EVEN WITH ALL the steep budget cuts, spending on IT security projects appears safe.
“We did not see a dramatic decline in security budgets like we thought we would,” says Mark Lobel, principal at PricewaterhouseCoopers (PwC), New York, New York, USA. “Our working hypothesis was that security is going to get slashed to the bone and frankly, the numbers did not support that.”
A 2009 survey by the consulting giant found that 63 percent of 7,200 IT executives from 130 countries said they will either increase or maintain their spending on data security in the coming year.
“If you are looking for projects, security is still going to have them,” Mr. Lobel says. “They may not be as big as in the past, and some of them may even be delayed ... but security is going to be an area of focus.”
TIP Information security may mean job security for project managers in 2010.
“IT security is going to be a place of investment and a place where projects are going to happen.” says Mark Lobel, PricewaterhouseCoopers, New York, New York, USA. “Project managers are going to need to be there to support those initiatives. They have to go where the money is.”
Survey results reveal that companies are looking hardest at—and placing their highest expectations on—initiatives that:
Address the “big risks,” such as hackers accessing financial information
Improve data protection
Invest in disciplined alignment with the security strategy
Increase efficiency and reduce cost
To get the job done, project managers have to look at the big picture.
“It's not about knowing every piece of data you have in an environment—it's about defining what the critical data elements are, where they are located, what controls are in place to protect them, and what laws and regulations apply to those elements,” Mr. Lobel says.
Armed with that information, project managers can help create an information security framework. “We are talking about creating a bunch of projects over time, which creates a strategy role for strong project managers,” he says.
But with those increased opportunities comes increased pressure to deliver ROI.
The Wild, Wild Web
Companies seem to be struggling to protect all that data flowing around in social media, according to an information security survey by PricewaterhouseCoopers. Only 40 percent of 7,200 IT executives from 130 countries reported their organizations have security technologies that support Web 2.0 exchanges, such as social networking sites, blogs and wikis. Another third of respondents audit and monitor postings to external blogs or social networking sites, but only 23 percent have security policies that address access and postings to such sites.
“You've got to define and track the benefits through the capital project—that's where I think it's going to be important for project managers to stay focused on the value of the project,” Mr. Lobel says. “A solid project manager is the underlying foundation that a successful security program will rely on.”
Given the pressures on the bottom line, project sponsors may be more willing to take on IT security risks rather than focus on mitigating them, says Rob Sadowski, senior manager, technology solutions at RSA, a security IT company in Bedford, Massachusetts, USA.
“There will be a much sharper focus on generating project results as soon as possible, with companies wanting more rapid ROI,” he predicts. “As a result, businesses may not be willing to weigh risk assessments.”
Mr. Sadowski points to the expansion of IT infrastructure virtualization, such as cloud computing. These projects may lower the costs an IT department incurs on everything from electricity and hardware to staff support time, but they may also allow a third party to access private data.
“A system like this may create risk, but the business is charging head-first,” says Mr. Sadowski. “Efficiency and cost reductions are more important than getting risks assessed and addressed.”
In the PwC survey, 48 percent of respondents said virtualization improves information security, 42 percent said it has no effect, and only 10 percent said it creates vulnerability.
Mr. Lobel says even his team doesn't fully agree with the findings.
“There's a compelling speed and dollar justification for sourcing things to virtualized cloud environments,” he says. “As a project manager, are you going to be able to get on that ship and control it? Or are you going to be dragged behind by the tow rope? It's going to be incumbent on project managers to stay ahead of the risk.”
Yet as sponsors demand more efficiency and value from their project managers, risks become harder to manage. Companies are forced to adopt a “ready, fire, then aim” mentality, Mr. Sadowski says, but the battle to protect virtual information from malicious third parties or “fraudsters” will continue.
“There will definitely be a lot of projects out there. The drivers for spending are still there,” he adds. “Fraudsters never stop innovating. And we're going to keep spending on security innovations. It's that innovation that's going to take us out of economic downspin, even if it comes with some added risks.” —JD
World Security Report
Some parts of the globe will be fortifying their investments in security projects more than others, according to a 2009 PricewaterhouseCoopers survey.
While 50 percent of European and 60 percent of North American respondents indicated security spending would increase or stay the same over the next year, the numbers jumped to 73 percent in Asia and a whopping 80 percent in South America.
“You're looking at countries getting caught up to privacy approaches that the rest of the world is already using,” says Mike Spinney, senior privacy analyst at the Ponemon Institute, a privacy, data protection and information services policy research center based in Traverse City, Michigan, USA. “China is in that catch-up mode. They have to bring themselves in line with data security best practices.”
Project managers may find even greater prospects in South America, where pockets of new economic and infrastructure development—particularly in Brazil—are bolstering the need for increased IT security, says Mark Lobel, PricewaterhouseCoopers, New York, New York, USA.
As emerging markets gear up, expect greater demand for project managers. With those kinds of investments, someone needs “to manage them correctly and make sure you are getting that value from them.” he says. “That's a huge opportunity for project managers.”
PM NETWORK FEBRUARY 2010 WWW.PMI.ORG
FEBRUARY 2010 PM NETWORK