IT security spending a bright spot in '09, with more growth predicted

By Linda Tucci, Senior News Writer 24 Jun 2009 | SearchCIO-Midmarket.com

Technology news and tips for midmarket CIOs Digg This!     StumbleUpon     Del.icio.us

More on information security Options for outsourcing security grow, offer IT budget savings Security standards to help manage compliance for those federal funds

Information security teams have plenty to grouse about, according to a survey of more than 1,500 IT security professionals by The Computing Technology Industry Association Inc. (CompTIA), the business technology trade group.

But money for security, it appears, is less of an issue in 2009, at least relative to other areas of IT. According to the CompTIA study, spending on information security processes, training and especially technologies is expected to increase approximately 20% to 25% globally, with India and China outpacing the U.S. and the U.K. The upswing comes at a time when IT budgets overall are expected by market watchers such as Gartner Inc. to decline worldwide in 2009. (Our own survey found IT security spending in 2009 would grow at 43% of all firms surveyed and in 33% of midmarket IT budgets.)

DOD, government mandate may be driving spending

So why is security a bright spot on the IT spending landscape?

Some of the upswing may simply reflect where companies are in their refresh cycles, said Todd Thibodeaux, president and CEO of CompTIA. The government's robust IT security spending may account for some of the push.

"But really, it may be they're hearing the footsteps of the federal legislation, of state legislation, coming down the pike. There is likely to be a cybersecurity bill this year, and maybe people want to make sure they are prepared when legislation does get out in place," Thibodeaux said.

There is a likelihood that security standards that come out of the Department of Defense or are attached to the American Recovery and Reinvestment Act of 2009 will emanate out to corporations.

"Anybody that connects … [across entities] has to have a certain level of security and protocol. I'd like to think that people are being foresighted about what is coming, because there probably are going to be mandates that require people to have a degree of safety and security in their networks," he said.

Indeed, CompTIA hopes its new Security Trustmark, a vendor-neutral, business-level accreditation aimed at helping companies identify and fix problem areas in information security policy, processes and planning, will be embedded in state or federal legislation as a safe harbor standard.

Security spend 19% of IT budgets; technology tools predominate

In the U.S., the average spend for computer security at firms accounts for 19% of IT budgets in 2008, consistent with the past three years, according to the 623 North American respondents. Mean spending on security-related technologies jumped by 20% from last year, with slightly more than a quarter of the organizations surveyed spending more than $250,000. The biggest chunk of budgets (39%) goes for security technologies, with training and security processes a distant second at 16% and certification pulling up the rear at 10%. Technology is also the area that respondents said is most likely to increase in the coming year; spending on certifications, the least likely.

There is likely to be a cybersecurity bill this year, and maybe people want to make sure they are prepared when legislation does get out in place. Todd Thibodeaux president and CEO, CompTIA Inc.

The CompTIA survey jibes with data released this week from Gartner showing that the security software market worldwide grew more than 18.6% in 2008 to $13.5 billion, from $11.3 billion revenue in 2007. The report is based on research conducted in fourth quarter 2008 and first quarter 2009.

Analysts at Gartner said the growth, which covers the spectrum of technology tools, comes even as information security technology has seemingly become less of a priority for CIOs, falling in recent years from a top-three concern to No. 8. Going forward, spending is expected to grow on mature security safeguards in wide use, such as antivirus, along with investment in cutting-edge solutions such as security information event management, scaled down by vendors to solve particular compliance problems, writes Gartner analyst Adam Hils.

Network and endpoint security are enjoying robust growth, accounting for more than half of IT security budgets, according to the data from Stamford, Conn.-based Gartner. Security as a Service shows growth promise. And the predilection for best-of-breed vendors in security appears to be shifting, the data shows. Gartner predicts that by the end of 2010, companies increasingly will rely on a single vendor for most applications. The data will be presented next week at the Gartner Information Security Summit in Washington, D.C.

Tags: IT spending and budgeting for the midmarket,  Information security management for the midmarket,  Security tools for the midmarket,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT IT spending and budgeting for the midmarket Saving money on software vendor maintenance contracts: A CIO series How to cut application maintenance fees without undue risk or hardship Need for speed driving midmarket adoption of IT outsourcing services CIOs taking risk of cutting vendor maintenance contracts to save money Open source solutions vs. SaaS applications: Weigh the options Your IT security budget: How to get more bang for the buck Tips to save you money during software vendor negotiations Tips for cutting costs on telecom spending SaaS, cloud computing lead to cuts in application hosting pricing IRobot CIO talks SaaS, strategies for cutting costs and Twitter Information security management for the midmarket Droid does, but will IT support it? Information security program revamp adds outsourcer oversight and more From data breaches to risk management frameworks: Test your knowledge The challenge of managing risk when IT budgets tighten Why cybersecurity awareness is everyone's responsibility Information technology management e-book downloads for midmarket CIOs 10 must-have steps for an effective SMB information security program Your IT security budget: How to get more bang for the buck Using key risk indicators to sell your information security program Gartner: Vetting security of third-party partners in five steps Security tools for the midmarket Why CIOs need to get real about identity and access management in 2010 Free risk management tools and resources for the enterprise Security and risk management in the midmarket Identity and access management planning guide for the midmarket A CIO's advice for implementing single sign-on solutions Options for outsourcing security grow, offer IT budget savings Network access control: Pointers for getting the knack of NAC Unified communications: Securing access to OCS Unified communications security: How safe is it? Database security: Who should have access?

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary