Security remains Job 1

Security issues are consuming network executives’ thoughts, although not necessarily dictating their spending priorities, according to the ninth annual Network World 500 survey.

Securing the corporate network, improving disaster-recovery systems and building VPNs accounted for three of the top five most important issues among network executives interviewed. Security-related issues also were rated high last year, though these issues took even greater urgency this year in the wake of the Sept. 11 terrorist attacks.

Rounding out the top five issues this year were improving existing network infrastructure to boost productivity and addressing the needs of remote offices and teleworkers.

Even with the uncertain economy, NW 500 respondents said they plan to increase network technology spending. The biggest jumps in average spending per company this year will be for: voice/data convergence, up US$1.7 million to US$9.1 million; wireless, up US$1.3 million to US$5.9 million; and e-business efforts, up US$800,000 to US$13.9 million.

Despite security being a priority, average spending there will increase only slightly, by US$200,000 to US$3.9 million. However, 53 per cent said they expect the portion of their IT budget allocated to network security to increase in the next 12 months.

Given that the survey was conducted only three months after the Sept. 11 attacks, it comes as no surprise that more than half of the NW 500 say their networks are “somewhat vulnerable” to security breaches. Another 10 per cent rated their networks “vulnerable.” For example, 47 per cent said that firewalls and filtering software don’t meet their company’s security needs.

Users were asked if security worries actually were causing them to slow deployments in four technology areas – wireless, remote/teleworker applications, e-business applications and IP VPNs. Between 23 per cent and 30 per cent of respondents said “yes” regarding each area.

Also, about one-third of respondents said they have no purchase plans for any of four classes of security software: antivirus applications, firewalls, administrative tools for authorization and authentication, and encryption systems.

This may partly be because many big companies have already bought and installed such products. For these users, more emphasis on security might mean more emphasis on and enforcement of policies and procedures.

But other users are definitely buying. Asked if they planned to purchase antivirus, firewall, authorization and authentication, and encryption software this year, 40 percent to 48 per cent said “yes” regarding each individual technology.

A similar number of respondents said they plan to buy security hardware, with emphasis on proven products. Forty-six per cent plan to buy VPN equipment to create encrypted connections between remote and wireless employees and the corporate network. The other big target is firewall appliances to keep intruders locked out: 41 per cent plan to buy these.

Preparing for the Worst

One-third of respondents said they are upgrading their disaster-recovery systems, and another 20 per cent said they will do so sometime this year. The move seems to be a direct response to the September terrorist attacks: 62 per cent said disaster recovery is a higher priority now than 12 months ago.

“Sept. 11 was definitely an impetus to upgrading our disaster-recover plan,” says Joe Staniford, manager of IT for Rutherford & Chekene Consulting Engineers in San Francisco, where network managers already have earthquake awareness programmed into their brains.

Penn State University IT managers were actually scheduled to talk over disaster recovery last Sept. 12. The tragic events of the previous day made for “different discussions than we would have had,” says Robert O’Connor, IS manager at the university in State College. One result was that the university was able to secure “funding for what we thought were ‘blue sky’ [disaster-recovery projects],” he says.

Regardless of the sputtering economy and overall IT budget constraints, the NW 500 are betting that more spending in wireless, handheld devices and remote access will lead to more productivity.

Forty-three percent of respondents “agree” or “strongly agree” that wireless technology will be a top IT priority this year. By contrast, 36 per cent “disagree” or “strongly disagree.”

Three of the top five reasons for using wireless are related to productivity: improving productivity of mobile workers (64 per cent), deploying applications that address specific business needs (44 per cent) and providing better customer service (38 per cent).

There is a hint that the NW 500 anticipate a better return on investment with just-emerging IEEE 802.11a wireless LANs, rated at 54Mbps, than with the more prevalent 802.11b networks, rated at 11Mbps. In the next two years, 18 per cent said they plan to deploy 802.11b, but 23 per cent say they’ll use (or also use) 802.11a.

“I’ve looked at wireless and I’m not convinced it would solve business problems for us,” says Staniford, at Rutherford & Chekene. “But if I did anything with it, I would probably go to the higher speed. Faster always seems to be more prudent.”

One-fifth of the NW 500 have modified existing applications to support wireless. About one-quarter of the survey respondents said they will make the needed modifications in the next 24 months.

Handhelds Coming of Age

Handheld devices such as PDAs, cell phones and the like are no longer seen as toys. They’re needed, the NW 500 said, to improve productivity for mobile workers (69 per cent), to improve customer service (62 per cent) and to create mobile access to enterprise applications (60 per cent).

As a result, 58 per cent of the NW 500 said that their organizations this year will buy handhelds for employees, or support employee purchases (or both). And they will buy in larger numbers: 36 per cent said their companies will buy at least 1,000 handhelds.

Overall average yearly spending for handhelds will jump from US$872,000 in 2001 to US$1.3 million in 2002.

“Buying of handhelds is being centralized, on the same path as PCs were in the 1980s and 1990s,” says Sever Totia, an associate with Lazard Technology Partners, a venture capital firm in Washington, D.C.

Making remote or teleworkers more productive is an increasing concern because more employees fall into this class. Fifty-seven percent of the NW 500 said they have at least some employees who telecommute part time, and 47 per cent have employees that do so full time. About 53 per cent of respondents expect the number of telecommuters to increase this year. Forty-three per cent said that number will increase by 10 per cent to 24 per cent.

As a result, 38 per cent of respondents expect to increase spending this year to support telecommuters by between US$100,000 and US$1 million. Another 30 per cent say they plan to spend more than US$1 million.