A PriceWaterhouseCoopers security study finds that despite the economy, technology security spending will not dry up, although security implications may stall the enterprise adoption of cloud computing.
BOSTON-Technology security spending may stall but not freeze
as the financial meltdown works its way through the economy; cloud computing
has security implications that may stall enterprise adoption; and India has not
only caught up, but has surpassed the United States in some key areas of
technology infrastructure security.
Those conclusions-some based on a yearly study of more than
7,000 business executives and some based on informed opinion-were part of a presentation
of the yearly PriceWaterhouseCoopers technology security study. The 2008 Global
State of Information Security Study represents the 10th year the study has been
conducted, and this year spanned 119 countries. The survey was conducted
earlier in the year and did not encompass the time period related to the
current, ongoing financial crisis.
While the scope of the survey was large, the bottom line is
that technology security professionals have to focus on process and strategy as
much, if not more, than the latest product.
"Information security has a reputation of being the cool
tool guys," said RBS Chief Information Security Officer James Mignone, who was
part of the panel presenting the survey findings. He went on to say that the
current environment requires executives who not only can use the latest
products but who also can undertake risk assessment at a company.
A Cisco study highlights common failures of enterprise security policies. Read more here.
The exhaustive survey hits many of the current hot buttons
on IT security, but while respondents were aware of security issues, the survey
results indicated security issues are still a long way from being resolved. For
example, while 73 percent of the respondents estimated they are complying with
their company's internal security policies, only 44 percent of those responding
actually conduct compliance testing and only 43 percent audit or monitor user
compliance with security policies. While CISOs cited regulatory compliance as
the primary driver for information security spending, the CEO,
CFO and CIO
respondents cited business continuity and disaster recovery as the primary
While companies continue to invest heavily in security
technology, that investment does not necessarily mean better security.
"This year, respondents trumpet a headlong rush into technology.
But these investments don't necessarily mean better security," the report
states and backs up the statement with three findings. "(1) It's dramatically
clear: One of the highest priorities for companies over the past year has been
technology. (2) Many companies, however-if not most-do not know exactly where
important data is located. And (3) companies need to focus more acutely on
advancing critical processes-and supporting the people that run them."