Gartner IT Key Metrics Data 2011 SUMMARY REPORT Key Information Security Measures: Summary report This report contains database averages and only represents a subset of the published metrics and custom analysis capability available through Gartner Consulting Benchmark Analytics.
IT Key Metrics Data Summary Report IT Key Metrics Data 2011 Summary Report Jamie Guevara Eric Stegman Linda Hall Thank you for your participation in the IT Key Metrics Data Survey. This IT Key Metrics Data 2011 Summary Report provides an overview of Information Security Metrics as well as provides some insight into the distribution of that spend on average. Sourced from Gartner RN# G00208293 IT Key Metrics Data 2011: Key Information Security Measures: Current Year, RN# G00208294 IT Key Metrics Data 2011: Key Information Security Measures: by Industry, RN# G00208297 IT Key Metrics Data 2011: Key Information Security Measures: Security Priorities and Processes Questions? Interested in Custom Extracts or Benchmarking? Contact us at benchmarkinginfo@gartner.com More information on Gartner s Benchmark Analytics solutions can be obtained at: www.gartner.com/benchmarking Please feel free to participate in additional surveys at: www.gartner.com/surveys 2011 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice.
Gartner IT Key Metrics Data Series Overview IT Key Metrics Data is part of the Gartner Consulting Benchmark Analytics range of solutions and offers a macro-level look at Gartner s global database of comprehensive cost and performance measures. IT Key Metrics Data provides you with immediate access to authoritative data on IT staffing and investment levels as well as key technology cost and performance metrics. The spending profiles published represent key metrics data collected directly from CIOs, CTOs, IT leaders and practitioners with respect to their organizations IT investment levels and future IT budgets. These metrics enable improved budget and investment decisions with regards to the business and IT s changing environments. The IT Key Metrics Data program was established in the 1995 to support the strategic IT investment decisions of a G8 nation. Today IT Key Metrics Data is delivered online in an annual Gartner publication series of over 2000 metrics across 92 documents categorized by 5 core technology topic areas to allow you to rapidly identify high level IT spending, staffing and performance trends across 21 different industries as well as by technology area. These key metrics reports are broadly defined by 5 key areas of the IT portfolio: Key Industry Measures Enterprise-level total IT spending and staffing metrics across 21 industry verticals. Including current year and multiyear averages. Metrics based on enterprise size are often provided. Key Infrastructure Measures Technology domain specific unit cost, productivity and performance measures for the IT infrastructure environments. Including current year and multiyear averages for the Mainframe, Wintel server, Unix server, Storage, Client & Peripheral Support, IT Help Desk, Data and Voice Network environments. Metrics by workload size are often provided. Key Applications Measures Application Development and Application Support spend & staffing metrics, project measures, life cycle phase, productivity and quality measures (current year and multiyear). Key Information Security Measures Enterprise-level total spending and staffing measures by industry and region. Key Outsourcing Measures Enterprise-level total spending and staffing measures by industry and region. For a complete outline of all related published research in the series, see RN# G00208192 IT Key Metrics Data 2011: Index of Published Documents and Metrics (http://www.gartner.com/resid=1495114). Publication Date: January 18, 2011 3
TABLE OF CONTENTS IT Key Metrics Data 2011: IT Security Summary Report... 5 IT Security Spend as a Percent of IT Spend... 5 IT Security Spend as a Percent of IT Spend By Industry... 6 IT Security Spend Per Company Employee... 7 Distribution of Security Spend: Hardware, Software, Personnel, Outsourcing... 7 Security Priorities... 8 Employee Training After Hire... 9 Password Change Policy... 10 Performance Measurement Solutions from Gartner... 11 About Gartner... 12 Publication Date: January 18, 2011 4
IT Key Metrics Data 2011: IT Security Summary Report Looking Ahead The measures that follow highlight key cost and staff measures in the IT Security environment. The measures explored should help to identify overall trends, although individual variations from these trends may be justified by specific business needs, as well as differences due to size and complexity of an organization s IT environment. IT Security Spend as a Percent of IT Spend 35% 30% 25% 20% 15% 10% 5% 5.6% 0% = Range = Average = Middle Quartiles Security spending as a percent of IT spend is helpful in understanding the relative level of security investment. IT Security is defined in different ways by different organizations. In order to ensure accurate comparisons we have developed a consensus cost model for IT Security which includes IT Operational Security, General IT Risk Process Management, IT Compliance Process Management, IT Privacy Process Management, and IT Disaster Recovery. Publication Date: January 18, 2011 5
IT Security Spend as a Percent of IT Spend By Industry Software Publishing and Internet Services Government - National/International Retail and Wholesale Professional Services Education Telecommunications Utilities Banking and Financial Services Industrial Manufacturing Industrial Electronics and Electrical Equipment Food and Beverage Insurance Healthcare Providers Government - State/Local 2.3% 8.1% 7.8% 7.3% 6.5% 5.9% 5.8% 5.6% 5.0% 4.7% 4.4% 4.0% 4.0% 9.3% 0% 1% 2% 3% 4% 5% 6% 7% 8% 9% 10% Percent Security spending as a percent of IT spend is helpful in understanding the relative level of security investment. Determining the right level of security investment involves much more than matching a database average. Factors such as level of risk, past investment, and organizational culture also play important roles. Publication Date: January 18, 2011 6
