Identity management is top enterprise security priority

Data-loss prevention, antivirus, firewalls, and intrusion prevention round out the list of enterprises' top five security concerns, according to Gartner survey

Identity management projects are getting the top attention in enterprises in terms of security spending priorities, according to Gartner, which will be taking up the subject at its annual Gartner Security & Risk Management Summit 2010 conference later this month.

IT professionals at 308 companies participated in the survey.

[ Find out how to block the viruses, worms, and other malware that threaten your business, with hands-on advice from InfoWorld's expert contributors in InfoWorld's "Malware Deep Dive" PDF guide. ]

Gartner conducts the survey annually to assess trends, and this year it appears that projects that may have been put on the backburner because of the recession are now being put into action.

While identity management ranks first in the top five priorities for security, the balance in the list includes data-loss prevention, antivirus, firewalls, and intrusion prevention.

Identity management appears to be taking the lead as a top priority as businesses look to deploy some of the more advanced federated identity technologies both within the enterprise for single sign-on and as a way to potentially extend identity-based access control into cloud-computing environments.

Gartner research director Vic Wheatman acknowledges he finds it "odd" that antivirus, long established in the enterprise, would continue to be ranked in the top five list so highly in terms of IT security projects. But in terms of firewalls as a priority, he notes that there's a movement to install next-generation firewalls.

In 2009, intrusion detection and prevention was ranked as highest priority, followed by vulnerability assessment, identity management, antivirus and security events repairing. But in 2009, "some projects were put on the shelf because of the economy," he notes, leading to a scaleback in large capital-intensive projects.

The Gartner 2010 analysis of what organizations are spending on IT security as part of the overall IT budget is down 1 percent over the year before to 5 percent, but Wheatman says that's hardly considered dramatic and falls within the 3 o 6 percent range that Gartner believes is appropriate.

IT security outsourcing typically ends up listed in personnel budgets, and there appears to be a slight uptick in that arena as well, Wheatman adds.

Gartner also points out that in terms of what global CIOs at the end of last year said in a separate survey about the top technologies they were focusing on, "virtualization" ranked No. 1, followed by "cloud computing," and "Web 2.0."

Read more about infrastructure management in Network World's Infrastructure Management section.

This story, "Identity management is top enterprise security priority" was originally published by Network World.

Copyright © 2010 IDG Communications, Inc.