| More organizations are becoming aware of security concerns and tactics. | |
 |
|
| By Vicki Powers |
|
|
|
| Security spending provides positive value and ROI in the eyes of many mid-market organizations, according to a study conducted by the Conference Board. In particular, companies in transportation, IT, healthcare, financial services, and telecommunications are the most likely to cite the benefits that security investment provides. Yet a surprising 39% of midsized firms instead think of security as a series of costs that must be tightly controlled. Many mid-market organizations are just becoming aware of security concerns, according to Kelly Hansen, CEO of Neohapsis, an informationsecurity consultancy and IT product test lab. In particular, Hansen believes the primary interest focuses on solutions that are not simply security devices but rather network devices with security functionality. "Spending trends appear to be focused around product purchasing rather than consulting and/or staffing," Hansen says. "There seems to be a belief in the mid-market that security is still a technology issue, not a process or people issue. Unfortunately, it's all of the above." Traditionally, mid-market companies have adopted standard perimeter defenses such as firewalls, router access control lists (ACLs), and desktop antivirus software. Brendan Hannigan, executive vice president of product development and marketing for security vendor Q1 Labs, says that many midsized firms are just now beginning to move beyond this level of defense to address internal security, compliance, and worm-infection issues. Many companies haven't had the infrastructure or necessary support to address these issues until now, while many others continue to learn about the increasing prevalence of threats—and the degree of risk that they assume if they fail to address them. Robert Hopkins, senior consultant at Optimus Solutions, says that it's difficult to quantify a budget increase—much less determine where to allocate funding—without adequate justifications. An example could be to estimate the amount of lost revenue as the result of a security incident subsequent to a critical system failure or penetration. According to estimates from AMI-Partners, small and medium-sized businesses (SMBs) in the United States invested approximately $2.5 billion in IT security in 2004; worldwide, SMBs spent almost $7 billion, accounting for just over 1.5% of total IT spending. Research also reveals that spending has been unevenly distributed; security-conscious SMBs are implementing sophisticated measures, while tens of millions of SMBs lack basic virus protection, even as they increase their dependence on the network. The tools are available, and the risks are real, but many SMBs are still leaving their businesses unprotected. AMI suggests that companies realize that "SMBs that fail to institute adequate security precautions bring risk not only to their own businesses, but also to those with whom they share electronic information or conduct electronic transactions—often their biggest and best customers and/or partners."
iQ Magazine, Second Quarter 2005 |
|
|
|
|
|
