Data Security Standard Payment Card Industry (PCI) – burning issue, but a recent study by Gartner found that 18% of respondents admitted that they are not PCI-compliant, although the study was implied that they had to comply with these standards.
Gartner conducted several studies in the period from June to September this year at the annual Gartner IT-summit on information security events Catalyst in North America and in their own summit on security and risks in EMEA. Poll 383 IT-managers identified trends in the behavior when shopping, and allowed to predict future costs for security.
“Given that many providers of technology in the security market aimed at helping customers comply with the requirements of PCI-compatible, it was surprising to see such a high percentage of respondents are not PCI-compliant,” – said Lawrence Pingree, research director at Gartner.
“Providers of technology and services should continue to distribute its technology to help customers solve problems in compliance with safety standards for the PCI. Organizations, end users must also work to raise awareness of its PCI-compliance with the safety standards to ensure that employees are accurately known whether their company with PCI or not, “- he added.
Mr. Pingree believes that change – a key element in the study budget. Last year, 55% of respondents reported that their budgets will remain the same next year, but this year only 30% confirmed this.
In addition, 33% of respondents expect an increase in their budgets, 22% of them expect to increase IT-budget by 5% or more, compared with 20% last year, that is, there is a slight increase in overall spending on security. Despite this fact, 15% of those surveyed last year said they expected to reduce IT-budget last year of similar stated only 9%.
This year, the Cost of IT-security, hoping to increase budgets, expect even more significant growth in budgets, compared with last year. Last year it was expected that 6% of the total IT-appropriation will be discussed is on information security.
The study this year showed that the allocation of funds averaged 10.5%, and, accordingly, has more than 4%. This shows that on average 10 cents of every dollar allocated IT-gone on information security.
As Gartner found that the bulk of the funds was spent on staff, as in the previous year, but this year this cost item was reduced from 35 to 32%. Consulting and outsourcing services also decreased compared to last year, consulting declined significantly from 14% last year to 11% in the present, and outsourcing, respectively, from 18 to 11%.
Increased budgets affected and the cost of equipment, software, hardware costs have increased from 18% last year to 22% this year but the cost of the software – from 20 to 22%, as organizations continue to work on the deployment of products to meet demand at a high level of safety associated with the recent leak of information from the press and large companies.
Mr. Pingree believes that the company plans to reduce its expenditures on information security through new technologies, their development of this year, using an improved integration of primary, or by reducing the current external consulting. They are likely to do this by increasing the degree of automation of many security products and work hard to make internal work processes to ensure the safety of more efficient, reducing the demand for universal human resources, or reduce the cost of consulting.
Asked about the most important projects of information security in 2011, respondents most often mentioned on data loss prevention (DLP), along with user provisioning and event marketing, who came in second place, third place were the Security Information and Event Management (SIEM). Intrusion detection, network access control, application security and IT-management tools for Governance, Risk and Compliance Management (GRCM) also rank high in the rankings.
“This new focus on preventing data loss is critical when considering the dynamic nature of cloud environments and trends for virtualisation application workloads,” – said Mr. Pingree. “This will be particularly important to support the adaptation of different types of business policies to control various types of data, as well as different types of data movement in the appropriate application workloads.”