Why Security Matters Now

Social networking and cloud computing threats abound, our annual Global Information Security Survey finds, making information security important once again to business leaders.

Trend #3

Insourcing Security Management

A few years ago, technology analysts were predicting unlimited growth for managed security service providers (MSSPs). Many companies then viewed security as a foreign concept, but laws such as Sarbanes-Oxley, the Health Insurance Portability and Accountability Act and the Gramm-Leach-Bliley Act (affecting financial services) were forcing them to address intrusion defense, patch management, encryption and log management.

Data Dangers

Attacks on data have increased faster than any other security exploit. The top target: databases.

How Attackers Get Your Data

Databases: 57 per cent

File-sharing applications: 46 per cent

Laptops: 39 per cent

Removable Media: 23 per cent

Backup Tapes: 16 per cent

Multiple Responses Allowed

Convinced they couldn't do it on their own, companies chose outsourcers to do it for them. Gartner estimated the MSSP market in North America alone would reach $US900 million in 2004 and that it would grow another 18 percent by 2008.

Then came the economic tsunami, which appears to have cast a shadow over outsourcing plans even though security budgets are holding steady. Although 31 per cent of respondents this year are relying on outsiders to help them manage day-to-day security functions, only 18 per cent said they plan to make security outsourcing a priority in the next 12 months.

When it comes to specific functions, the shift has already begun. Last year, 30 percent of respondents said they were outsourcing management of application firewalls, compared to 16 percent today. Respondents cited similar reductions in outsourcing of network and end-user firewalls. Companies have also cut back on outsourcing encryption management and patch management.

At the same time, more companies are spending money on these and other security functions. Sixty-nine percent said they're budgeting for application firewalls, up slightly compared to the past two years. Meanwhile, more than half of respondents said they are investing in encryption for laptops and other computing devices.

The results surprise Lobel of PricewaterhouseCoopers. "When you think about it logically, some IT organizations have the resources and maturity to manage their operating systems and patches, but many don't," he observes. "Hopefully, the numbers simply mean IT shops have grown more mature in their security understanding."

Security Budgets Hold Stead

More companies are increasing spending than cutting it.

Direction of Spending

Increase: 38 per cent

Stay the Same: 25 per cent

Decrease: 12 per cent

Don't Know: 24 per cent

Numbers may not add up to 100 per cent due to rounding

Gius of Atmos Energy offered another possible explanation: Companies see a lot of chaos in the security market with an avalanche of mergers and acquisitions. One independent security vendor after another has merged with or been acquired by other companies. Examples include BT's acquisition of Counterpane and IBM's acquisition of Internet Security Systems. IT leaders are simply getting out of the way until the industry settles down.

Gius says Atmos Energy is handling most of its security in-house right now. "We pursued a number of open-source and lower-cost solutions to manage it ourselves," he says. "We invested in two people to help ensure we had the skills to manage that environment." But he'd like to outsource more if it makes sense financially. He notes that security is increasingly integrated into the platforms provided by the likes of Microsoft, Cisco and Oracle, as well as telecom providers like Comcast and Verizon. It makes sense to him to have those providers manage the security of their systems.

Beard, with SAIC, says that no matter what drives security spending decisions, companies should understand their specific security strategies and where managed security providers can offer unique value. Smart business executives understand that they must maintain control of the big picture at all times, even if a third party is managing many of the levers. Keeping an eye on security service providers and the risks they are encountering is essential. "CIOs and security officers may outsource certain functions to various degrees, but they should never outsource their responsibility," Beard advises.

Join the PC World newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Global Information Security SurveysecurityPricewaterhouseCoopers

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Bill Brenner

CIO (US)
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?