Gartner, Inc. says that businesses should recognise that new threats or vulnerabilities may require security spending that exceeds the amounts allocated, and should consider setting aside up to 15% of the IT security budget to address the potential risks and impact of such unforeseen issues.
“When evaluating and planning 2010 security budgets, organisations should work to achieve a realistic view of current spending and recognise that it may be impossible to capture all security-related spending because of organisationally diffused security budgets,” says Ruggero Contu, principal research analyst at Gartner.
In the current highly uncertain economic environment, with overall IT budgets shrinking, even the modest spending increases indicated by a new survey by Gartner show that security spending accounts for a higher percentage of the IT budget.
According to the survey, security software and services spending will outpace other IT spending areas in 2010. Security software budgets are expected to grow by approximately 4% in 2010, outpacing all other areas of infrastructure software. Meanwhile, security services budgets are projected to grow almost 3%, significantly outperforming other service areas.
In April and May of 2009, Gartner surveyed more than 1,000 IT professionals with budget responsibility worldwide to determine their budget-planning expectations for 2010.
Adam Hils, principal research analyst at Gartner says that security decision makers should work to allocate limited budgets based on enterprise-specific security needs and risk assessments.
Specific areas of projected security-related software spending growth in 2010 includes security information and event management (SIEM), e-mail security, URL filtering, and user provisioning, says the IT advisory company.
Gartner says that the continued, comparatively strong emphasis on security extends beyond software. The survey showed that security services spending will also outpace spending in other services areas, with budgets expected to grow 2.74% in 2010. This anticipated increase is being driven in part by a growing movement towards managed security services, cloud-based e-mail/web security solutions, and third-party compliance-related consulting and vulnerability audits and scans.