Funding
Securing Security Dollars
IT security projects are continually under-funded, despite being a top concern for 2007. Here’s how to make the case for security investment.
It's one of the paradoxes of the technology world: IT security continues to gain visibility as a pressing issue, but the funding for improved data protection doesn’t always flow.
Two recent surveys illustrate this situation. In its
2006 Higher Education IT Security Report Card
, CDW-G reported that 84 percent of surveyed higher ed IT directors and managers considered IT security one of their top-five priorities. But less than half of respondents said their executive administrators view IT security with the same sense of urgency. Eighty-one percent of respondents said their IT security budget allocations provide less than what they need. Meanwhile, an Accenture study,
Enabling High Performance With Next Generation Infrastructure
, showed that more than 90 percent of surveyed government and education IT executives listed security as one of their top two IT priorities for 2007. Yet only about 10 percent of respondents’ IT budgets have been earmarked for security.
Interestingly, since getting the funds to bolster security would seem to be an easy sell: News reports continue to document credibility-damaging data breaches affecting higher education. Last year, the University of California- Los Angeles, for one, reported that a database containing personal information on hundreds of thousands of students had been illegally accessed over a period of months.
UCLA is hardly alone: CDW-G’s survey reveals that more than half of higher education IT personnel experienced at least one IT security incident in the last year, and one third reported lost, stolen, or exposed data. CJ Spallitta, VP of global services at security services firm
Cybertrust
, says universities tend to be more susceptible to security incidents than other enterprises. Because universities posses data types that attract identity thieves—such as student names, Social Security numbers, and banking information—they are almost the perfect target, explains Spallitta. Plus, he says, “historically there has been an environment of openness and collaboration, and also budget constraints,” making higher ed especially vulnerable.