While 38% of respondents reported that their overall IT budgets were down from 2008, only 16% were cutting compliance budgets, and 39% were increasing budgets (with 44% holding the line). Compliance is a mandate, it would seem -- or more properly, a series of different mandates. No single factor was cited by respondents as driving their efforts. Industry-specific legislation was the most popular driver for 27% of respondents, with the Health Insurance Portability and Accountability Act, litigation discovery and the Sarbanes-Oxley Act all fairly close behind.
As to what the money will be spent on, compliance budgets will purchase backup/recovery equipment or services at half of IT shops. Also high on the shopping list are data protection tools (44%), archiving software or services (38%), log management (35%), content management (30%) and governance/risk management software (26%).
IT departments will also upgrade existing systems to support regulatory compliance. Most commonly, security systems will get upgrades (63%), as well as backup tools (52%), archive systems (46%) and WANs (46%).
One wild card in compliance planning has been the impact of virtualization, particularly at the server level. Despite
Requires Free Membership to View
When you become a member, my editorial team will provide you with expert insight for creating and maintaining a manageable compliance infrastructure. From targeted tips to webcasts and discussion forums, we have you covered.
Scot Petersen, Editorial Director, SearchCIO-Midmarket.com
issues related to having solid audit trails of virtual machines as they move from one physical server to another, most respondents were not concerned. "No impact," said 43%, and 17% said virtualization would make compliance easier, compared with only 4% who thought it would make their compliance jobs harder.
Compliance seems to fit into a more general pattern of how IT is dealing with the economic downturn: make sure the business has the software it needs, consolidate with virtualization to keep costs in line, and make sure external mandates like disaster recovery planning and regulatory compliance are met. That was the overall picture presented by this survey, both in the midmarket and large enterprises.
One more interesting finding of the survey: 45% of top IT managers are involved with or aware of the compliance budget. That's compared with 60% to 80% involvement with the traditional IT stovepipes, such as networking, servers or applications. So compliance is becoming more a part of IT, but not as much as more venerable activities.
Let us know what you think about the story; email: Mark Schlack, Vice President, Editorial