Feature: Our Fourth Annual Reader Survey

In open-ended responses and follow-up interviews, readers confirmed that these upside-down spending priorities are being driven by recent news events: natural disasters wiping out data stores; exposure of private customer information by Fortune 500 companies; conviction of high-profile executives for financial fraud, and related regulatory litigiousness; and continuing proliferation of worms, viruses and spyware on enterprise networks.

"Security is perceived by IT as a combination of guerrilla warfare, espionage, vandalism, anarchy and chaos," says Roger O'Daniel, president of a Minneapolis consulting firm that works with many IT organizations. "IT people are afraid of the bad guys--they fear the consequences of security breaches, and they are frustrated by the lack of a silver bullet to make it all go away."

Many organizations are also wrestling with government regulations, including SOX (Sarbanes-Oxley) and HIPAA (the Health Information Portability and Accountability Act), that require enterprises to do a better job of storing, managing and protecting computer data. "I wish there was a magic wand for SOX," laments one reader. "It's a complex, ever-changing problem that everyone wants resolved too quickly."

Meantime, IT managers are struggling to protect their staffs from creeping cutbacks. For the second year in a row, about 45 percent of survey respondents said they expect to spend more on technology in the coming year, while 88 percent again said they expect their IT staff sizes to stand pat or decrease.

Security BlanketNo matter what the question for 2006, security ms to be the answer. When asked to name their two greatest challenges in the year ahead, 38 percent of survey respondents selected "ensuring the security of my organization's IT systems and data," the No. 1 answer, just ahead of "controlling IT costs" (37 percent). Integration is also a top priority, but when we asked readers to name their greatest challenge in that area, guess what they chose? Yep, security systems. Thirty-three percent of respondents cited integrating "a variety of security hardware and software under a common architecture" as one of their two most important integration challenges. Maintaining high performance and system availability, by comparison, was cited as a top challenge by only 18 percent of respondents.

Enterprises have a wide variety of security technology projects in progress or on tap, including authentication (19 percent implementing now, 17 percent to implement in the next 12 months); encryption (16 percent and 20 percent); intrusion-detection/prevention systems (17 percent and 20 percent); security information management (16 percent and 19 percent); security policy enforcement (21 percent and 19 percent); and vulnerability scanning (13 percent and 17 percent).

Keeping users' machines "clean" has an immediate impact on bandwidth utilization and workstation performance, says Michael Bartlett, director of IT at Quantum Marine Engineering of Florida. "We m to be doing well with spam and viruses, but the spyware battle rages on," he says. Some 44 percent of readers cited spam and spyware control as a top spending priority for 2006 (for help combating spyware, "Toxic Payload").

Despite all this technology deployment, however, many IT pros still aren't confident in their infrastructure security. Some 44 percent of respondents said they anticipate their organizations will experience at least some downtime because of viruses or worms in the coming year. Intrusion detection and prevention systems, once viewed as luxuries, have become almost mandatory: 85 percent of companies say they will have these systems in place by the end of 2006.

Where's Your Data?During the first three quarters of 2005, a number of large, high-profile companies were embarrassed by the loss or exposure of private customer data, some of which was used by attackers to commit identity fraud. In several cases, the stolen data was stored in backup files and tapes, and the resulting furor has spurred many enterprises to take a second look at their storage, backup and disaster-recovery plans.

Fifty-two percent of readers cited storage as a top spending priority, while 69 percent have deployed SANs or will do so in the next 12 months. Dozens of readers cited SANs as the one technology that had the most positive impact on their businesses last year, and dozens more rated SAN rollouts as their most important project for the coming year. Some readers cited cost savings and improved efficiency as the reasons for moving to a SAN; others suggested that the SAN is part of a broader effort to improve storage processes and ensure compliance with government regulations.

Many enterprises remain skeptical about iSCSI. Nearly 68 percent of survey respondents disagreed with the statement that "iSCSI will prove to be as effective as Fibre Channel at a lower price point." However, that skepticism apparently isn't dissuading organizations from giving iSCSI a try: 43 percent expect to have the IP-based storage technology by the end of 2006.

Although technological improvements are driving some readers toward new storage initiatives, others said they simply want to avoid the mistakes made by companies such as Bank of America, which lost backup tapes earlier this year, thereby exposing sensitive customer data. The threat of terrorist attacks and the wrath of Mother Nature, meantime, has enterprises taking a second look at their backup and disaster-recovery plans. Among our survey respondents, backup and disaster recovery rated as a higher-priority budget item for 2006 than servers, network infrastructure and regulatory compliance--a major shift from past years, when disaster recovery ranked as one of the lowest spending priorities, and a response that preceded the recent Gulf Coast disaster.

Many survey respondents said they're looking for ways to improve the functionality and performance of current systems, automating critical functions while eliminating those that are redundant or unnecessary. The Craig Academy in Pittsburgh, for example, is rolling up 20 databases containing student demographic, educational, medical and psychological information into a single database. "The challenge is getting everyone to speak the same language, to agree on how things should be done," says Scott Stolar, the academy's network administrator. In our survey, 47 percent of readers cited databases as a top-priority budget item for the coming year.For other organizations, integration is about consolidating hardware, particularly servers, to improve reliability and make better use of available processing power. Some 36 percent of survey respondents said data-center consolidation is at the top of their budgets for 2006. Server consolidation/integration was also among the top vote-getters in our open-ended question on the most important projects planned for the coming year.

