Cloud & Telecom Security

Worldwide Spending for IT Security Likely to Increase
October 19, 2009

http://www.enterpriseitplanet.com/security/news/article.php/3844466

According to the 7th annual Global State of Information Security Survey 2010, released today, six out of ten respondents (63 percent) expect security spending to either increase or stay the same despite thee worst economic downturn in decades — or perhaps because of it.

The study, the largest of its kind, is conducted by PricewaterhouseCoopers (PwC) in conjunction with CIO and CSO magazines. More than 7,200 executives from 130 countries across all industries were asked about their information security expectations. The results demonstrate that global leaders appear to be “protecting” the information function from budget cuts but at the same time are placing it under intensive pressure to “perform.”

“The increased risk environment has visibly elevated the role and importance of the information security function to the entire business organization,” said Mark Lobel, an Advisory principal at PricewaterhouseCoopers. “After years of misalignment, business and IT leaders seem to be starting to think like each other. This year, as we move from 2009 to 2010, may turn out to be a high-stakes ‘coming of age’.”

The survey shows that across industries and from the private to the public sector, the downturn has had a major impact on security spending. A few key industry trends from this year’s survey include:
Financial Services

* This year, fewer financial services respondents predict spending will increase (40 percent in 2009; 46 percent in 2008) yet two- thirds (64 percent) expect spending to either increase or stay the same.

* For the first time in the seven year history of this survey, the majority of metrics used to track advances in security-related capabilities across all major security domains, including strategy, structure, people, process and technology have, by and large, for the financial services industry, not improved.

* Seventy-five percent (75 percent) of financial services respondents have an overall information security strategy in place, compared to 74 percent in 2008.

* Fifty-nine percent (59 percent) of financial services respondents report they conduct threat and vulnerability assessments (unchanged from 2008).

* Also unchanged from 2008, 61 percent of financial services respondents require employees to complete training on privacy policies/practices.

“It’s hard to avoid the conclusion that the economic ‘freight train’ has impacted financial services companies more than those in any other industry and largely stopped the global financial services industry’s multi-year investment in security capabilities effectively, if temporarily this year, ‘in its tracks’,” points out Lobel.
Health Industries

* A key priority this year will be addressing a global trend in stiffer requirements for breach notification and specific technical controls.

* More than six out of 10 provider respondents (61%) report that their organization does not have an incident response policy to report and handle breaches with third parties handling data.

* As many countries address the security implications of electronic health record policies, U.S. providers need to address the HITECH Act. On February 17, 2009, President Obama signed into law the American Recovery and Reinvestment Act of 2009 (“ARRA”). Part of the ARRA, the HITECH Act strengthens and expands the scope of the HIPAA privacy and security rules.

* As complexity and regulation increase within the industry with heightened penalties and disclosure requirements for breaches and missteps U.S. providers will need to understand the financial and operational implications for their organization.

Utilities

* Reported incident type levels have declined across all elements, except one: the exploitation of data is now the leading type of incident.

* Utility companies have advanced their security and privacy capabilities in the past year in areas including strategy, security leadership, privacy-related assessments, and integration.

Public Sector

* Today a new generation of government employees is accessing social networks from work in great numbers, often without the knowledge of the IT department — and in circumvention of the traditional countermeasures employed by many. Some organizations have moved quickly to close this gap, but most need to do more. Only 35 percent of government agencies have security technologies in place that support Web 2.0 exchanges.

* In the U.S., advancing cyber security and private/public partnerships are additional emerging priorities.

While the “full damage report” for 2009 is not yet clear, the survey finds business impacts such as financial losses, compromises to brand or reputation, and loss of shareholder value, have increased.

Read the rest of this article at CIO Update

Gartner: IT spending growth next year
But don’t expect another 2008 before 2012
By Timothy Prickett Morgan • Get more from this author

http://www.theregister.co.uk/2009/10/19/gartner_it_spending_2010/

The final quarter of 2009 is just getting under way, and Gartner’s analysts have assembled to give 2009, the IT industry’s “worst year ever”, a happy send off. Well, more like a mumbled good riddance as it welcomes the prospect of a better 2010.

