Security budgets are increasing in 2009 to consume 12.6 percent of the entire IT operating budget, up from 11.7 percent in 2008, according to Forrester Research's survey of 942 IT and security managers in North America and Europe.

Staffing and upgrades to existing security technology are taking up over half of the IT security budgets overall, according to Forrester's report, ‘The State of Enterprise IT Security: 2008 to 2009'.
The survey also shows 20 percent of the available IT security funding this year is expected to go to security outsourcing, consultants and managed services, with another 18.5 percent targeting new security initiatives.

Full-disk encryption was cited as the top client security technology to be piloted or adopted this year, along with file-level encryption. About a fifth of the organisations also said they expected to pilot or adopt data-leak prevention during the next twelve months, though there appears to be less interest in desktop DLP than network-based DLP.

The survey's respondents also indicated interest in deploying identity and access-management (IAM) technologies, particularly single sign-on, unified monitoring of users' rights and activities and provisioning. The main reason given for adopting IAM was security and governance along with regulatory compliance. Among the technologies least anticipated to be piloted or adopted is application lockdown for endpoint control.

Not surprisingly, the biggest challenges for data security were cited to be "cost and business justification" and "complexity of architectural efforts needed," according to the 942 respondents.