Despite Economy, Security Spending To Increase In 2009

Data protection, identity management to get increasing attention in new year's budgets, Forrester says

Despite a troubled economy, both large and small enterprises are poised to spend a higher percentage of their IT budgets on security in 2009, a major research firm said today.

According to new reports on IT security trends in large enterprises and small and midsize businesses (SMBs) released today by Forrester Research, the pressure to cut back on IT spending is not slowing the trend toward increased security spending.

"Security is getting a larger slice of the IT budget pie," says Forrester analyst Jonathan Penn in the enterprise study. "Firms are devoting 11.7 percent of their company's IT operating budget to IT security in 2008 -- contrasted with 7.2 percent in 2007 -- and plan to continue nudging up IT security budgets in 2009 to 12.6 percent of the IT operating budget." Security will also account for a higher percentage of budget allocations for new initiatives this year, going from 17.7 percent in 2008 to 18.5 percent in 2009, the report says.

Similar increases are expected in smaller companies, Penn says in the SMB report. "SMBs devoted 9.1 percent of their companies' IT operating budget to IT security in 2008 -- down from 9.4 percent in 2007 -- but they have plans to bring IT security budgets back up to 10.1 percent in 2009," the report says. "Allocation of budget for new initiatives mirrors this trend, with security going from 14.9 percent in 2008 to 15.9 percent in 2009. No big swings of the budget axe here."

What are the drivers behind the spending increases? "Protecting the organization's information assets is the top issue facing security programs," the enterprise report states. "Data security (90 percent) is most often cited as an "important" or "very important" issue for IT security organizations, followed by application security (86 percent) and business continuity/disaster recovery (84 percent). Meanwhile, areas like threat management (81 percent) and regulatory compliance (80 percent) are cited less frequently."

Among SMBs, data security is at the top of the list of issues deemed important (87 percent), with application security close behind (80 percent), Forrester says.

Among technologies, managed security services, data loss prevention, and identity and access management are at the top of the list to receive more attention in 2009.

"Managed security services are growing, driven by skill needs and cost savings," the enterprise report says. "The two top drivers among firms for using a managed security service provider are the demand for a specialized skill set (29 percent) and the need to reduce costs (28 percent). While email/Web content filtering is the most popular managed security service today, the greatest promise for [managed security services] growth in the coming 12 months is in vulnerability assessment and in host event log monitoring and management."

In the data security area, the top technologies that firms plan to adopt or pilot during the next 12 months include data leak prevention (21 percent), application encryption platforms (19 percent), and enterprise key management solutions (19 percent), the enterprise report states.

Identity and access management (IAM), long viewed as a technology that was too complex and expensive to do on an enterprise level, will push ahead in 2009, according to Forrester. "In a marked shift from a few years ago (and from lingering perceptions today), security is the primary motivator for identity and access management (IAM) adoption by most firms (52 percent), with less than one-quarter (22 percent) citing regulatory compliance as the primary driver," the enterprise report states.

"While firms are concerned with [IAM] products and implementation being too costly (38 percent) and too complex (30 percent), 15 to 21 percent will pilot or adopt a range of IAM technologies during the next 12 months," the report continues. "Enterprise single sign-on will see the highest absolute adoption, with 21 percent of firms planning to pilot or adopt, followed by provisioning with 19 percent." Federation and provisioning will see the most growth relative to their existing market penetration, Forrester says.

SMBs are focusing on a different range of technologies, according to Forrester. "Use of personal firewalls -- adopted by 58 percent of SMBs already -- will remain popular, and 19 percent plan to adopt or pilot a host intrusion prevention system (HIPS) in the next 12 months," the SMB report states. "But expect to see SMBs start to complement these with a range of data encryption and protection technologies: SMBs also have strong plans to pilot or adopt full disk encryption (18 percent), file-level encryption (18 percent), and endpoint application/device control (17 percent)."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message Tim Wilson is Editor in Chief and co-founder of Dark, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
New Free Tool Scans for Chrome Extension Safety
Dark Reading Staff 2/21/2019
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-02-23
Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php.
PUBLISHED: 2019-02-23
In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash.
PUBLISHED: 2019-02-23
Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypassed by starting with certain commands to the USB serial port. Although a power cycle occurs, this d...
PUBLISHED: 2019-02-23
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a buffer over-read in the function Mat_VarPrint() in mat.c.
PUBLISHED: 2019-02-23
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds read problem with a SEGV in the function ReadNextCell() in mat5.c.