The results are in from a survey of attendees at the recent E-Security Conference and Expo in Boston, and they indicate more than anything the need to conduct more such shows in the future.

First, a disclaimer: this was not intended to be an extensive, scientifically valid survey. ecomSecurity.com just thought it'd be interesting to take the pulse of the 250 or so attendees on hand, since they were a captive audience.

STAT Resources, a research firm in Chestnut Hill, Mass., conducted the survey by handing out a 60-question form to attendees as they filed in to one of the keynote sessions at the event. The chance to win a Palm handheld was offered as an incentive to fill out the form and 31 attendees took the bait.

Perhaps the most startling survey result was that 67% of respondents indicated e-commerce was an area of great security concern to senior management. That raises the question of what the other 33% were thinking. Perhaps they are among the few remaining organizations with no e-commerce efforts underway, in which case you have to wonder why they were attending an "E-Security" conference.

Another striking finding was that the average spending on security products and services for 2001 was $75,000. This seems to be a woefully small amount, especially when you consider that 25% of respondents said they will spend in excess of $1 million. Clearly, those big spenders were pulling up the curve for others who may not be grasping the depth of the problem.

Perhaps that's a bit harsh, however, because if you judge by title, the responding organizations do seem to be taking security seriously. Nearly two-thirds of respondents said responsibility for IT security typically lies with an IT manager or director. In 48% of the cases, that person reports to the CEO.

Other survey results indicate certain security technologies are maturing.

Nearly one-quarter of respondents said they use smart cards to control access to workstations. Smart cards have been just around the corner for years now, but that figure makes them indeed seem almost real. This shouldn't be too surprising, given the folks at smart card maker Gemplus last year had revenue of more than $1 billion, on 57% growth. Still, when actual users say they're implementing any given new technology, it is somehow more startling than vendor revenue figures.

At the same time, 74% of respondents indicated they were using virtual private networks (VPNs), second only to firewalls (80%) among most-used network security technologies. When three out of four organizations are using any given technology, even in an admittedly small sample, that has to be taken as a positive sign of maturity for that technology.

The survey also tried to gauge to what extent respondents were outsourcing some or all security chores, and determine the driving factors in selecting a provider.

Only 7% of respondents currently outsource security functions or are planning to, a surprisingly low number given all the established and emering companies vying for that business. Of those, reputation (75%) and responsiveness (69%) topped the list of factors deemed "very important" in selecting a security outsourcer, while cost (31%), on-site support (27%) and training programs (13%) brought up the rear.

STAT Resources: www.stat-resources.com