Security Tops IT Priority List

Gartner: War worries, possible government requirements make security No. 1 issue for manufacturers

San Jose, CA  February 20, 2003  As the threat of war looms and the government mulls imposing tighter restrictions on information technology, security is shaping up to be the most critical IT priority for the manufacturing vertical market in 2003, according to a new survey by Dataquest, a unit of technology consultancy Gartner.

From December 2002 through January 2003, Dataquest conducted an e-mail survey of 35 manufacturing IT decision makers in the United States to identify the industry's key business issues, technology drivers and IT spending priorities. The respondents were asked to rank the importance of a list of IT projects for their organization.

Manufacturers rated security as the most important IT project, followed by enterprise resource planning (ERP), including upgrades and extensions. Web services came in at No. 3. Security also topped the list of IT spending priorities in a recent survey of chief information officers by investment bank Morgan Stanley.

"Security is top-of-mind today because of a number of business, competitive and environmental factors," said Geraldine Cruz, senior analyst for Dataquest's IT services group. She noted that, based on the survey results, manufacturers anticipate the U.S. government will issue regulations requiring more stringent IT security, although it is uncertain whether or not this expectation will become a reality.

"In addition to regulations, the threat of war could spur some manufacturers, such as aerospace and defense manufacturers and those with significant government contracts, to fortify the security of their IT systems," Cruz added.

The analyst went on to note that, on the business front, trading partners are increasingly requiring that manufacturers demonstrate the security of their information systems before the partners are willing to share data and transactions. "Manufacturers also have a personal interest in securing trade secrets, intellectual property and operational data that, if compromised, could undermine their competitive advantage in the industry," Cruz explained.

Dataquest analysts said that going forward, security issues might not be confined to pure security projects. As the manufacturing industry links internal functional and business units with global trading partners, security could play a larger role in a number of enterprise applications and technology deployments, including supply chain, customer relationship management and Web services projects.

In addition, as security issues take center stage, return on investment (ROI) and other metrics of IT project success will need to shift from benefits delivered to risks or cost avoided. This will entail business-specific measurement techniques that are more sophisticated than just a comparison of security benefits achieved versus investments made, Dataquest asserted.

Moreover, if manufacturers do not implement formal enterprise risk management techniques to select and deploy security technologies equal to the risks, the analysts said, they may end up investing because of fear, uncertainty or the compulsion to keep up with what peers are doing.

"Just like with other hot applications and technologies of the past, manufacturers may over-invest and not enjoy true risk management benefits," said Cruz. "Because metrics are not easily measured, manufacturers may continue to invest until their budgets are overtaxed or until the industry loses interest or becomes more complaisant."