IT professionals working in compliance and corporate governance appear to be feeling less heat when it comes to...
allocating time and money to big regulatory initiatives in 2018.
That's according to findings of the TechTarget IT Priorities 2018 survey: Among the slice of survey takers who reported working in compliance or corporate governance, 40% reported their organization planned to implement a compliance or legal discovery initiative this year, down from the nearly two-thirds of GRC professionals who said they planned to do so in the 2017 survey.
Experts said the downward trend could be a reflection of companies only wanting to do just enough to remain compliant with relevant regulations, while saving face within their industry and with customers.
"They are still focused on compliance, but they are more focused on how it looks when they say that they are compliant," said Kevin Johnson, CEO of security consultancy Secure Ideas in Jacksonville, Fla.
Despite the drop, compliance or corporate governance was still the No. 1 priority cited by the survey takers, followed by big data and business analytics projects (32%) and network technology upgrades (25%).
And, according to IT specialists, a strong focus on compliance and other regulatory management duties certainly remains necessary for GRC professionals to succeed in today's global economy.
"Compliance means a lot more today than it did in the past, because the industries are more on the global scale," said Roy Wattanasin, an information security professional who has worked in the healthcare industry. "A good example of this is GDPR [General Data Protection Regulation], which becomes effective in May 2018. Different legislative bodies are cracking down on companies that are not compliant and adhere to laws."
Now in its ninth year, the IT Priorities 2018 survey queried more than 1,000 IT professionals about the key application, infrastructure and other tech-related initiatives their companies will be undertaking this year. The respondents represented a wide range of industry verticals based in North America.
Cloud full steam ahead
Reg HarnishCEO, GreyCastle Security
Cloud initiatives also figure large for the 137 survey respondents working in compliance and corporate governance.
When asked which type of data center management projects they expect to deploy in 2018, 51% chose cloud management tools to configure, provision, maintain or adjust cloud resources. This was followed closely by cloud monitoring projects that track and analyze cloud performance (47%).
The trend was not a surprise to Johnson, who said the cloud is an increasingly attractive, viable tech option for industry because of its "cost and flexibility."
"As new technologies come out, it's easier for people to deploy them in a third-party cloud system," Johnson said.
Cloud also topped the list of software initiatives for this group's 2018 plans, with 35% reporting cloud-based applications will be deployed this year. Rounding out the top three for software initiatives were those geared toward business intelligence and analytics (33%) and big data processing and management (22%).
When asked which cloud-based, software as-a-service applications they expected to implement in 2018, business process management (52%) topped the list, while customer-facing apps were also popular choices: Thirty percent expected SaaS apps would be used for customer experience management, and 36% chose customer relationship management.
Reg Harnish, CEO of GreyCastle Security, based in Troy, N.Y., agreed with the assessment that the cloud remains more popular than ever because of its economic benefits.
"The reason that or businesses and organizations are willing to invest in the cloud now is because it is almost economically negligent to not use the cloud," Harnish said. "The reality is that the cloud is way, way, way cheaper than trying to do some of the stuff yourself."
Securing this cloud data was also a concern: Thirty-one percent of respondents expected to implement a cloud security initiative in 2018. Others factors expected to drive 2018 security initiatives included encryption, data loss prevention, and identity and access management, the IT Priorities 2018 Survey found.
Although IT security projects were a priority for survey respondents, technology pros said it might not be for the reasons many might think: For modern businesses, and the GRC professionals they employ, it's as much about avoiding a bad cybersecurity reputation as it is about protecting data.
"If your organization operates in an industry where reputation or public opinion are important to your success, then that factors into your decision to do cybersecurity or not," Harnish said. "It's still a third party that's forcing you to do it. You didn't come up with this, and it's not your idea; you're not doing it because of all the right reasons."
Johnson agreed, noting that businesses are taking cybersecurity more into account during business planning, and security budgets are increasing to reflect the change. However, executives often concentrate on the potential ramifications that come after a breach.
"When I talk to these C-level executives, these boards of directors, one of the main questions they are asking is, 'How do we handle public exposure?'" he said. "I don't think it's bottom line; I think it's reputation."