Recent reports from three different vendors suggest that IT security is still a major stumbling block for many organizations, and failure to properly address concerns and educate employees and executives could stifle business innovation, lead to data loss or theft and identity theft, and increase vulnerability to spam attacks.

While this is certainly bad news for end-user organizations, it presents opportunities for solution providers. Helping customers become better educated and address IT security issues can then open new opportunities to strengthen customers' IT security infrastructure and generate ongoing revenue streams.

Lester Keizer, CEO of Connecting Point, a Las Vegas solution provider, says these issues continue to be a concern, even as technology becomes more adept at keeping threats at bay.

"It's a constant problem—you're always trying to plug holes in the dam. But just when you've got one thing covered, you know, another new technology or another vulnerability pops up," Keizer says.

Fear of these new vulnerabilities can stifle an organization's pursuit of new and innovative technologies, and hinder growth. In an IDC report sponsored by RSA, the security division of EMC, more than 80 percent of the 200 surveyed executives admitted to having backed away from innovative business opportunities because of security concerns. The majority of those executives also felt that they were more "compliance-driven" when it came to their organization's security. Only 21 percent reported they had strategic, proactive security policies that also nurtured innovation.

This is especially true at the lower end of the survey's respondents, midmarket companies with $500 million to $999 million in annual revenues. In this segment, 75 percent of the respondents cited IT security as an issue, most likely because of the pressure they feel to comply with increased regulation.

For solution providers, addressing customers' security issues requires striking a balance between helping ensure that employees and decision makers can collaborate successfully and making sure that corporate and customer privacy policies are enforced.

Most companies walking this fine line need strong, high-level authorization and authentication, along with the ability to identify risks and analyze possible violations before they occur. The growing popularity and influence of social media only add to the complexity, since increased collaboration using Web 2.0 tools increases the possibility and heightens the risk of data breaches and policy violations.

Spammers, however, haven't been as adverse to business innovation. Research from Sophos on malware and spam showed an alarming rise in the proportion of spam e-mails sent with malicious attachments between July and September 2008, as well as an increase in spam attacks using social engineering techniques to snare unsuspecting computer users.

In the third quarter of 2008, one in every 416 e-mails was spam, compared with one in every 3,333 in the third quarter of 2007, according to Sophos. Much of this increase can be attributed to several large-scale malware attacks made by spammers during the period.