There is no sign of relief for those waging the IT security battle with cost and complexity issues spiralling out of control.
New research has found companies have increased IT spending by as much as 50 percent in the past year; however, more than 80 percent of respondents to a survey claim the technology they're buying remains too complex.
Typically, organizations spend about 13 percent of their overall IT budget on security, according to the third annual Global State of Information Security Study 2005 jointly conducted by CIO Magazine and PricewaterhouseCoopers which interviewed 8200 IT security professionals from 62 countries.
In another survey released this week, which covers 50 Australian enterprises with 1000 to 5000 employees, 32 percent said IT security costs had jumped by 50 percent.
More than 80 percent of respondents to the survey by security vendor Crossbeam Systems were concerned about the complexity of their security architecture.
Peter Owen, Crossbeam Systems A/NZ manager, said specialist resources are increasingly required to configure, monitor and manage security products.
"This proliferation of security software and hardware systems - and the administrators required to operate them - has seen the cost of securing the enterprise rise sharply in recent years," he said.
Victoria University communications systems engineers Marro Kim and Joanne Folino said products need to be simplified and security training enhanced. "IT departments scratch their heads trying to get network security right, particularly with wireless," Kim said.
"For example, using a VPN with wireless is best practice but it is still an extra layer to adopt.
"Anything vendors can do to simplify security is good, and to achieve this they should work more closely with customers to identify what is important."
Attending Cisco's Networkers conference on Queensland's Gold Coast (turn to page 14 for full coverage), Kim said the networking giant has come a long way in the security stakes in the last couple of years.
Folino said more security training would give end users a better understanding of the many components of the network.
Cisco's vice president and general manager of the VPN and security business unit, Richard Palmer, said historically the security paradigm involved point solutions which has been ineffective, so now more integrated products are entering the market.
Wireless, he said, destroyed the notion of a perimeter and technologies based around "reactive mechanisms" are increasingly ineffective.