Just as important, integration is taking a front seat in technology selection. When asked to name their chief criteria for evaluating products, 53 percent of readers cited "the ability of technology to smoothly integrate with the existing IT environment"--the most important evaluation criterion in our survey, topping the No. 2 criterion, "ability of technology to cut enterprise costs," by nearly 17 percentage points. Some 85 percent of survey respondents said integration already receives a high level of consideration in their technology purchases.

So what's behind this renewed emphasis on integration? Based on interviews with readers, the two most likely drivers are controlling costs and making do with scarce IT staffs. For example, with a bigger budget and more responsibilities but the same staff, Quantum Marine Engineering is automating some functions, such as patch management, and consolidating others, such as servicing printers. "We are trying to be more organized, more automated, and just work smarter," says IT director Bartlett.

Although IT hiring and purchasing started picking up earlier this year, many survey respondents say inadequate resources are still their chief nemesis. Some 55 percent of readers expect their budgets to stay the same or shrink in the coming year, and more than 28 percent said they're steeling themselves for further IT personnel cutbacks. After security, "controlling IT costs" (37 percent) and "meeting IT goals with limited staff resources" (35 percent) were the most frequently cited challenges. Francis Tuttle Technology Center in Oklahoma City, for instance, is handling growth by eliminating the lowest-priority projects and doing "judicious outsourcing" of some noncore functions, says Al Smith, network administrator for the center.

Giving IT the BusinessFor the second straight year, survey respondents placed a high priority on improving relations with the business side of their enterprises and on aligning IT projects more closely with business needs. Some 65 percent of readers agreed with the statement, "IT is working more closely with the business units than it did a year ago." Ninety-two percent ranked "making a contribution to overall business goals" one of the most satisfying aspects of their jobs. And when asked which groups they would most like to improve their relations with, end users (29 percent) and business unit managers (22 percent) were the top choices.

Still, most IT pros feel their colleagues outside the department misunderstand them. In our survey, 69 percent of respondents disagreed with the statement, "End users generally have realistic expectations of IT service." Nearly 73 percent disagreed with the statement, "High-ranking non-IT executives generally understand IT's challenges and benefits." And 56 percent disagreed with the statement, "IT is usually consulted during the planning phase of a new business initiative."

"The one thing I find most frustrating about my job is the lack of appreciation that others have for the business aspects of IT," says Kent Brye, director of IT for the National Conference of Bar Examiners. "There's a misconception that IT doesn't know business, but we should be their best consultants, because we know the business processes so well."

Sixty-six percent of survey respondents agreed with the statement, "IT is generally perceived more as a service provider than as part of the core enterprise." Some 74 percent of readers think the IT group is viewed as a utility, where "performance is primarily evaluated by the level of system uptime and availability it delivers." And even though IT pros are becoming more business-savvy, most of them don't particularly enjoy the administrative aspects of their jobs (who does?). We weren't surprised that 88 percent of readers cited "politics" as one of their least-favorite job elements, and that 62 percent put "managing budgets" in that same category.

"We in IT need non-IT people to listen, invest their time and ask questions when presented with new technology and options," says one reader, who asks not to be identified. "We need a better way to speak a language that others understand, and we need to listen to what users are really saying. We also need to understand that many don't, and we should not assume that they do. Silence is not acceptance."

IT pros continue the quest to translate the value of their systems and processes into terms that can be understood by business managers. When choosing a product, 30 percent of respondents said its "alignment with business objectives" is a critical evaluation criterion, even more important than features and functionality. "Ability to give my organization a competitive advantage" and "long-term technology value/ROI" were also among the top seven criteria for evaluating products.So which projects and technologies will enterprises manage to squeeze into the coming year? After security, storage/backup and integration, voice over IP was cited most frequently when readers were asked to name their most important project for 2006. Indeed, after being in the minority in last year's survey, VoIP implementers are now the majority: 58 percent said they've deployed or plan to launch VoIP in the next 12 months. When we asked readers to name the technology that has had the most positive impact on their businesses over the past year, VoIP was the No. 2 answer, just behind security.

But for some, the jury's still out on VoIP. Like many other enterprises, Parimics, a semiconductor manufacturer based in Mountain View, Calif., is concerned about the cost and reliability, so it's running a pilot VoIP project rather than embarking on a full-scale rollout. Likewise, Premium Surface Fab won't move from plain old telephone service to VoIP until it can get guaranteed reliable connectivity, says Michael Bollman, a network administrator at the company. No surprise, then, that when we asked survey respondents to name the technology that has had the least positive impact on their businesses, VoIP was again one of the top answers. Some 42 percent of respondents said their shops have no plans for VoIP.

