We Asked, You Told: Our Second Annual Reader Survey

Dollars and Cents

There's no relief in sight for those who manage IT budgets. Asked what the biggest roadblock is to implementing new technology, nearly two-thirds cited a limited budget. Other reasons included unclear ROI (15 percent) and inadequate staffing (10 percent).

Kawasaki Motors Corp., in Irvine, Calif., is looking at a 10 percent cut in technology spending for the second straight year, from a current budget of $2 million to support some 500 users. David Claver, the motorcycle manufacturer's telecom network administrator, says he doesn't know where the dollars will come from. He's sure the cut will mean elective projects, such as VoIP (voice over IP), will have to be put on hold. It probably also will mean a salary freeze, following a sharp reduction in increases last year. Still, Kawasaki recently installed a new shipping system and upgraded its Novell file server. The company also is in the process of migrating from token ring to switched Ethernet and deploying a new financial package from Cognos.

Claver, who's been with Kawasaki for 15 years, is frustrated. "We're expected to do more in less time," he says. "Everyone wants the project to come in on time with fewer people or the same number of people. And no one wants to say that if this project doesn't get done, it's OK."

Everything is a priority, but nothing gets the resources necessary to do the job, he says.At PepsiCo, the IT budget will remain flat in the coming year. But lead network engineer Bryan Cleal says downward price pressure on Internet and carrier services will free up new funds even without a budget increase. Even so, he's being directed to piggyback new services, such as IP telephony, on existing equipment, to wring more value out of systems the soft-drink maker already owns.

"There has been a lot of pressure to extend life and extract additional functionality out of systems," according to Cleal.

Those who hold the purse strings are emphasizing prudence over pizzazz. Server hardware topped the list of technologies that will get the most funding this year, followed by security, network infrastructure and business applications. Coolness is clearly a handicap: At the bottom of the priority list were convergence (IP telephony, videoconferencing and the like) and mobile and wireless systems. Yet it's notable that when we asked which technology project had the largest impact in the past year, mobile and wireless ranked third, with 5 percent, and VoIP ranked ninth, at 3 percent. The top vote-getters were business applications (10 percent) and Windows (8 percent).

Audio- and videoconferencing are getting the most attention from those who are devoting resources to convergence, though nearly a quarter of respondents said they will tackle VoIP and unified messaging in the next 12 months.

A popular project is server consolidation. Washington Penn Plastic, a Washington, Pa.-based manufacturer of thermoplastics and resins, brought in a consultant to assess the company's server network resources and identify where it was spending too much on software licensing. "Servers were springing up like rabbits," says applications architect Rob Swider. "It was getting out of hand." For example, the manufacturer pays for six Microsoft SQL Server licenses because different departments have deployed their own copies. Swider is looking at one large server to host all of them to lower the fees and make sure upgrades and patches are easy to implement. (Microsoft insisted that Washington Penn use a Microsoft "gold" partner in its area, Allin Consulting, to assess the savings opportunities. It doesn't take a cynic to see why that's a potential conflict of interest.)Universities, in particular, are having trouble planning IT projects because the budget picture is so uncertain. Chris Hoogendyk has a long wish list of upgrades he'd like to make in the 26-story library at the University of Massachusetts at Amherst, where he is network specialist and Unix administrator. But because the library serves five colleges and they all use a mix of public and private money, projects are funded in fits and starts.

When a batch of money came free recently, the library replaced 50 PCs that were too old to run Windows 2000 and the latest apps. Hoogendyk says he wants to upgrade 250 more machines. He also wants to modernize the wiring on the network, to keep up with current standards, and to replace the last of the hubs running in the building with Cisco switches. He considers these items high priority, but he has the money to do only some of them now, with the rest slated for next summer, if he's lucky.

Also on hold is a "digital library" initiative that would give members online access to reference materials and special collections. The project stalled when the two librarians in charge of the project left.

"It's just a matter of people biting their tongues and making do," Hoogendyk says.

At Columbia University in New York, upgrades to the biomedical informatics systems are on hold. IT manager Frank Fries, one of three IT people supporting 100 users in the department, says server consolidation has been a goal for two years running, but the money to do it has been elusive because operating budgets have been frozen or cut.Some IT shops are luckier than others, of course. Eric Beasley, senior network administrator at Baker Hill Corp., a developer of specialized software for financial services companies, says his Carmel, Ind., company has been insulated from the economic pain because his customers haven't been affected by the slump. IT will see a budget increase as high as 20 percent, and Beasley says he expects to add three employees to his current five-person IT staff, specifically to help maintain the hosted version of Baker Hill's CRM (customer relationship management) software.

Among the big projects Baker Hill will tackle: load testing and quality-assurance tools for its Web-hosted apps (total bill: roughly $150,000), e-mail archiving to reduce the burden on Exchange ($25,000) and unified messaging ($50,000). These are large undertakings for a company with 140 employees.New applications are taking a back seat to shoring up infrastructure. More than anything, IT shops are trying to squeeze more juice out of the hardware and software they have. Asked to list their top priorities in the coming year, the top vote-getter (53 percent) was "extending the lifespan of deployed technology." Next came "adding capacity to the infrastructure" and "deploying new technology" (both 47 percent), followed by application integration (46 percent).

