While you are waiting for our webinar to begin, you might ... Webinars/august_4... · Vendor Management, n = 371 Risk Management, n = 445 Information Security, n = 454 I am the primary

© 2015 Gartner, Inc. and/or its affiliates. All rights reserved.

While you are waiting for our webinar to begin, you might be interested in the downloads on the Attachment tab:

Have a question for our analyst? Click the Question tab. Q&A will be at the end of today’s presentation.

If you have any difficulties, please email [email protected].

A copy of today’s presentation and our Upcoming webinars

Information on how to dial in if you are unable to attend via VoIP

1,000Analysts

10,000 Distinct Client Organizations

215,000+Client

Interactions

Vertical Coverage

in Nine Industries

5,000Benchmarks

850 MediaInquiries

per month

World's Largest

Community of CIOs

60+Conferences

75% ofGlobal 500

3,200Consulting

Engagements

Clients in 90 Countries

74% ofFortune 1000

500Consultants

Gartner at a Glance

This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other intended recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. © 2015 Gartner, Inc. and/or its affiliates. All rights reserved.

Information Security Buying Behaviors and Budget Trends 2015

Lawrence Pingree

Gartner Security & Risk Management Webinar

3 © 2015 Gartner, Inc. and/or its affiliates. All rights reserved.

Gartner delivers the technology-related

insight necessary for our clients to make

the right decisions, every day.


Aha!


1. What are the primary security buyers and what are their strategic technology interests for 2015?

2. What are the current budget allocations and investment priorities?

3. What are the current security technology adoption levels and where is security technology headed?

Key Issues





Key Issues


Base: Has some involvement in this project (Q04)

8%

10%

12%

12%

13%

15%

25%

36%

40%

38%

40%

37%

43%

43%

20%

21%

20%

22%

25%

20%

14%

35%

29%

30%

26%

26%

22%

18%

Audit, n = 416

Privacy, n = 425

Business Continuity,n = 436

Compliance, n = 437

Vendor Management,n = 371

Risk Management,n = 445

Information Security,n = 454

I am the primary decision maker

I recommend solutions

I research the market

I have no role in purchasing IT security products, services and/or technology

Question: What is your involvement in purchasing IT security products, services and/or technology for the following projects within your organization?

Which Departments Are the Primary Buyers and Influencers of Security Purchases?


53%

54%

56%

58%

59%

60%

61%

62%

68%

71%

Virtualization and Security

Data Classification

Network Security

Security Analytics

Vulnerability Management

Data Loss Prevention

Application Security

BYOD Security

Cloud Security

Mobile Security

This is an area of highinterest for me

Top 10 — Global Strategic Technology Interests for 2015

Through 2015, we'll spend an estimated

All This and I Still Have a Security Problem?

$77.2 Billion

$7.9 Billion

FirewallIntrusion

Prevention

$1.4 Billion

EndpointProtection

$3.3 Billion $4.2 Billion

Secure Email/Web Gateway

Identity and AccessManagement (IAM)

$3.1 Billion $51.5 Billion

Security ServicesSecurity Info &

Event Mgmt

$1.8 Billion

DLP, Testing &Other

$4.3 Billion

Source: Forecast: Information Security, Worldwide, 2013-2019, 1Q15 Update


Old Pain Points Flowing Into New Technology Approaches and Markets

Customer Pain Point or

Issue

Current Solutions Emerging Areas of Demand

Malware Detection and

Prevention

• Network Sandboxes

• Cloud-Based Sandboxes

• Application Control

• Endpoint Detection and Response

• Incident Response Automation

• Endpoint Exploit Prevention

• Application Containment

Perimeter Security

Control Failure

• Network Behavior Analytics

• Log Correlation

• Network Behavior Threat Analytics and

Modeling

• User Behavior Analytics

• Threat Intelligence Services and

Platforms

Porous perimeter and

SaaS

• Mobile Device Management and

Compliance

• Data Loss Prevention

• Mobile Data Protection

• Application Containment and Isolation

• Cloud Access Security Brokers

11

Spending Estimates on Advanced Threat Detection (ATD) in 2014

Network Sandbox Providers

$582 (Million USD)

