Just as the complexity of IT systems and infrastructures has increased over the past decade, the sophistication of security threats has also increased. Security continues to occupy the minds and budgets of IT decision makers in Ireland, according to the findings of IDC’s latest annual survey of Irish organisations. In fact, the research in this study shows that, while IT spend overall is rising modestly, security spend is still at the top of the agenda for many with 36 per cent of organisations saying that they intend to implement security solutions within the next 12 months.
So, nothing new there then?
What is new is the type of security technology that is attracting the IT budget. It is clear that the majority of Irish organisations have already implemented the more established security software solutions such as secure content management, firewalls and VPNs. However, there is a good deal of interest being shown in the less “traditional” solutions. IDC research shows that as virus protection and firewalls mature spend is shifting to the three As – administration, authorisation and authentication in the software and intrusion detection or protection software areas. The hardware approach is similar, with increasing spend directed towards biometrics, tokens and/or smart cards for network or appliance authentication, and hardware-based intrusion detection appliances.
As more purchase decision makers become aware of the importance of this type of protection the more purchasing plans will be formulated.
Many organisations, however, have invested a lot already and the 36 per cent of organisations planning a security product purchase is therefore down on last year’s figure of 54 per cent. The primary business challenge that organisations are facing is increased competition followed by rising costs. The biggest IT challenges are keeping up to date with technology and keeping down the cost of IT. The primary focus of IT departments this year will be infrastructure replacements and upgrades. IT security is only seen as a major challenge by nine per cent of the respondents compared to 17 per cent in 2004’s survey. This is due to the fact that more organisations believe they have preventative measures in place and effectively dealt with this issue.
That said, when we look at the results by company size or industry sector there are areas where we see that security has been highlighted. Medium and large organisations, for example, are more preoccupied with security concerns than the smaller segments. The bigger the organisation the more likely it is to implement a new product set over the next 12 months. Security is very much on the agenda of the finance sector and will also be a major concern for government in the next year.
IT security services spending plans
As can be seen in the chart below, 41 per cent of organisations surveyed claim to use an external supplier to help with IT security. This is up from 34 per cent in last year’s survey showing that this is still a major focus for Irish IT functions although it looks as though, like other services, security services may have peaked. The proportion of organisations not yet using but planning to do so was only six per cent, which doesn’t bode well for the services providers, or at least not in terms of winning new customers. The best prospects for the next year are in the business services sector.
Confusion in the marketplace
Other IDC research in Ireland and the UK shows that the purchasing of security software is an area where it can be a challenge just trying to keep track with what’s going on. There appears to be some confusion in the marketplace due to the large amount of security solutions available, and a lack of unbiased information on products. IT purchasers that IDC have spoken to feel that there is not enough clarity in the market regarding the capabilities of security products. Organisations are uncertain of the distinction between, for example, software that protects against intrusion from viruses (antivirus) and software that protects against intrusion from hackers. More lucidity on product capabilities is needed, as is communicating the value of integrated security approaches that encompass the full variety of protective technologies.
The struggle for management buy-in
Although the IT function of organisations in all sectors still see security as a key area of IT infrastructure, it can still be a challenge to convince others. There is still a need to encourage the board to get onboard and management buy-in can sometimes be a significant hurdle. It is often a struggle to convince management (and shareholders) that IT security is a business priority.
As one security and disaster recovery manager IDC spoke to put it, “IT security and procedures can be misinterpreted as a hindrance to the business process. It can be a challenge to demonstrate the benefit of IT security and the risks involved by not adopting such a process.”
Vendors and IT professionals alike need to work to bring home the need for watertight protection. Just as stable doors need to be locked it is often the case that the importance of security is only truly appreciated after the (Trojan) horse has bolted.
The issues above will be explained in greater detail at IDC’s Business Continuity, Security and Storage Conference in Dublin on September 21. For details about how to register please visit: http://www.idc.com/uk/bc05
Note on Survey: The 2005 edition of IDC’s IT Trends and Expenditure in Ireland study details the views, attitudes, intentions and IT spending patterns of Irish organisations of all sizes operating in the whole range of industry sectors. The survey involved interviewing 301 IT executives in commercial and public sector organisations in Ireland about their IT expenditure and intentions.
This article is based on research published in IDC’s study, IT Trends and Expenditure in Ireland 2005–2009. For further information please contact IDC’s Irish office on 01 2074285
Subscribers 0
Fans 0
Followers 0
Followers