The global financial crisis is beginning to take its toll on information-technology spending, though IT security spending is expected to be spared in what many think will be a dismal coming year, according to several analysts and end users.
Network managers agree that security spending will not yet feel the pinch. "There's no inkling whatsoever on cutting back on security spending. In fact, it's the opposite based on what I've heard," says Adam Ferrero, executive director of network services at Temple University.
Temple University, which just swapped out an older standalone Check Point firewall and IBM ISS Proventia intrusion-prevention system for a single Crossbeam unified threat management device combining both technologies, is not expected to cut back on planned security projects.
In fact, despite the gloomy financial outlook, some analysts actually think IT security spending will increase.
In its annual Global State of Information Security Survey published this month, consultancy PricewaterhouseCoopers (PWC) said the more than 7,000 IT security professionals from 119 countries who responded, indicated that 44 percent would increase their spending on security, while 31 percent said IT security spending would remain the same. Only 5 percent anticipated a decrease and 20 percent didn't know.
"The good news for security folks in general is we saw 44 percent of respondents say their security spending would increase year over year," says Mark Lobel, partner in the PWC information security advisory practice.
Lobel feels the main reason that IT security spending will remain fairly strong is that "business models are changing, going online, Web-enabling everything they touch. That creates risk, and there has to be a protection component to it to mitigate that risk. Compliance is also one of the drivers, and it's just not an option to cut."
The Boston-based Institute for Applied Network Security doesn't see the fiscal crisis upending IT security. The institute conducts research mainly through direct interaction with security managers, holding forums to discuss topics such as virtualisation, Web 2.0 and security metrics, and surveying for opinions.
"We've been asking what's on the mind of the practitioners in this current fiscal crisis," says Jack Philips, managing partner with the research firm. In mid-October, the institute held a two-day gathering in Chicago where about 200 individuals representing 120 U.S.-based organisations were asked about the impact the fiscal crisis was having on their IT budgets and security spending.
Over three-quarters of those attending indicated they expected adjustments in their organisation's IT security budgetary allotment and priorities, but about 15 percent did not, says Philips.
"For the most part, security spending will not be cut as aggressively as other IT priorities," says Philips. He said he got the sense from those at the conference that "in times like this, the bad guys are more dangerous and our organisation is realising to cut security is not a wise decision."
"The financial crisis is ugly and real, and it has now spread from the U.S. to Europe and Asia," states Forrester analyst Andrew Bartels in his report "What the Financial Crisis means to the Tech Market" published in mid-October.
Forrester predicts the last quarter of the year and the first half of next year will see a slowdown in the software and IT services sector, with vendors averaging 3 percent to 5 percent growth instead of the 9 percent to 12 percent they had earlier in 2008.