Endpoint Detection and

Response (EDR)

$232 (Million USD)

Cloud Sandbox Providers

$58 (Million USD)

Network Behavior Analysis

$113 (Million USD)

$985 Million





Key Issues


Percentage of IT Budget Allocatedto Security

Figure 1. Total IT Security Spending as a Percent of IT Spending, 2010 — 2014

1% increase of IT budget allocated to

Security

Source: IT Key Metrics Data (December 2014)

In the context of the Information Security budget the increase was a 19%

over the prior year


IT Security Investment per Employeeby Vertical Industry



IT Security Investment per Employeeby Region



Security Budget Priorities (2014 vs. 2015)

Notes:

Question we asked: How do you anticipate IT infrastructure security spending to change in fiscal 2015

compared with fiscal 2014?

Number of respondents varies, based on the category; excludes "don't know."

Percentages may not add up to 100% because of rounding.

Source: Gartner (January 2015) 2014 Security and Risk Management Survey Provides Action Items for Providers in 2015


Top 10 — Planned Security Investment Initiatives in 2015

23%

24%

25%

26%

26%

30%

31%

35%

35%

38%

Security Analytics

Endpoint Security

Virtualization and Security

Application Security

BYOD security


Vulnerability Management

Network Security

Cloud Security

Mobile Security

We will investsignificantly in this area

in 2015


Planned Identity and Access Management (IAM) Investments in 2015

6%

8%

9%

10%

11%

12%

12%

14%

14%

18%

18%

21%

26%

Identity of Things

IAM as a Service (IDaaS)

IAM and Privacy

Directory Services

IAM System Integration and Consulting…

IAM Program Management and Governance

Identity Analytics and Intelligence

IAM for External Users

Identity Governance and Administration

Privileged Account Management

Identity Proofing and User Authentication

Access Management

Single Sign-On (Including Federation)

We will invest significantly inthis area in 2015





Key Issues


IT Security TechnologiesCurrently Deployed

68%

68%

69%

70%

72%

72%

73%

73%

74%

74%

75%

77%

79%

Encryption for E-mail/Secure E-mail Gateways

Encryption for Servers, Storage or Databases

Intrusion Detection and Prevention

User Provisioning

Web Access Management

Web Site Filtering or Blocking

Remote-Access or Site-to-Site VPN


Web Application Firewalls

Secure Web Gateway

Endpoint Protection (Anti-Malware)

Network Access Control

User Authentication

N = 360, Base: Who Falls in 'Information Security' Domain. Excluding DK.

Source: Gartner (January 2015)


IT Security Technologies Currently Deployed (Continued)

49%

50%

50%

57%

61%

61%

62%

62%

62%

63%

64%

65%

IT GRCM tools (Governance, Risk andCompliance Management tools)

Next-Generation Firewalls

Cloud Encryption Gateway or Cloud EncryptionSoftware

Endpoint Compromise Assessment (SystemIntegrity Monitoring)

Unified Threat Management (MultifunctionFirewalls)

Vulnerability Assessment

Application Security Testing

Mobile Device Management

Privileged Account Management

Advanced Threat Defense Appliances(Malware Control)

Patch Management

Security Information and Event Management

N = 360, Base: Who Falls in 'Information Security' Domain. Excluding DK.

