High-level IT managers report that while budgets are down for many this year, most will go easy when it comes to trimming regulatory compliance budgets. That's according to a recent survey of 275 members of SearchCIO.com and SearchCIO-Midmarket.com.
While 38% of respondents reported that their overall IT budgets were down from 2008, only 16% were cutting compliance budgets, and 39% were increasing budgets (with 44% holding the line). Compliance is a mandate, it would seem -- or more properly, a series of different mandates. No single factor was cited by respondents as driving their efforts. Industry-specific legislation was the most popular driver for 27% of respondents, with the Health Insurance Portability and Accountability Act, litigation discovery and the Sarbanes-Oxley Act all fairly close behind.
As to what the money will be spent on, compliance budgets will purchase backup/recovery equipment or services at half of IT shops. Also high on the shopping list are data protection tools (44%), archiving software or services (38%), log management (35%), content management (30%) and governance/risk management software (26%).
IT departments will also upgrade existing systems to support regulatory compliance. Most commonly, security systems will get upgrades (63%), as well as backup tools (52%), archive systems (46%) and WANs (46%).
One wild card in compliance planning has been the impact of virtualization, particularly at the server level. Despite issues related to having solid audit trails of virtual machines as they move from one physical server to another, most respondents were not concerned. "No impact," said 43%, and 17% said virtualization would make compliance easier, compared with only 4% who thought it would make their compliance jobs harder.
Compliance seems to fit into a more general pattern of how IT is dealing with the economic downturn: make sure the business has the software it needs, consolidate with virtualization to keep costs in line, and make sure external mandates like disaster recovery planning and regulatory compliance are met. That was the overall picture presented by this survey, both in the midmarket and large enterprises.
One more interesting finding of the survey: 45% of top IT managers are involved with or aware of the compliance budget. That's compared with 60% to 80% involvement with the traditional IT stovepipes, such as networking, servers or applications. So compliance is becoming more a part of IT, but not as much as more venerable activities.
Let us know what you think about the story; email: Mark Schlack, Vice President, Editorial