Other factors that keep them awake at night include access to credit and capital, government regulation, competition from foreign firms and downward pressure of profit margins. And yet IT executives continue to perform the delicate balancing act of investing in the future, through R&D, new business investment and new technology adoption, while at same time keeping costs under control.
Though executives continue to be cautious with spending, at least the indefinite waiting game is over in many areas. Global IT spending is projected to be the two-to-four percent range in 2010, with the U.S. market trailing slightly. IT projects postponed due to the economy are slowly resurrecting. And while many execs hope to eke out a bit more useful life from their current systems, others expect to be in full IT replacement mode as they increase staffing and capital expenditures.
Security is (Still) Job One - The primary cause of the majority of security breaches is unintentional end-user error―often by non-IT staff. The most significant costs of security breaches remain the overall impact on employee productivity, according to the study. About one-third of U.S. respondents to a 2009 CompTIA survey cited loss productivity as the top consequence of a breach, followed by a disruption of revenue-generating activities. Although the exact amount of money lost to IT security breaches is tough to calculate because of the difficulty in estimating lost productivity, data suggests security breaches cost U.S. companies in excess of $17 billion annually, and most likely significantly more.
The CompTIA study found that while the average number of security breaches increased only slightly over previous years, severity levels of breaches have increased more substantially. This suggests that while many organizations have made significant progress in dealing with security issues, the number, type and severity of threats have adapted in step. As in years past, spyware, viruses, worms and a lack of user awareness remain the most common IT security threats. However, threats from browser-based attacks, use of handheld devices and VoIP intensified for the majority of respondents.
To address these evolving threats, support mechanisms such as disaster recovery plans, dedicated security teams, security trainings and formal policies for responding to incidents have been adopted by many firms. These are supplemented by preventive technologies, such as firewalls and antivirus software used in combination. A growing number of firms are using other technologies (though to a lesser degree) including intrusion detection systems, physical access control, and multifactor authentication.
There is little doubt that companies recognize the importance of IT security and are willing to spend money to fortify their systems against attack. Indeed, security spending is at or near the top of most organizations IT shopping lists again this year. The federal government, for example, is expected to sharply increase its spending on information security products and services over the next five years. According to an INPUT study, security spending is forecast to jump from $7.9 billion this year to $11.7 billion in 2014.
Whats much less clear is whether organizations fully understand the value of training end-users to avoid inadvertently compromising IT security. According to the CompTIA study, almost all U.S. respondents (87 percent) note improvements in security when their organizations provide security training for non-IT employees, notably through increased awareness and proactive risk identification. However, while the majority of organizations require security training for IT staff (54 percent), relatively few firms (45 percent) require non-IT staff to be similarly trained.
The first and most important thing is to implement a comprehensive data security policy. Once a proper IT security policy is in place, non-IT employees should be trained to avoid causing an accidental breach. A comprehensive IT security training program should explain the IT security policy and the reasons behind any restrictions. This will encourage compliance without stifling creativity and will have the added benefit of teaching staff about some of the ways they may inadvertently cause a security breach.
Information technologists tend to focus on the technology that protects their sensitive information, but they can't afford to ignore the human element. The best lock in the world can't protect a vault if someone leaves the door open.
Technology Levels the Playing Field for SMBs - Todays small business is more sophisticated when it comes to investment in new technology. Innovative solutions such as managed services and software-as-a-service (SaaS) are being deployed in greater numbers by organizations with 500 or fewer employees.
A Q4 2009 survey by CompTIA of more than 400 small and mid-sized businesses (SMBs) across the US found that nearly 30 percent plan to implement SaaS solutions in 2010. Thats up from 22 percent and 14 percent respectively in the two prior years. Similarly, 30 percent of SMBs intend to implement managed services solutions in 2010. SMBs cited a desire to lower costs and maintain and build on their competitive edge as top reasons for adopting the SaaS model.
But a sharp decline in the planned adoption of basic IT such as computing, software and communications is anticipated in 2010. The number of SMBs surveyed that plan to make PC upgrades or replacements in the upcoming 12 months dropped from 98 percent to about 30 percent looking forward to 2010. This is indicative of SMBs looking to leverage their existing IT infrastructure better; and a shift in mindset to IT investments that drive revenue generation.
To be sure, the majority of SMBs continue to be value adopters who prefer to wait until new technologies are proven before buying. But the percentage of businesses claiming to be early adopters of technology has doubled from 2008, to 31 percent in the latest survey. Manufacturing, finance/insurance and government are leading this wave, where 60 percent of the respondents in these categories claim to be early adopters.
Significant investments in computing, networking, the Internet, websites, e-commerce and mobile communications are enabling SMBs to transition to more advanced technologies, leveling the playing field with larger competitors and helping to create competitive advantages.
Clearly, SMBs are placing increasing importance on technology solutions that drive revenues, produce immediate results to the bottom line and have a direct, positive impact on the customers experience. This is reflected in their growing adoption of enterprise resource planning (ERP), and other such solutions in 2009. Between 70 percent and 80 percent of the SMBs we surveyed consider the usage of ERP, CRM and online e-commerce capabilities as strategic to their business. One-third use virtualization and over half report having custom software in house to help tie their IT investments together. This sets the stage for leveraging technology to enable business growth by enhancing core business processes, productivity and efficiency; and increasing connectivity and knowledge access and sharing with customers, partners and suppliers.