Source: Gartner (January 2015)


Security Market Trends for 2015

• Intelligence Aware Security Controls (IASC):

• Enabling Cross-Product Telemetry

• Emerging Intelligence Sharing Products and Services

• Cloud Security:

• Emerging Technology Threat and Compliance Risks

• SDN Solutions Are Maturing

• Multi-Domain Security Analytics:

• Analytics Domain Convergence: Network, System, Application and User

• User Behavior Modeling for Advanced and Insider Threat Detection

• Security for the Internet of Things (IoT):

• Risks Created for Newly Deployed IOT Solutions

• Opportunities Emerging for Security Solution Providers


The Security Future — Countdown to Security Automation

Situ

atio

na

l Aw

are

ne

ss

+

-

Machine Learning

and Adaptive

Response

Analytics andModeling

Context and Intel Sharing

(approximately 1987-2015)

Defined Enforcement(approximately 1960-1986)

Intelligence Awareness Era

Behavioral Modeling Era

Learning and Response Era

Manual Response Era

- Behavior Aware Controls

- Situationally Aware Controls

- Context Aware Controls

- Isolated Controls

EpochTransitions


Technology Provider Recommendations:

Focus on Improving Efficacy (No. 1 Buying Criteria).

Focus on delivering suite or bundled solutions.

Continue to leverage cross-product integration efforts to utilize context information and automated response capabilities.

Providers in segments with decreased demand should increase marketing efforts or consider new product development/M&A.

End-User Recommendations:

Seek solutions with cross-product integration that enables improvements towards context-based decision making.

Use price negotiation in lower demand segments to save money.

Maximize the use of product suites and avoid shelfware situations.

Examine advanced threat protection as market consolidates this function.

Recommendations


IT Key Metrics Data 2015: Key IT Security Measures: MultiyearLinda Hall and Others (G00266087)

IT Key Metrics Data 2015: Key IT Security Measures: by IndustryLinda Hall and Others (G00266084)

2014 Security and Risk Management Survey Provides Action Items for Providers in 2015Elizabeth Kim and Sid Deshpande (G00270375)

Forecast: Information Security, Worldwide, 2013-2019, 1Q15 UpdateRuggero Contu Christian Canales Sid Deshpande Lawrence Pingree (G00277265)

Recommended Gartner Research

For more information, stop by Gartner Research Zone.

http://www.gartner.com/document/2935417?ref=QuickSearch&sthkw=it key metrics&refval=150490360&qid=053b43ba596b6a7bf774729c92bfb62f

http://www.gartner.com/document/2935318?ref=QuickSearch

http://www.gartner.com/document/2973721?ref=QuickSearch

http://www.gartner.com/document/3039821?ref=QuickSearch&sthkw=forecast information security&refval=151619520&qid=502ffab643900b40154284ba12f02429

Gartner Symposium/ITxpo: The world's most important

gathering of CIOs and senior IT executives

26

• Hundreds of analyst-led sessions, workshops, how-to clinics and more

• Role-based tracks designed to address your key priorities and challenges

• Immediately actionable take-aways—a clear action plan for the next three, six and 12 months

• Mastermind Interview Keynotes with industry leaders

• ITxpo exhibit floor with hundreds of top solution providers and exciting startups

October 19 - 22 Sao Paulo, Brazil

October 26 - 29 Gold Coast, Australia

November 2 - 5 Goa, India

November 8 - 12 Barcelona, Spain

September 28 -30 Cape Town, South Africa

October 4 - 8 Orlando, FL

October 14 - 16 Tokyo, Japan

Visit gartner.com/symposium

© 2015 Gartner, Inc. and/or its affiliates. All rights reserved. 27

Simple steps for increasing the value of today's webinar experience

Today's presentation

is available to download

on the Attachment tab

of our webinar portal

and on our webinar page.

Download our Upcoming

Webinars (pdf) on the

Attachment tab or visit

gartner.com/webinars

Don’t forget to check out the on-

demand webinars and share

these resources with your

colleagues.

Contact your Gartner account executive with any additional questions, comments or for a complimentary copy of today's presentation.

Documents

While you are waiting for our webinar to begin, you might ... Webinars/august_4... · Vendor Management, n = 371 Risk Management, n = 445 Information Security, n = 454 I am the primary