IT and business managers are demanding more accountability for the IT services they perform and outsource, and enterprises are demanding more formal SLAs (service-level agreements) across the board. The most dramatic SLA spikes over 2002 were for helpdesks (more than double last year's response rate, to 53 percent), internal Web sites (nearly double, to 33 percent) and external Web sites (up 14 percentage points, to 40 percent).

The increased interest in SLAs can be attributed not only to more scrutiny of IT overall but, in some cases, to a new focus on compliance. The National Credit Union Association, for example, now regularly audits member institutions for IT service levels and security. Armed with new SLAs, Joe Lio, IT director for the South Florida Educational Federal Credit Union in Miami, discovered that a network scanning vendor he was using wasn't performing scans as thoroughly as the contract required. The vendor was dropped.

Asked which service levels they measure, 70 percent of respondents said availability, 52 percent said throughput, 50 percent cited user response times and 43 percent said transaction response times.Microsoft still owns the user community's mind share for Web services, with one in five respondents saying they have deployed the vendor's .Net technology and 40 percent of respondents saying they are evaluating it. But Oracle catapulted to the top spot for current Web services deployments, with nearly a third saying they are using Web services technology from Oracle, though many fewer users (15 percent) said they are evaluating Oracle.

Nearly everyone we interviewed for this story uses some form of Web services. Some use it to connect their back-end systems to customer-facing Web sites, others to let human resources offer pay stubs online and eliminate paper delivery, and still others to perform research projects with partners.

Open-source tools are creeping into the mainstream. Columbia University's biomedical informatics department uses a variety of vendors but encourages use of the Apache Web server, Tomcat Java application server and Open LDAP directory.

"From a stability standpoint, this stuff works," says Fries, who in addition to serving as Columbia's IT manager is a software developer on some research projects. What's more, he says, "We can get into the code and customize it to our needs."

Washington Penn Plastic also switched from Microsoft to open-source tools for development to cut costs, Swider says. The tools are less expensive, to be sure, but that's not the only reason for the shift. "It seemed like Microsoft would change the methodologies every year to drive the need for more tools and training," Swider says. "Open source is more stable."Although security was top-of-mind for much of the past year, enterprises hadn't yet been hit with the SoBig and Blaster worms when we fielded this survey. Still, 80 percent of respondents said they had been hit with virus/worm outbreaks. However, only 26 percent said they were the victims of exploitations of known vulnerabilities in packaged software, and 17 percent said the same of exploitations of unknown vulnerabilities in packaged software. Both represented a drop of around 10 percentage points from last year. We suspect the numbers would be far higher if the study were fielded now.

The Windows systems in use in the library at UMass at Amherst have been "hammered to death," says network specialist Hoogendyk. "We haven't gone a year without major, major attacks." Viruses and worms are a particular problem on college campuses like UMass because there are tens of thousands of students plugging into the network, and at the beginning of a semester, many are new users.

The campus response center took between two and five days to get back to users recently after the school was hit with the Nachi virus, Hoogendyk says. Now the campus IT department immediately closes any port that detects a virus, and students have to call the helpdesk to have their computers cleaned before the port can be reactivated. As the Unix administrator, Hoogendyk estimates he spends one day per week patching Unix servers and scanning security advisories. That investment has paid off: The Unix systems haven't been breached since 1999. "Knock on wood, it terrifies me," he says.

Although the research arm of Columbia University wasn't directly hit by the SoBig virus, users were inundated with mail from outside systems that had been infected. As a result, IT may take more control of user PCs to maintain mail filters and other defenses, Fries says. Previously, users were given a degree of freedom to experiment with their computers for research purposes.

After years of focusing on perimeter security for customer-facing Web systems, PepsiCo is shifting its attention to application security, network engineer Cleal says. The company is consolidating its authentication databases and adding single sign-on to track users while they shift from one application to another. "We want to know that John Smith was in this app at this time and did these things," Cleal says.For the coming year, IT shops are prioritizing antivirus, intrusion-prevention and perimeter security products. Low on the security priority list are desktop firewalls, as well as IT and end-user training. (We think that's just plain crazy. If the heightened security awareness across IT has taught us anything in the past few years, it's that you don't solve the problem by simply building more walls. An educated workforce is the best defense.)

Experimenting with new security techniques is costing enterprises. Baker Hill, the software developer, scrapped a $30,000 intrusion-detection software package from Internet Security Systems because it generated more noise than information about real intrusions, according to net admin Beasley. "It was a waste of time. It gave me useless crap," he says.

Now, Baker Hill has gone with a Web application firewall from Teros to police its Web-hosted applications. Instead of reporting on intrusion attempts, the firewall enforces strict rules of acceptable use, kicking out any query that doesn't comply. "The Blaster worm would not be seen as acceptable use, and it's blocked by the firewall," Beasley says.Other tech findings from our survey:

• Asked whether they standardize on a single vendor for most technologies, prefer a best-of-breed approach or mix it up, most respondents (56 percent) said they prefer a combination. Nearly a quarter (23 percent) said they prefer best of breed, and 19 percent said they standardize.