IT Security Spend Per Company Employee $6,000 $5,000 $4,000 $3,000 $2,000 $1,000 $0 $578 = Range = Average = Middle Quartiles Security spend per employee is another indicator of security investment. Using this denominator provides a more stable baseline since the number employees tends to vary less year to year than IT Spend does. Distribution of Security Spend: Hardware, Software, Personnel, Outsourcing 21% 29% 40% 10% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Hardware Software Personnel Outsourcing Security spending has a large personnel component. Distribution of security costs provides an understanding of costs drivers in the security environment. Publication Date: January 18, 2011 7
Security Priorities Data Loss Prevention User Provisioning or Identity Management 51% 54% Security Information and Event Management Network Access Control Intrusion Detection and Prevention Vulnerability Assessment Patch Management Application Security Antivirus Firewalls 44% 40% 39% 39% 38% 34% 34% 33% Strong User Authentication 28% Encryption for Servers, Storage or Databases Web Site Filtering or Blocking / Secure Web Gateway Remote-Access or Site-to-Site VPN Encryption for E-mail/Secure E-Mail Gateways 22% 18% 18% 15% Integrated Security Appliance 7% 0% 10% 20% 30% 40% 50% 60% Percent Security priorities are determined based on the total number of ranking opportunities for each item. Keep The Bad Guys Out initiatives such as intrusion prevention and data loss prevention maintain their importance in recessionary times. Publication Date: January 18, 2011 8
Employee Training After Hire Annually 54% Semi-Annually 16% None 30% 0% 10% 20% 30% 40% 50% 60% Percent This looks at how often organizations provide security training to employees beyond initial training at hire. Seventy percent of the organizations provide security training to employees at least once after hire. Publication Date: January 18, 2011 9
Password Change Policy >=30 Days 8% 31-60 Days 30% 61-90 Days 48% >90 Days 11% None 3% 0% 10% 20% 30% 40% 50% 60% Percent It should be noted that the password change policies are dependent on: Risk, likelihood that passwords have been compromised, password complexity, and account types. Publication Date: January 18, 2011 10
Performance Measurement Solutions from Gartner IT Custom Benchmark and Executive Solutions These solutions analyze the costs associated with operating internal IT functions and the price competitiveness of outsourced IT services. Gartner IT Custom Benchmarks are individually configured, project-specific benchmarks that support mergers and acquisitions, the implementation of packaged software, or the support of major outsourcing contract evaluation. Through on-site data collection and client interviews, Gartner s IT custom benchmarks leverage proven tools, and pre-packaged measurement components to streamline the process and ensure quality. Gartner IT Executive Benchmarks help to support periodic events such as a performance review, strategy planning and the annual budgeting cycle. The Gartner team helps to collect the necessary data and the results are delivered in a formal on-site presentation. IT Executive Benchmarks provide a detailed analysis of the situation and are focused on delivering tangible results. We provide peer-group price & cost comparisons for clients in the following areas: Application Development and Support (including ERP Support) Client & Peripheral Support and IT Help Desk Data and Voice Network Enterprise Computing (Unix, Wintel, Linux, Mainframe) and Storage IT Service Catalog Rate Assessments Outsourced IT Services High-Level Spending and Performance Scorecards and Metrics Gartner for IT Leaders Scorecard: Provides an objective external assessment of IT investment or costs and service levels designed to identify strengths and areas for improvement based on a peer comparison using standard measurement frameworks for tracking and communicating IT performance. CIO Scorecard IT Budget Scorecard Application Development and Support Scorecard Green Information & Communications Technology (ICT) Scorecard Information Security Scorecard Infrastructure & Operations Scorecard PMO Scorecard And more... Gartner IT Key Metrics Data: Published Metrics, IT Key Metrics Data provides you with immediate access to authoritative data on staffing levels, spending, key performance metrics and trends for all areas of IT to support your business Publication Date: January 18, 2011 11
About Gartner More information on Gartner Benchmark Analytics can be obtained by contacting your Account Executive, or going to www.gartner.com/benchmarking To participate in more IT Key Metrics Data surveys go to: www.gartner.com/surveys Gartner Consulting brings together Research insight, Benchmarking data, problem-solving methodologies and hands on experience to improve the return on your IT investment. Understanding: We know the issues you face 80% of the Fortune 500 use Gartner for their key technology initiatives We deliver business value in over 1500 high-impact initiatives a year Every year, we deliver over 5,500 IT cost and performance benchmarks Capabilities: The data, tools and capabilities to help Gartner solutions address the specific needs of each industry All of our solutions are based on Gartner's extensive Research Every solution makes use of our performance benchmarking data We employ seasoned consultants, with an average of 15 years experience Experience: We help you deliver tangible results Our clients spend 38% less than their peers for the same workload In 2008, our contract optimization services saved our clients over $400M Gartner, Inc. (NYSE: IT) is the world s leading information technology research and advisory company. We deliver the technology-related insight necessary for our clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, we are the valuable partner to 60,000 clients in 11,000 distinct organizations. Through the resources of Gartner Research, Gartner Executive Programs, Gartner Consulting and Gartner Events, we work with every client to research, analyze and interpret the business of IT within the context of their individual role. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, U.S.A., and has 4,400 associates, including 1,200 research analysts and consultants, and clients in 85 countries. Publication Date: January 18, 2011 12