A new report from the market research firm Ovum predicts that global spending on IT security will exceed $36 billion in 2016. But, where and how those dollars are going to be allocated will likely be very different indeed.
While threat detection and remediation tools that can spot malware and reduce recovery timelines after a breach will continue to have an important role, the Ovum report concludes that organizations will implement more security analytics and threat intelligence technologies along with identity management software as part of a more sophisticated effort to keep businesses safe at a time when the attack surface that needs to be defended continues to expand.
According to the report, cybercrime, state-sponsored activities, and advanced persistent threats (APTs) will continue to plague businesses, much like in 2015. The report also suggests that most businesses will be more vulnerable to cyber-attacks than ever as cyber-criminals use social engineering techniques to bypass network perimeter defenses.
Increased demand, increased risk
For IT service providers, those vulnerabilities cut both ways. On the one hand, they clearly increase demand for managed security services. On the other, the number of security incidents they'll need to investigate and perhaps remediate will continue to rise. Thanks to the cloud, mobile computing, and soon the Internet of Things (IoT), there will also be more applications and systems that need to be defended than ever before. The challenge is that each incident that needs to be handled winds up eating into the profitability of the IT services provider.
Like any war, the ultimate goal is to make sure most of the fighting takes place beyond the borders of the organization that needs to be defended. Once an IT services provider is addressing security issues inside the perimeter of the organization, costs start to rise. The problem is that the perimeter of the organization now includes every type of end point imaginable.
Managed security services catching on
In fact, it’s arguable that every provider of IT services needs to become a provider of managed security services to one degree or another. Whether they craft those services themselves or rely on another partner that specializes in security, there’s no scenario where any application or online service should be delivered without considering the security implications. In this day and age, no sane organization would launch an IT project without first assessing the risks any more than a merchant of old would have launched a ship when pirates roamed the high seas without taking precautions.
That doesn’t mean organizations are going to limit the number of IT projects they undertake. But, it does mean that increasingly they will assess the security risks associated with that project as an integral part of the costs associated with delivering a particular application or online service. As a result, along the sophistication of the threats being created, the level of appreciation organizations have for the nuances of IT security should increase correspondingly in 2016 as well.