the biggest threat, companies are investing in the wrong tools, Friedlander said. Less than half are investing in firewalls in 2005.
Despite the fact that desktops are vulnerable to network worms, Trojans and other threats, 21% of firms believe desktop firewalls are for laptops only. Sixty-three percent said they have them installed somewhere in the organization.
Best-of-breed products are more popular than all-in-one suites.
By a nearly three-to-one margin, respondents said they'd rather invest in best-of-breed tools than the all-in-one security suites. Sixty-five percent said they purchase these tools based on specific functionality.
"Despite consolidation in the client security market, firms like to pick and choose the components of their IT architecture rather than rely on one vendor to watch over all of their endpoint clients," Friedlander said. "That most of the product suites aren't yet fully integrated also drives buyers toward a best-of-breed approach."
The real challenge is for companies to tie all their tools and user policies together in a way that makes sense, he said, adding, "Vendors that can help them do that will have the competitive edge."
Lindberg isn't surprised IT shops are taking the best-of-breed approach. He has seen a similar trend among his firm's clients.
"Many are taking action on their own and are actually doing a fairly good job of it," he said. "Small businesses with a longer track record of using computers and the Internet seem to be better informed. There's a savvy bunch of users out there that are determined to do what's best. They seem to have an understanding of what's good and what's not. I'm often surprised at the good choices they're making. They're often finding the combination of products I'd have recommended without my help."
Though respondents told Forrester they prefer best-of-breed products, Lindberg said he still sees suites being acquired "at a pretty good rate."
"I think people want to believe they can buy a single solution for everything they need," he said. "People supporting themselves tend toward suites. [But] SMBs I care for tend to have a combination of best of breed solutions."