IT security spending not darkened by economic gloom

The global financial crisis so visible this past month is beginning to take its toll on information-technology spending, though IT security spending is expected to be spared in what many think will be a dismal coming year.

The financial crisis was largely triggered by billions of dollars in bad mortgage loans made as America's housing boom went bust, spreading losses throughout global markets. With credit tight and a recession in sight, businesses are laying off employees and tightening budgets, including reducing information-technology spending. But even amid the kind of financial upheaval not seen since the Great Depression, spending on information security is expected to survive the next year largely unscathed, according to several analysts and end users forced to take stock of it all.

Click to see: Bar chart indicating the spending on network security.

Even in the midst of this turmoil, spending on IT security will largely escape the cost-cutting measures anticipated for other aspects of IT. That's an opinion shared by some network managers -- at least for now.

"There's no inkling whatsoever on cutting back on security spending. In fact, it's the opposite based on what I've heard," says Adam Ferrero, executive director of network services at Temple University, where the word just came down that IT spending in general would be reduced.

Temple University, which just swapped out an older standalone Check Point firewall and IBM ISS Proventia intrusion-prevention system for a single Crossbeam unified threat management device combining both technologies, is not expected to cut back on planned security projects.

In fact, despite the gloomy financial outlook, some analysts actually think IT security spending will increase.

In its annual Global State of Information Security Survey published this month, consultancy PricewaterhouseCoopers (PWC) said the more than 7,000 IT security professionals from 119 countries who responded indicated that 44% would increase their spending on security, while 31% said IT security spending would remain the same, 5% anticipated a decrease, and 20% didn't know.

"The good news for security folks in general is we saw 44% of respondents say their security spending would increase year over year," says Mark Lobel, partner in the PWC information security advisory practice.

Lobel feels the main reason that IT security spending will remain fairly strong is that "business models are changing, going online, Web-enabling everything they touch. That creates risk, and there has to be a protection component to it to mitigate that risk. Compliance is also one of the drivers, and it’s just not an option to cut."

The Boston-based Institute for Applied Network Security doesn't see the fiscal crisis upending IT security. The institute conducts research mainly through direct interaction with security managers, holding forums to discuss topics such as virtualization, Web 2.0 and security metrics, and surveying for opinions.

"We've been asking what's on the mind of the practitioners in this current fiscal crisis," says Jack Philips, managing partner with the research firm. In mid-October, the institute held a two-day gathering in Chicago where about 200 individuals representing 120 U.S.-based organizations were asked about the impact the fiscal crisis was having on their IT budgets and security spending.