In-Depth

Security Budgets Will Rise Rapidly, Researchers Predict

Top growth areas: firewalls, IDS/IPS, virus scanning, and vulnerability assessment. By 2005, security managers plan to buy all-in-one appliances that combine these functions. Infonetics Research also

• By Mathew Schwartz
• 12/10/2003

Good news for security managers. According to a new report from Infonetics Research, security product and service spending is poised for a big North American boost, up by 78 percent (from $4.5 billion in 2003 to $8 billion in 2007), as end-user security needs continue to grow sharply.

The timing of the spending isn’t coincidental, and security managers will continue to have budgetary ammunition well into coming years. “Increasing attacks, the current regulatory environment, and increased pressure from the United States federal government on the private sector will continue to drive sales of security products through 2007,” notes Jeff Wilson, principal analyst at Infonetics.

In fact, “the fear of being hacked by outsiders is the leading factor that pushes respondents to buy security products and services,” he says.

Those results come from Infonetics’ interviews with 240 security managers, all “responsible for managing or planning security at their organizations.”

Spending tracks with expected rollout of new types of products between now and 2007. “Most new products will integrate application intelligence and intrusion detection [systems] and prevention [IDS/IPS],” predicts Wilson. In the short term, “firewall vendors [will] integrate IDS/IPS, virus scanning, and vulnerability assessment” more and more into one appliance; the line between those things will continue to blur, or at least consolidate for ease-of-administration purposes.

Security managers are already buying in; by 2005, roughly two-thirds plan to adopt such appliances. Practically every company already employs firewalls and virus scanning—this report is in agreement with just about every other report on that fact—but a side benefit of consolidated appliances will be an improvement on the 83 percent of companies currently using vulnerability-testing tools. By 2005, 96 percent of companies will have them; it will just be part of the package.

Outside the appliance realm, companies will keep spending on firewalls, with spending growing from $3 billion this year to $4.4 billion in 2007. Other budget highlights, in order: IDS/IPS, virus scanning, and vulnerability assessment. Meanwhile, by 2007, managed security spending will grow from $2.2 billion to $4 billion.

While firewall spending also tops managed security spending, other managed security results differ from in-house spending. For starters, the second most popular option for running VPNs will be managed service providers, which will also filter their spam (a marked jump from current practices). Virus scanning, IDS/IPS, and vulnerability testing will garner more than 15 percent of budgets each by 2005. In the same timeframe, content filtering and denial-of-service prevention will get more than 10 percent. Within two years, 33 percent of respondents plan to use a managed security services provider (if they don't already).

Another positive note: In the wireless realm, one-third of respondents have already deployed wireless LAN security (and hence wireless LANs), and another third “will purchase or are considering purchasing wireless LAN security products,” which accounts for almost all respondents with a wireless LAN—meaning most companies understand (even if they haven’t yet budgeted for) the wireless LAN security risks.

For more information on the report, visit: http://www.infonetics.com/resources/purple.shtml?nr.vsus03.sec.shtml