IT security spending is up and expected to increase, with concerns about the proliferation of consumer devices in the workplace budging in front of cloud computing and data virtualization as the trend of most concern.
Based on
"As we move out of the recession, we expect to see security investments continue to grow, although the nature of that investment is changing," said Forrester Analyst and VP, Jonathan Penn.
Security threats are nothing new, but it’s their evolution—the severity, increasingly targeted nature and rate at which they change and evolve—that gives executives and IT decision-makers pause.
“We’re definitely at a point where security teams feel like they can’t keep up with it—the speed of evolution and what they need to review and pay attention to,” said Penn. “Everybody is responding to all the latest vulnerabilities, but they are unable to do a lot of strategic work to help the business as it grows.”
In fact, more than 80% of businesses—large and small—identified managing vulnerabilities and complex threats as a high priority in the coming year, according to the report.
The new technology threat of utmost concern to IT security professionals is not cloud computing or data virtualization, it's the consumerization of IT, according to Penn. Nearly half of enterprise respondents (46%) expressed concerns about smartphones and 38% about Web 2.0 technologies.
While data security is the largest budget item for IT organizations, the greatest spending increases are in the area of network security, with 40% of enterprises and 36% of SMBs planning to spend more this year. “Data security is still a very big issue and really top-of-mind with executives,” said Penn. “We’ve seen a very sizable increase in terms of concern about managing the priorities related to threats.”
The survey responses reflect a broader concern about a lack of technology centralization.
“People don’t have a good understanding of what the sensitive data looks like, they know even less about who should be accessing it, and they have very little knowledge of how to use it,” said Penn. “We need to see security integrated in to these things instead of bolted on later, so that security can provide the framework for decision support.”
“We’re not there yet.” Penn added. “Because security is an industry with lots of fragmentation, we end up with a lot of technology to manage instead.”
The results of Forrester’s surveys are published in the reports “The State Of Enterprise IT Security And Emerging Trends: 2009 To 2010” and “The State Of SMB IT Security And Emerging Trends: 2009 to 2010.”
This story has been reprinted with permission from