Gartner is hosting its Symposium/ITxpo in Orlando, Florida this week, and says that worldwide IT spending is now on pace to fall by 5.2 per cent this year. That decline is not so bad because consumers and small businesses have continued to spend on computers and software during the economic meltdown.
Click here to find out more!

Enterprise IT spending is expected to be down 6.9 per cent this year, which is making it tough for the big-name IT supplies to pull down the profits they are accustomed to.

And while Gartner’s wizards are projecting that there will be a 3.3 per cent increase in global IT spending in 2010, to $3.3 trillion, don’t get out the champagne just yet.

“While the IT industry will return to growth in 2010, the market will not recover to 2008 revenue levels before 2012,” Gartner senior vice president and global head of research Peter Sondergaard said in a statement.

“2010 is about balancing the focus on cost, risk, and growth. For more than 50 per cent of CIOs the IT budget will be zero per cent or less in growth terms. It will only slowly improve in 2011.”

Gartner now expects spending on computer hardware of various kinds – including servers, storage, networking gear, PCs, printers, and so on – will fall by 16.5 per cent in 2009, to $317bn. And the company’s best minds’ best guesses average out to a flat market for hardware in 2010.

On the server front, Sondergaard says that about one million servers were kept in operation in 2009 that would have otherwise been retired, about three per cent of the installed base of servers worldwide. And unless something radical happens in the economy, and therefore the server racket, the base of machines that have had their replacements deferred could grow to two million by the end of 2010.

“If replacement cycles do not change, almost 10 per cent of the server installed base will be beyond scheduled replacement by 2011,” Sondergaard estimates. “That will impact enterprise risk. CFOs need to understand this dynamic, and it’s the responsibility of the CIO to convey this in a way the CFO understands.”

Those selling spare parts for used hardware equipment could see an uptick in business for the first time in maybe a decade of being bashed by new equipment rollouts. And on the other side, call it what you may – cloud computing, application outsourcing, software as a service – but shifting from capital to operational costs for certain IT functions is also going to get traction if the global economy doesn’t improve.

And among the emerging economies, it could just turn out that such cloudy application services take off because it is just plain easier, like cell phone service in China and India. Those are not Gartner’s guesses, but mine.

If you can’t afford to lay land lines in a vast, poor country, you learn to make do with cell service. Companies are going to learn to make do with cloud computing – both on the supplier and on the customer sides of the bargaining table.

This is not the only kind of shift Gartner expects from the emerging economies. “By 2012, the accelerated IT spending and culturally different approach to IT in these economies will directly influence product features, service structures, and the overall IT industry. Silicon Valley will not be in the driver’s seat anymore,” Sondergaard said.

Let that sink in for a minute. Gartner is probably being melodramatic here for effect, but a lot of the engineering and design work for IT products is being done in Asia, as manufacturing has been done for even longer. At some point, what used to be a supplier for an IT company can end up being its competitor.

Software spending, as you can see as the quarterly numbers have rolled by here at El Reg, has been a relative bright spot, and is projected to decline by a mere 2.1 per cent this year, to $197bn, and will continue to be relatively bright in 2010 as worldwide software sales rise by 4.8 per cent to $206bn.

IT services, which are all the rage during the economic downturn because companies needing to slash expenses are often forced by circumstances to outsource and offshore, will nonetheless decline by 3.6 per cent to $781bn, but will rebound and grow by 4.5 per cent in 2010, to hit $816bn in sales, if Gartner’s crystal ball doesn’t have any smudges on it. Or if another economic meltdown doesn’t chip or crack the ball.

Global telecom spending is still the largest part of the IT economy, accounting for $1.9 trillion in spending globally in 2009 (down four per cent), but expecting to rebound in synch with the overall market in 2010. To one way of looking at it, the faster than average growth for services and software is washed out by the flatness in hardware spending, which leaves telecom setting the pace for overall IT spending growth. ®