Security spending strong and shifting

Gartner survey highlights changing enterprise security focus

Spending on security software and services will outstrip the level of investments being made in other areas of enterprise ITinfrastructure analysts predict, but the way in which the security budget is consumed is changing subtly to reflect the emerging demands of new cloud architectures.

According to data presented today by Gartner at its Information Security Summit security software budgets are expected to grow by 4% and security services by 3%, outperforming spending in other infrastructure market segments. 

Increased levels of adoption of cloud-based email and web security services is one reason cited for the anticipated increased spending levels, as is a growing need to tighten security processes and procedures ahead of pushing more enterprise data and applications out to the cloud.

Industry commentators agree that security could be seen as being a big hole in the cloud proposition. 

“The industry is still some way off being able to manage the transfer of trust from internal provision to public or private cloud service provider,” Bill Mann, SVP at CA Inc said. Cloud security was a central theme explored by Mann and John Turner, a European VP for Symantec during a panel session on the opening day of the Summit.

“There are questions to be asked about how much transparency a cloud service provider is able to offer” Mann said, in terms of who is accessing a customer’s data, how Chinese walls are laid down and how other issues of service multi-tenancy are handled. 

Turner added that one of the biggest issues is establishing how an enterprise interacts with a service provider in a way that guarantees adherence to the internal service security policies of the business.

Mann suggested that ID management is one important security capability that will need to made fully operational to facilitate a move to the cloud.

“Cloud and virtualisation will push the envelope of user provisioning to be operationalised,” he said. Resources, data and applications are become dynamic workloads, moving from the data centre out to the cloud. With that movement there’s a need to be able to provision the user access controls to cloud data and applications. 

He said CA’s acquisition of data loss prevention software supplier Orchestria comes into play here.

Whereas access control systems are very able when it comes to restricting access to sensitive business information and corporate databases, data loss and prevention tools can actually stop or limit the use of information once access has been granted.

Deployment of Orchestria’s data loss prevention technology alongside CA’s existing identity and access management solutions would allow organisations to consolidate and strengthen their security postures by including information-centric policies in the process of centrally managing users and roles, and their access throughout the enterprise. “Application access needs to become ID-centric and based on controlling access to data and content rather than to an application.”

Gartner confirms that user provisioning is one stand-out area for future attention by businesses of all sizes, with security information and event management also noted as necessary focus points.

Worldwide, the security market will rise by 8% and reach a value of $16.3 billion from the figure of $14.5 billion expected for 2009, of which around 25% is said to stem from sales to consumers of anti-virus and threat prevention software. 

That and other forecasts made by Gartner today stem from a survey of 1,000 IT managers who will have control of spending decisions for their 2010 security budget.

“Greatest growth opportunities will come from software-as-a-service, appliance-based offerings and sales to SMBs, which are in security catch-up mode,” the analyst group said of the main market direction.

• Share:
• 
• 
• 
• 
• 
• 
• 
• 
•