Share This Article:

Eighteen percent of IT managers recently surveyed by Gartner admitted to not being Payment Card Industry (PCI) data security compliant even though the threat trends — and plenty of widely publicized and costly hacker breaches — suggest they should be.

Lawrence Pingree, research director at Gartner, characterized the admission as surprising. But, he said, the survey results don’t mean technology and service providers shouldn’t continue striving to help solve customer issues with PCI compliance — particularly when it comes to employee training.

For solution providers, the results point to the need of applying the most effective resources and tools to combine detailed information about regulations with the ability to self-assess and track progress toward compliance. Regulations such as PCI are designed to prevent data breaches, but the truth is that many businesses don’t know what data they have or where it resides. That hinders their ability to prescribe policies and procedures for accounting data integrity, handling and access.

IT managers also revealed a glimpse at security-buying behaviors over the next 12 months. While 14 percent of respondents said they expect a budget decrease, the IT security budget planners who are expecting an increase say they’re expecting a fairly significant one.

When Gartner asked which security projects would receive top billing during the next 12 months, respondents placed data-loss prevention (DLP) at the top of their list. Pingree said the new focus on DLP, accompanied by business policy controls, is particularly critical given the dynamic nature of evolving cloud environments and trends to virtualize application workloads.

Second on the security projects list is user provisioning and event management, followed by security information and event management. Intrusion detection, network access control, application security, and IT governance, risk and compliance management tools also rank high.

IT managers surveyed indicated a trend in plans to reduce resources and administer the security technologies they already have by leveraging better initial integration or through reduced ongoing external consulting. Pingree said these goals would likely be accomplished by utilizing increased automation in security products and working to make internal security workflows more efficient, lowering demand for overall human resources or consulting costs.