Complex identity management, data leak prevention and other projects tied to business initiatives are back on the menu for many IT security organizations in 2010, Gartner found. Still, security has dropped off slightly as an overall portion of the IT budget, and those looking to cut spending even further can do so in several key ways.
Enterprises are getting back to business-driven security initiatives
after putting off some large-scale projects last year, according to the Gartner analyst firm.
While security spending tied to "keeping the bad guys out" was not
heavily affected by the economy, many IT security organizations scaled
back on capital-intensive projects in 2009
Gartner found. This year, however, security spending tied to efforts
such as complex identity and access management (IAM) and data loss
prevention (DLP) projects are beginning to reappear as
many businesses unfreeze budgets.
In its 2010 CIO Survey, Gartner found 20 percent of organizations
declared IAM the top security priority. More than 40 percent of
organizations named intrusion prevention systems, patch management,
DLP, antivirus and identity management among the top five security
priorities for 2010. Spending is also set to continue for priorities
such as supporting guest networking, secure wireless LANs and employee
Interestingly, this change is actually coinciding with a drop off in security's share of the IT budget
six to five percent of the total, and Gartner believes efficient
enterprises will be able to safely cut security's piece of their
overall IT budget by 3 to 6 percent of their overall IT budgets
"What we say in the presentation is that organizations that have
matured their security programs are likely to move towards
operationalization or re-operationalization of some of their security
functions," Gartner analyst Victor Wheatman told eWEEK. "That is, the
chunka-chunka types of things like monitoring firewalls, updating
patches and signature files and the like can be moved from the security
area into infrastructure operations, networking or even outsourced to a
managed security services provider who takes over those functions at
lower operational and capital expenditure costs and ideally providing
higher levels of security."
"Not only does this reduce the official security budget," he
continued, "but it can cut overhead because one console and one
operator may replace several...other efficiencies including the
consolidation of functions: what were separate firewalls and intrusion
detection systems are now next-generation firewalls which do those
two things and more...and we've seen some organizations save money using
open source or commercialized products based on open-source
"Finally, in order to save money, organizations start to wake up to
the fact that some platforms and operating systems contain security
elements that are -in the box' but are not deployed," he added. "They
may not have been deemed -good enough' but they may be OK, particularly
in a pinch. A simple example off the top would be using
password-protected zip files rather than buying a separate encryption
product for occasional use."
North American companies led security spending in 2009, averaging
5.5 percent of IT budgets, compared to five percent in Asia/Pacific and
slightly more than four percent in Europe, Gartner found.