The budgeting process is a timeworn battleground. It's a routine that is especially grating for information security pros since they often find themselves joining a skirmish in which business divisions that generate revenue get the preferential treatment.
If you were a gambler, you'd definitely place your money on the other guy (whatever his department might be) to win the money fight because, well, he usually does. And the outlook looks to be similar in 2012.According to SC Magazine's fifth annual “Guarding Against a Data Breach” survey, 61 percent of the 488 respondents say their budgets related to IT security and data protection will remain the same this year. Another 34 percent expect an increase, which is down from last year's 36 percent, and six percent are looking at a decrease in funding.
Experts say, though, there are some breaks in the gloominess. For one, there are quite a few companies hiring – mostly for the technology-specific roles that can support overarching security initiatives. For another, several activities are converging that are making security projects priorities for executive leaders.
Add to the mix an expected increase in examples of regulators actually enforcing compliance mandates this year, and executives are concerned. They want to ensure the right processes and technologies are in place to keep them out of these watchdogs' crosshairs. After all, harsh fines or worse will do little for profitability.
As well, the legion of attacks we saw last year (yeah, you read right… I did write ‘legion'), has got some corporate heads running scared. They don't want to be tomorrow's next headline – which ultimately could equate to the loss of revenue, customers and investors.
And, it seems, leaders of private entities aren't the only ones taking IT security more seriously. Just last month, the White House released the Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program, which has been years in the making and involved input from both public and private sectors.
For some experts, its goals to build a more resilient cyberspace, better attack prevention efforts, establish new defenses and improve software development to create more resistant solutions are promising, if not a wee lofty. But, it's yet another occurrence that helps set the stage for IT security to take its rightful place among business and government priorities near the top of the food chain.