The events of Sept. 11, 2001, riveted the nation's attention on security, in both the physical and the cyber realms. A year later, data security remains a priority, but it's the federal government that's putting its IT money where its mouth is, solution providers say.
"There's certainly been a lot more focus on security in the government," said Barry Stauffer, CEO of Corbett Technologies, an Alexandria, Va.-based solution provider that primarily serves federal customers. "Initially, there was a slowdown while customers tried to figure out what they wanted to do. Now they seem very clear about doing a number of things."

Most important, they're funding security projects, Stauffer said. Federal agencies are expected to spend $4.1 billion a year on IT security by 2006, up from $1.3 billion in 2001, according to research firm Input.

On the other hand, corporate spending on IT security has been tepid, with many companies viewing system security as a cost burden as they scramble to energize slack sales, Stauffer said. "Business is terrible, and therefore businesses are not investing in overhead functions," he said.

Fears of cyberterrorism stirred by last year's attacks have failed to overcome a slumping economy and spur IT security business, according to Danielle Fournier, president of ARX Partners, a security consulting firm in Watertown, Mass. "Even with the attention on network breaches, malicious acts and continued threats, the promise of increased business has largely failed to materialize," she said.

Many businesses have put the events of Sept. 11 behind them, even though they still face significant IT security threats, Fournier added. "Every company and individual should be far more aware of security than they are," she said.

The terrorist attacks immediately drew attention to information security, but spending priorities differed, noted Alan McLaren, president of WhiteHat, a Burlington, Ontario-based security solution provider. A lot of companies pushed IT security projects back several months because they were forced to spend more on physical security and disaster-recovery solutions, he said.

What's more, businesses are scrutinizing their data security purchases more closely because the moody economy has forced them to tighten their purse strings, McLaren said. Many companies that previously made buying decisions at the IT director level are now making them at higher levels in the management chain, he said.

"People are going to buy security products, but they'll be much more diligent about what they're going to buy," McLaren said. "They're trying to do the best with what they have, which isn't an easy thing in today's economy."

Nevertheless, companies that currently are scrimping on security technology likely are planning to meet that need later on, according to solution providers. For example, many businesses are now buying security audits to assess their future IT security needs, said Gary Fish, president and CEO of FishNet Security, Kansas City, Mo.

"We've seen an increase in security audit opportunities. Our audit team is booked," Fish said. "A lot of people just want to see how vulnerable they are and get recommendations in the budget for next year."

In that area, the government market remains a bright spot, though the spending is reasoned. Within the federal sector, agencies aren't rushing to buy the first technology they see but are making a huge effort to do their due diligence before making a purchase, said Bruce Tucker, president of Patriot Technologies, a security solution provider in Frederick, Md. "They want to make sure what's put in place is the best possible solution today," he said.

Many federal agencies also are taking a broader view of security in the wake of last year's events, Corbett's Stauffer added.

"They're very interested in enterprisewide security, whereas before they seemed to focus on it system by system," he said.