News Stay informed about the latest enterprise technology news and product updates.

Security of customer data, IP sustains security budgets

Protecting customer data, corporate intellectual property and other sensitive internal data, remains a priority in many corporate board rooms, a Forrester Research survey finds.

BOSTON -- Data breaches and compliance initiatives are buoying most IT security budgets, as upper level company executives are approving projects to lock down customer data and protect intellectual property.

The security organization needs to look for an influential executive able to make the case.
Khalid Kark
principal analystForrester Research Inc.

That was the finding of an annual survey of more than 1,200 IT security decision makers at North American companies conducted by Forrester Research Inc. The amount of IT budget devoted to security has risen to 10% in 2008, an increase of 2% over last year's budget.

"Security managers are doing a better job of making their case within the organization and they're starting to see results," Khalid Kark, principal analyst at Forrester Research said in a keynote Thursday at Forrester's Security Forum 2008, where he presented the survey data.

Some industries, such as airline and auto manufacturers are trimming budgets, but overall most IT security budgets are weathering the economic downturn, Kark said. Companies have the right priorities when it comes to security. Fifty-nine percent of those surveyed said their main objective is to protect customer data, followed by protecting corporate intellectual property and sensitive internal data (54%).

A Q&A with Forrester's Khalid Kark:
Security spending continues despite shaky economy, Forrester finds Budget tightening is causing companies to invest in larger suite vendors rather than software or appliances designed to solve a specific problem.

There is also evidence that the security organization is gaining a much clearer connection to upper-level company executives. About 50% of CISOs report to a board, CEO or executive committee, Kark said. CISOs have also been gaining responsibility over the last decade, becoming more like chief information risk officers, he said.

"This is very different from even a couple of years ago when many of us were deeply embedded within IT," he said.

One of the toughest problems for security organizations is finding qualified people to run security programs, Kark said. IT security organizations that have people who understand both the business and technology side are faring better in the economic downturn.

Metrics are also an issue, he said. Many IT security pros are struggling to measure security improvements.

"There's a constant struggle with it because many people don't know how to translate metrics into business language," Kark said. "The security organization needs to look for an influential executive able to make the case."

To save money, some companies are choosing to outsource some security functions to service providers. Companies are also spending less on security products designed to solve only one problem, Kark said. Instead they are turning to security vendors that can solve an immediate pain point and then expand into broader areas, he said.

Dig Deeper on Security industry market trends, predictions and forecasts

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.