CIOs Spending Network Security Bucks

The IT chiefs of major corporations place a high priority on network security. According to a recent survey by RHI Consulting, 56 per cent of CIOs polled say they have increased their investment in network security measures over the last six months.

“As companies continue to upgrade their internal and external network systems, ensuring that these infrastructures are secure is of critical importance,” says Stephen Mill, regional manager of RHI Consulting’s Canadian operations. “Firms are taking a proactive approach to identifying vulnerabilities and minimizing potential risks before they can interrupt operations.”

The survey was conducted by an independent research firm and includes responses from 270 CIOs from a random sample of Canadian companies with more than 100 employees.

Mill says organizations are placing a premium on technical expertise in such areas as encryption and authentication, safeguarding of firewalls, intrusion monitoring and administration of virtual private networks.

Bob Steadman, senior manager of the technology risk services group at PricewaterhouseCoopers in Toronto, says his organization’s own research has found companies are spending more dollars on network security than ever before. However, he says overall IT budgets are growing as well and security purchases do not necessarily represent a larger percentage of most organizations’ IT budgets.

He says companies shouldn’t be applauded just yet.

“They shouldn’t be patting themselves too much on the backs in terms of how great they’re doing, because there’s still a long way to go,” Steadman says. “Unless people believe there is appropriate control and security in place in organizations, they’re not going to buy into the fact of being able to transact business with them.”

Steadman says the network security areas that still need attention are security architecture, tools, techniques and technology, and management review and monitoring.

“(You need) to have the right policies, procedures, guidelines, security awareness, and the right information security management structure in place to deal with these issues,” Steadman says.