Google's Enterprise folks released the results of a massive IT study that polled 575 CEOs, CIOs, and CTOs in large, multinational enterprises as well as small organizations. The results? Spam continues to be annoying. IT pros are having difficulty reaching security, compliance objectives. IT pros are spending too much time helping end users.

The results probably don't surprise anyone who works in an IT department. The poll looked specifically at messaging and drew six main conclusions based on the input of nearly 600 C-level types.

Everyone pretty much agrees that spam is a major issue. Every type of electronic communication increased in volume in 2007 compared with 2006. Unfortunately, the growth rate of spam jumped, too. The report reads, in part, "Based on data from Postini, data centers spam volume per user was up 57% in 2007 over 2006. What does this mean in real terms? It means that the average unprotected user would have received 36,000 spam messages in 2007, compared with 23,000 spam messages in 2006." That's a pretty hefty increase. How is your IT shop dealing with the volume?

Even though I think the responsibility for security should be shared by the employee and IT, execs feel differently. They believe it's IT's burden to secure the enterprise and protect it from threats. The report says, "53% of all executives and messaging professionals surveyed indicated that they feel their IT department is the primary department responsible for communications security and compliance. Only 18% of survey participants felt that security and compliance accountability rests equally with IT as well as end-users." IT admins do need to be in charge of researching and enacting enterprise security, no doubt. But how does the end user not figure into the equation? If I leave my laptop sitting in a Starbucks, isn't it my fault, and not IT's? Making employees at least partly responsible for security should be discussed in every enterprise.

Whoever is responsible, the job is getting tougher every day. "The top challenges organizations face in meeting compliance goals are planning for disaster recovery, ensuring compliant business processes, preventing unintentional data leakage, and protecting internal systems from breach by hackers."

And it is taking up way too much IT time. "Time spent ensuring adherence to compliance procedures (46%), arranging system upgrades to enhance security (44%), and overcoming network delays or outages due to security breaches (42%) were all high on respondents' lists of concerns."

One thing that Google is predicting: the number of attacks is going to balance out. The bad news is that the attacks will be increasingly more complex and dangerous to your organization. "Businesses will be challenged to identify new and different types of malicious content as well as protect sensitive information against evolving social engineering techniques that circumvent security measures by manipulating or tricking users into disclosing or performing actions that divulge confidential data."

How are things in your shop? Similar? Completely different? Do you agree that things are going to get increasingly complex?