Despite Economy, Security Spending To Increase In 2009Data protection, identity management to get increasing attention in new year's budgets, Forrester says
Despite a troubled economy, both large and small enterprises are poised to spend a higher percentage of their IT budgets on security in 2009, a major research firm said today.
According to new reports on IT security trends in large enterprises and small and midsize businesses (SMBs) released today by Forrester Research, the pressure to cut back on IT spending is not slowing the trend toward increased security spending.
"Security is getting a larger slice of the IT budget pie," says Forrester analyst Jonathan Penn in the enterprise study. "Firms are devoting 11.7 percent of their company's IT operating budget to IT security in 2008 -- contrasted with 7.2 percent in 2007 -- and plan to continue nudging up IT security budgets in 2009 to 12.6 percent of the IT operating budget." Security will also account for a higher percentage of budget allocations for new initiatives this year, going from
17.7 percent in 2008 to 18.5 percent in 2009, the report says.
Similar increases are expected in smaller companies, Penn says in the SMB report. "SMBs devoted 9.1 percent of their companies' IT operating budget to IT security in 2008 -- down from 9.4 percent in 2007 -- but they have plans to bring IT security budgets back up to 10.1 percent in 2009," the report says. "Allocation of budget for new initiatives mirrors this trend, with security going from 14.9 percent in 2008 to 15.9 percent in 2009. No big swings of the budget axe here."
What are the drivers behind the spending increases? "Protecting the organization's information assets is the top issue facing security programs," the enterprise report states. "Data security (90 percent) is most often cited as an "important" or "very important" issue for IT security organizations, followed by application security (86 percent) and business continuity/disaster recovery (84 percent). Meanwhile, areas like threat management (81 percent) and regulatory compliance (80 percent) are cited less frequently."
Among SMBs, data security is at the top of the list of issues deemed important (87 percent), with application security close behind (80 percent), Forrester says.
Among technologies, managed security services, data loss prevention, and identity and access management are at the top of the list to receive more attention in 2009.
"Managed security services are growing, driven by skill needs and cost savings," the enterprise report says. "The two top drivers among firms for using a managed security service provider are the demand for a specialized skill set (29 percent) and the need to reduce costs (28 percent). While email/Web content filtering is the most popular managed security service today, the greatest promise for [managed security services] growth in the coming 12 months is in vulnerability assessment and in host event log monitoring and management."
In the data security area, the top technologies that firms plan to adopt or pilot during the
next 12 months include data leak prevention (21 percent), application encryption platforms (19 percent), and enterprise key management solutions (19 percent), the enterprise report states.
Identity and access management (IAM), long viewed as a technology that was too complex and expensive to do on an enterprise level, will push ahead in 2009, according to Forrester. "In a marked shift from a few years ago (and from lingering perceptions today), security is the primary motivator for identity and access management (IAM) adoption by most firms (52 percent), with less than one-quarter (22 percent) citing regulatory compliance as the primary driver," the enterprise report states.
"While firms are concerned with [IAM] products and implementation being too costly (38 percent) and too complex (30 percent), 15 to 21 percent will pilot or adopt a range of IAM technologies during the next 12 months," the report continues. "Enterprise single sign-on will see the highest absolute adoption, with 21 percent of firms planning to pilot or adopt, followed by provisioning with 19 percent." Federation and provisioning will see the most growth relative to their existing market penetration, Forrester says.
SMBs are focusing on a different range of technologies, according to Forrester. "Use of personal
firewalls -- adopted by 58 percent of SMBs already -- will remain popular, and 19 percent plan to adopt or pilot a host intrusion prevention system (HIPS) in the next 12 months," the SMB report states. "But expect to see SMBs start to complement these with a range of data encryption and protection technologies: SMBs also have strong plans to pilot or adopt full disk encryption (18 percent), file-level encryption (18 percent), and endpoint application/device control (17 percent)."
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message
Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio