By all accounts 2014 proved to be another monstrous year for security breaches. At times it seemed we couldn’t go a week without another company falling victim to the monetary ambitions of a cybercriminal, or the political agenda of a nation.
As we look ahead into this next year I’m reminded of a quote from Charles Moulton – “Every crisis offers you extra desired power.” As a psychologist and inventor, Moulton understood human nature and how we traditionally respond to crisis.
As we look to some of the predictions for 2015, all indicators seem to point to a new power to be instilled when it comes to security investment. Over the last few weeks, several financial analyst firms conducted extensive studies, surveying over a thousand CIOs and CSOs cumulatively, to gain a better understanding of how these breaches are impacting spending behaviors.
Here’s a quick review of those studies and what you can expect:
Security will remain as the top spending priority
Piper Jaffray’s fourth annual CIO survey (PDF) indicated that 75 percent of CIOs were expecting to increase their security spending in 2015, up from 59 percent in 2014. 68 percent of Northland Capital Markets CIO respondents cited security as their top spending requirement. 31 percent of Pacific Crest Securities CIO respondents cited Network Security, and 27 percent cited Data Security (number one and number two priorities respectively, overall).
Morgan Stanley’s CIO survey followed suit with security increasing its lead as the top priority. And Wells Fargo’s Decision Maker Survey drew similar conclusions with 21 percent of respondents viewing security as their top spending priority versus 15 percent in the previous year.
Wells Fargo also expects to see security budgets increase in the “teens” this next year. Nomura’s survey of CIOs and CSOs suggests a security budget increase of 11 percent year over year. Morgan Stanley expects an 8.4 percent increase. This growth is higher than the overall IT budget which consensus points to a 2 percent to 5 percent year-over-year growth rate, suggesting a material shift in spending as some IT projects get de-prioritized to make room for increased security spending.
Does this provide the “extra desired power” we’re looking for? The fact remains that while security is a top IT spending priority, it only received 5 percent (Wells Fargo) to 9 percent (Nomura) of the overall IT budget. There’s no question we’re headed in the right direction. Only time will tell whether this is the right proportional investment given the new cyber threat landscape.
Network Security and Advanced Endpoint Security cited as the top two investment segments
Piper Jaffray’s survey indicated that 88 percent of CIOs cited Network Security as their top priority for 2015, and 78 percent cited Advanced Endpoint Security as their top priority. Morgan Stanley also confirmed Network Security and Endpoint Security as top spending growth categories at 9.1 percent growth and 8.4 percent growth respectively.
Within Network Security, expect to see continued investment in the adoption of next-generation firewall capabilities to prevent both known and unknown threats, and an increased emphasis on analytics to improve detection and mitigation rates. And while security wasn’t specifically called out, Piper Jaffray also cited networking as the area most in need of a refresh within the data center (35 percent versus 26 percent in 2014). This of course has implications towards network security, as firewall infrastructure must be upgraded to accommodate new data center performance speeds without forcing compromise on security efficacy.
Today, the endpoint in particular is viewed as the weakest part of today’s enterprise IT infrastructure. As Wells Fargo points out, for just $50 anyone can go to the web and download malware that comes with a “money-back guarantee” that it will evade the top 20 anti-virus solutions. The market transition away from anti-virus towards more advanced endpoint-based security is expected to pick up steam in 2015.
Security breaches could chill ambitions towards public cloud in 2015
35 percent of the CIOs surveyed by Piper Jaffray cited security as their primary reason for keeping data on premise. This is up from 31 percent in 2014. The assumption here is the magnitude and visibility of security breaches in 2014 are driving companies to take a closer look at their public cloud strategy. That’s not to say organizations are backing away from public clouds.
Cloud Computing was the number two priority behind Security in Morgan Stanley’s CIO survey. And in their annual CIO survey, Pacific Crest Securities found that cloud remained a core theme amongst organizations planning for budget cuts. Of the CIOs surveyed they found that 16.1 percent of organization’s applications will be moved to the public cloud in 2015, up from 5.3 percent in 2014.
The economics are simply too attractive to pass up. So, expect continued exuberance with a heightened eye and interest towards some of the new cloud-based security technologies that hit the market in 2014.
