Security Spending to Jump in 2010, Forrester Says
February 2, 2010 Alex Woodie
Spending on IT security will increase this year compared to previous years, Forrester Research said last week. The increase is due to concerns from companies of all sizes over the security threat posed by the fast “consumerization” of technology such smart phones and Web 2.0 interfaces.
About 40 percent of businesses will significantly increase their IT security spending this year, according to Forrester’s survey of more than 2,200 companies in North America and Europe. The group found that 42 percent of larger companies are planning on increasing their spending by 5 percent or more, while 37 percent of small and medium sized businesses will do the same.
Forrester attributes the expected increase in IT spending to an unexpected source: the proliferation of consumer devices and consumer-focused technologies in the workplace. Concerns over the security of smartphones was cited by 46 percent of larger companies, while 38 percent cited Web 2.0 technologies as damaging their security posture.
Forrester sounded somewhat surprised that consumer technologies were causing security concerns, as opposed to technology trends more commonly attributed with enterprise, such as cloud computing or server virtualization.
“In general, this follows the broader trend of IT losing centralized control of technology adoption, deployment, and use,” states Forrester analyst and vice president, Jonathan Penn, in a Forrester announcement. “It’s not just consumer technology like iPods and the use of Facebook or Twitter. It also shows up in the uncontrolled proliferation of SharePoint sites by business groups or in the use of cloud computing services by application developers.”
More than 80 percent of all businesses identified managing vulnerabilities and complex threats as a high priority in the coming year. There is good news in that number, because it shows that IT managers are getting the message. IT security professionals have been warning the community for years over the rise of so-called “blended” threats, which refers to the cyber-criminal practice of simultaneously using several techniques–such as sending malformed e-mail messages that direct users to a hijacked Web site that installs a Trojan on their computer that turns it into a node of a zombie network–to accomplish their nefarious goals.