Security spending rising for data centers, surveys show

Computerworld - As the director of global security at Hewitt Associates LLC, Dan Josephites is taking a multifaceted approach to bolstering defenses at his company, which is the nation's largest human resources outsourcer.
Firewall, antivirus and other intrusion-detection technologies are a key part of the strategy. But Hewitt is also shoring up its internal networks, performing network and application-level penetration testing, and working with developers to ensure secure code on all Web-facing applications.
"We are spending more on security, there's no two ways about it," Josephites said.
Hewitt isn't alone. A new study released this week, by the Orange, Calif.-based AFCOM's Data Center Institute, shows that information security has become a major priority for the nation's largest data centers in the face of constant terror alerts, tensions in Iraq and proliferating cyberthreats.
The study, conducted earlier this year among 257 data center managers, showed that nearly 50% of the companies surveyed said they had increased security budgets by 5% to 15% in the past year. While a majority of organizations are still spending less than 10% of their IT budgets on security, about 17% allocated between 9% and 20% of their budgets for it.
AFCOM's survey results are nearly identical to the results of a worldwide survey of 500 financial services companies being released next week by Deloitte Touche Tomhatsu. The Deloitte survey shows that despite the economic downturn, most companies have maintained or increased security budgets and boosted IT security staffing levels.
The budget increases come at a time when a growing number of companies face external and internal cyberattacks, said Jill Eckhaus, president of AFCOM. "The most surprising thing in my mind was that almost 30% of the companies surveyed did have a breach of security last year," she said.
In the financial services sector, 40% of the respondents to the Deloitte survey reported breaches in the past year -- with most of them coming from external sources.
Growing concerns about cyberattacks have made "the approval process for security spending somewhat easier," Josephites said. "It is very, very difficult to 'ROI' security, but my management understands that it is the cost of doing business these days."
"I'm not having any trouble getting money for [corporate] security," said David Krauthamer, director of IS at Advanced Fibre Communications Inc., a Petaluma, Calif.-based manufacturer of telecommunications equipment. Proliferating virtual private network access and an increase in the number of workers accessing the corporate network from outside have made remote access a major security concern for the company, he said.
If there is a