Linux is another technology that's either hot or cold, depending on how you look at the survey numbers. The open-source OS already is in 41 percent of readers' environments, and an additional 17 percent of respondents said they're deploying it now or will do so in the coming year. But 42 percent of readers said their organizations have no plans to use Linux. And as with VoIP, the number of readers who cited Linux as the technology with the "most positive" impact on their enterprises over the past year was nearly matched by the number who said Linux has had the "least positive" impact.

The debate is not about Linux's viability, but about its ability to support business applications that grew up on Windows. "Linux kicks ass, but it's hard to convince non-IT decision makers of that, because they don't feel comfortable with an environment that doesn't work like Windows," says a network engineer at a regional bank. "We are not considering Linux for anything at this point, because our management isn't comfortable with it." In our survey, 51 percent of readers agreed with the statement, "Linux is a viable alternative to Windows in my server environment," while 49 percent disagreed.

Wireless, another major area of innovation, is less controversial than Linux or VoIP. About 42 percent of respondents have deployed wireless LANs, and 32 percent are implementing it now or will do so in the next 12 months. When we asked readers to name their most important project for the coming year, wireless was one of the most frequently cited answers. Only 27 percent of respondents said they have no plans to use wireless LANs.But wireless technology is still emerging, and not all IT pros are sold on its value. When we asked readers to name the technology that has had the most positive impact on their enterprises in the past year, wireless received dozens of citations. But again, when we asked them to name the technology that has had the least positive impact, dozens more popped up.

Among the other technologies on readers' minds are customer-facing applications, a top budget line item at 43 percent of respondents' enterprises; server hardware (49 percent); server OSs (42 percent); desktop hardware (43 percent); and LAN/campus network infrastructure (41 percent). About 44 percent said they plan to have 10-Gbps networks in place within the next 12 months.Also of note are the "hot" technologies that aren't in readers' plans for the coming year. They include offshore outsourcing (84 percent have no plans); biometrics (77 percent); frame relay-to-MPLS migration (74 percent); and domestic outsourcing (72 percent).

Developing an Attitude

Does the flight to data security and safety indicate that IT pros are becoming more paranoid? Have their attitudes changed substantially with the swing of the business pendulum? We asked readers to tell us how they feel about their jobs; the responses don't suggest that they hear dogs talking in their heads.

In fact, most survey respondents still find plenty to like about their jobs. Ninety-four percent cited "learning new skills" as one of the things they like best, followed by "making a contribution to business goals" (92 percent), "challenging work" (91 percent) and "exposure to new and exciting technologies" (90 percent).

Still, it's not all wine and roses. In addition to disliking office politics, concerns include the "potential for outsourcing some or all IT functions" (83 percent), the "need to respond during off hours" (79 percent) and "stress of the environment/industry" (74 percent). Salaries, relatively flat for the past few years, appear to be nudging upward: 78 percent of readers say they've gotten a raise within the past 24 months.IT pros also are struggling to understand emerging technologies and rules. In our survey, 53 percent of respondents disagreed with the statement, "My IT organization has a clear understanding of what must be done to bring its systems into compliance with Sarbanes-Oxley regulations." In interviews and open-ended responses, readers lamented that regulations such as SOX and HIPAA are too vague, putting them at the mercy of capricious auditors. Respondents also expressed frustration with the complexity of a number of emerging technologies, including security policy enforcement and authentication, VoIP and SOA (service-oriented architecture).

But security remains the overarching IT challenge. Says one reader: "If you don't do security right, everything else is just a waste of time."

Tim Wilson is Network Computing's editor, business technology. His background includes four years as an IT industry analyst and more than 14 years as a journalist specializing in networking technology. Write to him at [email protected].

Some of the most amusing answers we received in this year's survey came in response to a single question: "If you could remove one function from your job, what would it be and why?"One of the top responses: end users.

"They ask for help, but they don't like what I have to say, and then they don't remember what I said," one reader told us. "The world is controlled and run by incompetent people!" said another. One reader even offered a quote from Jacques Anatole Thibault (1844-1924): "If a million people say a foolish thing, it is still a foolish thing."

We're not disagreeing with these readers, but you really have to wonder whether they've chosen the right profession.

Other pains in the neck include politics ("it sucks," said one reader), documentation ("it makes me crazy") and excessive meetings ("waste of time").

One reader actually told us "implementing new technologies" would be the one thing he would cut from his job. "It's a no-win situation," he said. Maybe the punch cards got stuck in his UNIVAC.

We posted our fourth annual reader survey on the Web from June 22 to Aug. 10, 2005. We provided links to the poll on www.nwc.com, in our e-mail newsletters and in two print editions of Network Computing. We also sent personalized e-mail messages with an embedded link to the poll to all subscribers who had agreed to allow e-mail communications from us. We received 1,747 valid responses from IT staffers, managers, and midlevel and corporate executives. Ninety-two percent of the respondents are involved full time in IT and 8 percent are business managers with an interest in IT.

More than a third of the respondents gave Network Computing editors permission to follow up and interview them further. We grilled readers in a variety of industries, including computer services, education, government, health care, manufacturing, retail sales and banking, about their attitudes toward IT, their technology plans, and their methods for interacting with users, staff and management.

The survey was tabulated by CIC Research. The margin of error was +/- 2.0 percent at a 95 percent confidence level.0