• Nearly half (46 percent) of all projects are initiated solely by IT, 32 percent are initiated by business units other than IT, and 22 percent are initiated jointly. The IT-only approach jumped 6 percentage points from last year. We can explain this anecdotally: Last year we learned that most of the projects IT professionals initiated focused on infrastructure and systems upkeep, so the increase in those projects corresponds to this increase of project initiation by IT professionals.• Only 7 percent of respondents said they expect to increase outsourcing to overseas companies, despite the recent buzz about shipping development overseas.

• Some 59 percent of respondents test technology internally before deploying it, 16 percent use a combination of internal resources and outside help, and only 1 percent rely solely on outside firms. Seventeen percent said there is no standard procedure. (And for the 6 percent who say "we don't perform much technology testing," stop what you're doing and take a look at our Sept. 25 special testing issue--"DIY Network Testing")

• Microsoft maintains its commanding lead in server operating systems, with some 61 percent of installations, followed by Novell, Sun Solaris and Linux, each with about 8 percent. This is virtually unchanged from last year.

Jobs and Careers

The stress level is building in IT. By far the biggest dislike? A whopping 76 percent rate office politics unfavorably. But such politics are always part of the job.The other big dislikes are more revealing and timely: Respondents are stressed out about the state of the industry and worried about advancement opportunities.

Michael Northup, the lone IT staffer at Burton Saw & Supply Co. in Eugene, Ore., has a dark view of the future. He's not worried about himself. He's 58 and says he's pushing the end of his career. "If I were younger, I'd be looking for a different business," he says. "Between outsourcing and other trends, especially in small operations like mine, the IS guys will be just a grade above janitor. It'll be a maintenance kind of job."

IT workers are stretched thin, but don't expect much change anytime soon. Some 58 percent of respondents said IT headcount in their organizations will remain at current levels this year. About 20 percent expect an increase, and a roughly equal number expect a decrease.

All this means IT shops will continue treading water. "I think we're at a stable but critical level" of staffing, says Hoogendyk of UMass. "Stable in the sense that we can maintain what we're doing. Critical in the sense that we couldn't take another loss without loss of capability and services."

Because of stagnant budgets, training ranks low on the IT priority list, with only 20 percent of respondents listing it as one of their top three concerns this year. Those interviewed say that training is often the first line item to go when business slows down and the last to come back when business picks up."People on the budgetary end of things see it as a perk, an extra," says Fries of Columbia University. "If it comes down to spending $5,000 on extending training in Solaris or AIX or putting that money into storage, the money will go to storage. But in the long run it hurts us more."

There's not much training going on at the South Florida Educational Federal Credit Union, either. Lio, the IT director there, is concerned that his four-person IT department, supporting 180 users, isn't keeping up with much of the network technology it's deploying in new switches and routers.

"The knowledge we're missing is crucial in some cases," he says. The credit union does reimburse for education, "but people don't want to go to school on their own time."

Some IT managers warn of a greater risk. PepsiCo's Cleal believes training is the best way to retain good workers. "What I've seen over my career is that people who put their personal time and money into training are more likely to look for other opportunities when the market picks up again," he says.

There's still a lot to like about a career in IT, however. Respondents say their jobs are challenging, they're learning new skills, they like their coworkers and they're happy with their employers' commitment to quality."For us, the biggest return we get is that the piece of software we wrote is helpful in someone's everyday job function," says Swider of Penn Plastic. "We can see what they're getting out of our efforts."

And surprisingly, most respondents (60 percent) got a raise this year.

Among the other job-related findings from our survey:

• Respondents remain split on whether the IT department gets the professional respect it deserves. Some 56 percent said yes, and 44 percent said no. Last year the split was 52 to 44.

• Asked to characterize the degree of interaction between their companies' application and network operations groups, 54 percent say they interact regularly, 14 percent say individuals are assigned to that task, and 10 percent say the two groups almost never interact. Some 22 percent say their companies make no such distinction between groups.David Joachim is Network Computing Magazine's Editor/Business Technology. Contact him at [email protected].

Post a comment or question on this story.

We posted our second-annual reader survey on the Web from June 4 to July 7, 2003. We provided links to the poll on nwc.com and in the June 13 issue of Network Computing. We also sent a personalized e-mail message with an embedded link to the poll to approximately 44,899 Network Computing subscribers. We received 2,313 valid responses from IT staffers, managers and midlevel executives, and corporate execs. About three-quarters of respondents were IT personnel and the rest were business management.

We weighted the responses to accurately represent the profile of Network Computing's circulation base in terms of size of company. More than a third of respondents gave Network Computing editors permission to follow up and interview them further. We grilled readers with backgrounds in education, manufacturing, retail, financial services, consumer goods and high-tech about how IT decisions are made in their organizations and how business managers and IT staffers interact.

The survey was tabulated by CIC Research. The margin of error is +/-2.0 percent at a 95 percent confidence level.