Enterprise Security Spending: What's Ahead
What security trends can we look forward to? To begin with, 2011 is shaping up to be a year of renewed interest and investment in IT security solutions generally. With social networking added to cloud, collaboration and mobility uses, we have new business opportunities that also engender serious information and intellectual property threats. The typical organizationwide security budget in our study is expected to grow by 10 percent over 2010 levels (see Finding 3.1) -- a median that holds in the largest enterprises as well.
It's also worth noting that close to a third -- 29 percent -- of the enterprises we surveyed expect their organizationwide IT security budgets to increase by 50 percent or more (see Finding 3.2). Clearly, in most cases, this doesn't represent all incremental spending for the company. Most likely, a good proportion of it represents centralization of security initiatives, such as movement of spending out of other line items and into an organizationwide security budget.
This movement creates a proactive, opportunity-seeking approach to IT security, which potentially gives the organization increased flexibility and improved prospects for growth.Is it also a harbinger of a comprehensive and strategic approach to security in the enterprise in the years to come? We think so. Certainly, we recommend this strategy, and not just for reasons of efficiency.
Security is like insurance, but, oddly, there are few actuaries for it, whether in IT or in finance. This means that companies have little understanding of the (very real) costs of a lack of investment. To gain that understanding, and achieve a comprehensive and business-focused security strategy, organizations must centralize.
If this sort of thinking had any influence, most enterprises would have centralized long ago. In our view, it's the truly pervasive nature of the underlying trends currently driving security investment -- the fact that adoption of social networking, cloud computing, collaboration and mobility is generally occurring on an organizationwide basis -- that will, in turn, lead the enterprise to pursue organizationwide security strategies and solutions.