Security Spending Still Strong

Identity management and Web services key, says IDC; Gartner foresees emergence of security platforms

While many IT departments today suffer minimal or slight increases in their 2003 IT budgets, if not outright budget cuts, things don’t look so bleak in the security sector for the future, say leading analyst firms.

IDC puts the total IT security market revenues—from software, hardware, and services—at $45 billion in 2006. By contrast, revenues for 2001 were $17 billion. Hardware will grow the most per year, with a compound annual growth rate of 25%; services at 24%; and software at 16%.

Across the industry, expect lots of spending over the next five years on identity management and Web services, says IDC senior analyst for Internet Security Software Brian Burke. “Even through numerous IT markets declined from 2001 to 2002, security spending remains a top priority in many organizations.”

Gartner Group predicts that security software spending, at least, will stay in a slump until mid-2003, after declining from a 10% annual growth in 2001 to just 6.7% last year.

For the future, expect identity and access management to get their share of enterprise spending, even though return on investment from such initiatives might take a few years.

One trend that will stay constant is a preference for best-of-breed products or security platforms. A recent Gartner study found that 86% of the companies surveyed (mostly large enterprises) wanted best-of-breed security, while only 16% looked to one vendor; one percent wanted both.

For 2003, Gartner predicts the emergence of more security platforms. These platforms would combine intrusion detection systems (which in the future will not only detect, but actively mitigate, a range of threats), firewalls, anti-virus software, and tools for assessing vulnerability, along with application-specific functionality. After 2003, Gartner says these platforms will incorporate computer forensic capabilities and honey pots for luring attackers and amassing data on them, possibly for prosecution. Gartner says it sees the day soon when “these combined devices can use correlation algorithms to report problems and drop malicious traffic.”

Coordinated information gathering, however, will require new kinds of security. According to Gartner, as Web applications spread, 75% of large enterprises will adopt firewalls that can examine packets for malicious attacks by 2006. When combined with correlative algorithms, enterprise networks would be better able to resist such application-level onslaughts as Code Red, Slammer and Nimda, for starters.

About the Author

Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.