Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

Security Spending Shifts

Merrill Lynch survey: Security spending up, overall IT spending down amid broader economic concerns

Lingering concern about the overall state of the economy has many CIOs forecasting a slowdown in IT spending in 2007, according to a new survey from analyst firm Merrill Lynch.

But compliance concerns and the looming threat of organized crime online mean that security spending remains healthy.

The survey of 75 U.S. and 25 European CIOs reveals that users expect 5.2 percent spending growth in 2006 and 4.8 percent in 2007. American execs predict only 4.4 percent spending growth over the coming 12 months, compared to their more bullish international counterparts who expect 6.1 percent growth.

Merrill, however, paints a relatively rosy security picture, with execs predicting growth of 4.8 percent in their security spending this year. American CIOs, on the other hand, seem more willing to open their wallets than European execs, envisaging a 5 percent spending hike, compared to just 4.1 percent on the other side of the Atlantic.

But even with healthy security spending levels, there is a shift underway in what users are buying, according to Richard Stiennon, chief research analyst at IT-Harvest. CIOs, he adds, are no longer breaking the bank to buy traditional security technologies such as firewalls and anti-virus offerings. "There have been such massive deployments in the last few years, that it's kind of saturated," he says.

"Probably the biggest shift has been toward compliance technologies for things like reporting, storing, and archiving," explains Stiennon, with users still feeling the strain of legislation such as the Sarbanes-Oxley Act, and the Health Insurance Portability and Accountability Act (HIPAA). (See Oversight Intros SOD and Security Fears Draw VC Bucks.)

Yesterday, analyst firm Infonetics also reported that many users are looking deeper into network access and content security solutions, which is delaying some core security purchasing until later in 2006. (See Network Security Revenue Up, Security's New Maturity, Trend Intros NAC App, and Identity Engines Has NAC Solution.)

Stiennon, however, has also identified a shift in the type of threats users are facing, with organized crime a growing menace. "You will see spending on strong authentication and data protection," he predicts.

Users and analysts have identified uncertainty in the U.S. economic climate as a key factor in the overall spending slowdown. "The end of 2005 was slow, then it picked up in the spring, but now it has slowed down again," explains Dan Tanner, a member of the Storage Networking User Group of New England (SNUGNE) and founder of consulting firm ProgresSmart.

Tanner feels that a number of factors are contributing to the atmosphere of uncertainty. These include oil prices, the war in Iraq, low consumer confidence, and the lack of a clear front-runner likely to win either the Democratic or Republican party presidential nominations. "When the financial markets and big companies are paralyzed by uncertainty you get a spending slowdown," he explains.

Analyst firm IDC warned yesterday of storm clouds gathering over the U.S. economy. "Late in May stock markets seemed to plummet on a single announcement of downturn in U.S. consumer confidence," wrote John Gantz, IDC's chief research officer, in a note. "The question is, how fragile is the current booming U.S. economy?"

But it isn't all doom and gloom. Merrill Lynch, for its part, predicts a technology spending growth between 7 and 8 percent in 2006 driven largely by demand from the SMB market, which is increasingly being targeted by storage vendors. Spending on VOIP technology, it adds, will grow 4.6 percent in the same period.

— James Rogers, Senior Editor, Byte and Switch. Special to Dark Reading

Organizations mentioned in this article:

  • IDC
  • Infonetics Research Inc.
  • IT-Harvest Inc.
  • Merrill Lynch & Co. Inc.
  • Symantec Corp. (Nasdaq: SYMC)

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 9/25/2020
    Hacking Yourself: Marie Moe and Pacemaker Security
    Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
    Startup Aims to Map and Track All the IT and Security Things
    Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    Special Report: Computing's New Normal
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    How IT Security Organizations are Attacking the Cybersecurity Problem
    How IT Security Organizations are Attacking the Cybersecurity Problem
    The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-15208
    PUBLISHED: 2020-09-25
    In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
    CVE-2020-15209
    PUBLISHED: 2020-09-25
    In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
    CVE-2020-15210
    PUBLISHED: 2020-09-25
    In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
    CVE-2020-15211
    PUBLISHED: 2020-09-25
    In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
    CVE-2020-15212
    PUBLISHED: 2020-09-25
    In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...