Security of customer data, IP sustains security budgets

Article

Security of customer data, IP sustains security budgets

Robert Westervelt, News Editor

BOSTON -- Data breaches and compliance initiatives are buoying most IT security budgets, as upper level company executives are approving projects to lock down customer data and protect intellectual property.

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

The security organization needs to look for an influential executive able to make the case.
Khalid Kark
principal analystForrester Research Inc.

That was the finding of an annual survey of more than 1,200 IT security decision makers at North American companies conducted by Forrester Research Inc. The amount of IT budget devoted to security has risen to 10% in 2008, an increase of 2% over last year's budget.

"Security managers are doing a better job of making their case within the organization and they're starting to see results," Khalid Kark, principal analyst at Forrester Research said in a keynote Thursday at Forrester's Security Forum 2008, where he presented the survey data.

Some industries, such as airline and auto manufacturers are trimming budgets, but overall most IT security budgets are weathering the economic downturn, Kark said. Companies have the right priorities when it comes to security. Fifty-nine percent of those surveyed said their main objective is to protect customer data, followed by protecting corporate intellectual property and sensitive internal data (54%).

A Q&A with Forrester's Khalid Kark:
Security spending continues despite shaky economy, Forrester finds Budget tightening is causing companies to invest in larger suite vendors rather than software or appliances designed to solve a specific problem.

There is also evidence that the security organization is gaining a much clearer connection to upper-level company executives. About 50% of CISOs report to a board, CEO or executive committee, Kark said. CISOs have also been gaining responsibility over the last decade, becoming more like chief information risk officers, he said.

"This is very different from even a couple of years ago when many of us were deeply embedded within IT," he said.

One of the toughest problems for security organizations is finding qualified people to run security programs, Kark said. IT security organizations that have people who understand both the business and technology side are faring better in the economic downturn.

Metrics are also an issue, he said. Many IT security pros are struggling to measure security improvements.

"There's a constant struggle with it because many people don't know how to translate metrics into business language," Kark said. "The security organization needs to look for an influential executive able to make the case."

To save money, some companies are choosing to outsource some security functions to service providers. Companies are also spending less on security products designed to solve only one problem, Kark said. Instead they are turning to security vendors that can solve an immediate pain point and then expand into broader areas, he said.