In-Depth

Security Trends: Spending Set to Surge, Responsibility Shifts Outside IT

Forrester says IT security is in a "renaissance period"

Spending in many IT sectors might be slowing down, but security-related IT spending has been and should continue to be bullish.

That's the conclusion of a new Forrester survey, which found that more than one-fifth of respondents (21 percent) anticipate growing their IT security budgets next year. The vast majority of respondents (almost three-quarters) don't expect to make any change to their security budgets – which isn't exactly heartening -- but only 6 percent anticipate reducing their IT security spend levels.

Forrester says it polled more than 1,200 North American security decision-makers, in both large enterprise organizations and SMB shops. It identified an unmistakable trend: security spending is on the rise, with year-over-year growth from 2007 to 2008 approaching 25 percent. Last year, for example, security spending comprised 8 percent of overall IT operating budgets; this year, Forrester projects, security-related IT spending should account for 10 percent.

As security spending – and presumably security -- has increased, so, too, has the stature of security professionals. Almost half of security pros now report to someone outside of IT -- e.g., a board, C-level executive, or executive committee.

The upshot, Forrester says, is that "security is no longer embedded within IT."

When it comes to security priorities, data protection is key: more than half of IT security pros identified the protection of intellectual property and/or customer data as their top priority. Business continuity (BC) and disaster recovery (DR) planning is also important: 42 percent of security pros said BC and DR were "very important" -- a sharp spike from last year's 33 percent.

Forrester principal analyst Khalid Kark says IT security is in the midst of a "renaissance period" in which its influence and stature are expanding.

"We are in a period of immense change in which we have the opportunity to define the future of our profession," said Kark, in a statement. "Security and Risk professionals are faced with a rapidly changing technology landscape and business environment. To achieve success in the role today, they need to be open to new ideas and embrace change."

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.

Must Read Articles