Where's the Security Spending?
How and where does IT security spending appear in nonsecurity IT areas? Every area -- from mobile devices to application development -- can see spending shift to address security needs. What's particularly relevant is how IT security needs and plans favor some nonsecurity areas more than others, thereby shifting budgets throughout IT (see Finding 2.1).
There are obvious gainers, such as compliance and governance budgets. A whopping 71 percent of respondents say that their compliance and governance budgets have increased as a result of IT security spending. Likewise, 62 percent of respondents report that their cloud computing budgets have increased because they incorporate spending on security.
But there are less obvious gainers as well, such as the application development budget, which frequently includes security spending. The app dev budget also has the highest average share of its budget -- 12 percent -- set aside for security (see Finding 2.2).
What's going on here? There are two possible reasons why so much of the application development budget must be spent on related security: the importance of security and the cost of development-related security. For survey respondents, it must be security's importance that drives additional spending, since cloud, collaborative and mobile computing have created new authentication, identity management and transaction control needs that flow all the way up to the application layer.
Similar considerations drive the high proportion of companies' spending on security as part of the IT operations or enterprise software budgets. User- and usage-management issues are why these businesses are spending an average of 6 percent more on IT operations and 7 percent more on enterprise software to address IT security.