The good news is that spending on IT security is way up. A new report from Gartner finds that spending on IT security will grow 7.9 percent to reach a total of $81.6 billion in 2016. Through 2020 Gartner is predicting that IT security spending will increase five to 10 percent through 2020. That’s the bad news.
While many folks rightfully argue that spending on IT security has not been as high as it needs to be for as long as anyone can remember, there’s clearly a balance that needs to be struck. Every dollar spent on IT security comes from somewhere else. IT security does not increase the gross domestic product (GDP) in and of itself. It protects those investments. If it were not for all the threats an organization faces investments in IT security could clearly be spent on projects that in one way or another add more economic value.
Of course, the changing nature of those threats is also altering how organizations respond to those threats. There simply is not enough IT security expertise to go around. Organizations of all sizes are investing in both more IT security automation, much of which will be delivered as a service. MarketResearchReports this week issued a forecast that predicts the IT Security-as-a-Service market will grow at a compound annual rate of 19.1 percent through 2020. Obviously, that forecast reflects IT spending that is both net new and being redirected away to one degree or another to traditional IT security technologies that run primarily on premise.
But perhaps the most interesting thing about all these shifts in IT spending is the change to the IT security culture itself. Rather than simply trying to defend a perimeter, many organizations now accept the fact that systems and applications are going to be compromised. Much of the new spending on IT technologies is being directed towards products and services that make it first easier to identify what applications and systems have been compromised and then, secondarily, how to contain the damage and ultimately remediate the vulnerability that was exploited. The IT organization, for the moment at least, isn’t necessarily being judged by how many systems were exploited, but rather how quickly they are able to respond to a compromise that is now often deemed all but inevitable.Rather than simply trying to defend a perimeter, many organizations now accept the fact that systems and applications are going to be compromised. ~@mvizardClick To Tweet
How long this will be the case remains to be seen. Significant strides in how machine learning algorithms, Big Data analytics and even artificial intelligence get applied to IT security are now being made. It may take a little while longer for the impact of these advances to make an impact. But many of the IT security-as-a-service offerings that are starting to appear are underpinned by investments in these technologies. While there may never be enough IT security expertise to go around, investments in ongoing research and development are clearly aimed at improving the odds in favor of the internal IT organization.
Therein also lies the economic balance that clearly needs to be struck. While additional investments in IT security are always welcome, spending on IT security as a percentage of the overall IT budget is a metric that senior IT leaders are clearly going to be more focused on in the years ahead. In the short term, no effort will be spared when it comes to implementing a layered security defense that is effective against modern threats. But once that’s in place IT leaders will aggressively seek to drive cost out of the that IT security equation. The real challenge facing the IT security industry now is to find ways to provide much higher levels of security without breaking the proverbial IT bank.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot.Mike also blogs about emerging cloud technology for Intronis MSP Solutions by Barracuda.
Mike Vizard est un spécialise de l'informatique depuis plus de 25 ans et à ce titre, a publié et contribué à de nombreuses publications techniques, dont InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet et Digital Review. Il rédige actuellement des articles de blog pour IT Business Edge, et contribue à la rédaction d'articles pour CIOinsight, The Channel Insider, Programmableweb et Slashdot. Mike Vizard rédige aussi des articles traitant des nouvelles technologies Cloud pour SmarterMSP.