Commitment to IT security in big business has never been stronger, with network and host intrusion detection systems (IDS) high on the shopping list, according to research.

A study of enterprise purchasing plans conducted by Meta Group indicated strong interest in such systems which, the analyst firm said, are becoming accepted as a necessary part of well-secured environments.

Other long-term plans were found to include centralised security information management consoles for many organisations.

Meta vice president Tom Scholtz said organisations that had taken an intelligent approach to IDS have had no problem establishing the value of the technologies.

But he added: "Those that have purchased a product without the benefit of an underlying policy and plan naturally feel like they have wasted their money, because they have.

"Technology alone does not improve security, and causing a false sense of security can actually harm the security effort."

Not all areas of security are maturing as rapidly as intrusion detection, Meta found.

Despite widespread recognition that information security requires separation from IT to meet generally accepted security principles, the vast majority of Global 2000 organisations still have information security reporting to the chief information officer (CIO) or chief technology officer.

"As security has now started showing some signs of maturation, we are seeing a gradual growth in understanding that technology risk needs to be managed in parallel with IT rather than within IT," said Scholtz.

"But it is difficult to find an executive other than the CIO that is willing to take over an area like information security before it fully matures. Of course, even many CIOs are still resistant."