Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
© 2015 Gartner, Inc. and/or its affiliates. All rights reserved.
While you are waiting for our webinar to begin, you might be interested in the downloads on the Attachment tab:
Have a question for our analyst? Click the Question tab. Q&A will be at the end of today’s presentation.
If you have any difficulties, please email [email protected].
A copy of today’s presentation and our Upcoming webinars
Information on how to dial in if you are unable to attend via VoIP
1,000Analysts
10,000 Distinct Client Organizations
215,000+Client
Interactions
Vertical Coverage
in Nine Industries
5,000Benchmarks
850 MediaInquiries
per month
World's Largest
Community of CIOs
60+Conferences
75% ofGlobal 500
3,200Consulting
Engagements
Clients in 90 Countries
74% ofFortune 1000
500Consultants
Gartner at a Glance
This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other intended recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. © 2015 Gartner, Inc. and/or its affiliates. All rights reserved.
Information Security Buying Behaviors and Budget Trends 2015
Lawrence Pingree
Gartner Security & Risk Management Webinar
3 © 2015 Gartner, Inc. and/or its affiliates. All rights reserved.
Gartner delivers the technology-related
insight necessary for our clients to make
the right decisions, every day.
4 © 2015 Gartner, Inc. and/or its affiliates. All rights reserved.
Aha!
5 © 2015 Gartner, Inc. and/or its affiliates. All rights reserved.
1. What are the primary security buyers and what are their strategic technology interests for 2015?
2. What are the current budget allocations and investment priorities?
3. What are the current security technology adoption levels and where is security technology headed?
Key Issues
6 © 2015 Gartner, Inc. and/or its affiliates. All rights reserved.
1. What are the primary security buyers and what are their strategic technology interests for 2015?
2. What are the current budget allocations and investment priorities?
3. What are the current security technology adoption levels and where is security technology headed?
Key Issues
7 © 2015 Gartner, Inc. and/or its affiliates. All rights reserved.
Base: Has some involvement in this project (Q04)
8%
10%
12%
12%
13%
15%
25%
36%
40%
38%
40%
37%
43%
43%
20%
21%
20%
22%
25%
20%
14%
35%
29%
30%
26%
26%
22%
18%
Audit, n = 416
Privacy, n = 425
Business Continuity,n = 436
Compliance, n = 437
Vendor Management,n = 371
Risk Management,n = 445
Information Security,n = 454
I am the primary decision maker
I recommend solutions
I research the market
I have no role in purchasing IT security products, services and/or technology
Question: What is your involvement in purchasing IT security products, services and/or technology for the following projects within your organization?
Which Departments Are the Primary Buyers and Influencers of Security Purchases?
8 © 2015 Gartner, Inc. and/or its affiliates. All rights reserved.
53%
54%
56%
58%
59%
60%
61%
62%
68%
71%
Virtualization and Security
Data Classification
Network Security
Security Analytics
Vulnerability Management
Data Loss Prevention
Application Security
BYOD Security
Cloud Security
Mobile Security
This is an area of highinterest for me
Top 10 — Global Strategic Technology Interests for 2015
Through 2015, we'll spend an estimated
All This and I Still Have a Security Problem?
$77.2 Billion
$7.9 Billion
FirewallIntrusion
Prevention
$1.4 Billion
EndpointProtection
$3.3 Billion $4.2 Billion
Secure Email/Web Gateway
Identity and AccessManagement (IAM)
$3.1 Billion $51.5 Billion
Security ServicesSecurity Info &
Event Mgmt
$1.8 Billion
DLP, Testing &Other
$4.3 Billion
Source: Forecast: Information Security, Worldwide, 2013-2019, 1Q15 Update
10 © 2015 Gartner, Inc. and/or its affiliates. All rights reserved.
Old Pain Points Flowing Into New Technology Approaches and Markets
Customer Pain Point or
Issue
Current Solutions Emerging Areas of Demand
Malware Detection and
Prevention
• Network Sandboxes
• Cloud-Based Sandboxes
• Application Control
• Endpoint Detection and Response
• Incident Response Automation
• Endpoint Exploit Prevention
• Application Containment
Perimeter Security
Control Failure
• Network Behavior Analytics
• Log Correlation
• Network Behavior Threat Analytics and
Modeling
• User Behavior Analytics
• Threat Intelligence Services and
Platforms
Porous perimeter and
SaaS
• Mobile Device Management and
Compliance
• Data Loss Prevention
• Mobile Data Protection
• Application Containment and Isolation
• Cloud Access Security Brokers
11
Spending Estimates on Advanced Threat Detection (ATD) in 2014
Network Sandbox Providers
$582 (Million USD)
Endpoint Detection and
Response (EDR)
$232 (Million USD)
Cloud Sandbox Providers
$58 (Million USD)
Network Behavior Analysis
$113 (Million USD)
$985 Million
12 © 2015 Gartner, Inc. and/or its affiliates. All rights reserved.
1. What are the primary security buyers and what are their strategic technology interests for 2015?
2. What are the current budget allocations and investment priorities?
3. What are the current security technology adoption levels and where is security technology headed?
Key Issues
13 © 2015 Gartner, Inc. and/or its affiliates. All rights reserved.
Percentage of IT Budget Allocatedto Security
Figure 1. Total IT Security Spending as a Percent of IT Spending, 2010 — 2014
1% increase of IT budget allocated to
Security
Source: IT Key Metrics Data (December 2014)
In the context of the Information Security budget the increase was a 19%
over the prior year
14 © 2015 Gartner, Inc. and/or its affiliates. All rights reserved.
IT Security Investment per Employeeby Vertical Industry
Source: IT Key Metrics Data (December 2014)
15 © 2015 Gartner, Inc. and/or its affiliates. All rights reserved.
IT Security Investment per Employeeby Region
Source: IT Key Metrics Data (December 2014)
16 © 2015 Gartner, Inc. and/or its affiliates. All rights reserved.
Security Budget Priorities (2014 vs. 2015)
Notes:
Question we asked: How do you anticipate IT infrastructure security spending to change in fiscal 2015
compared with fiscal 2014?
Number of respondents varies, based on the category; excludes "don't know."
Percentages may not add up to 100% because of rounding.
Source: Gartner (January 2015) 2014 Security and Risk Management Survey Provides Action Items for Providers in 2015
17 © 2015 Gartner, Inc. and/or its affiliates. All rights reserved.
Top 10 — Planned Security Investment Initiatives in 2015
23%
24%
25%
26%
26%
30%
31%
35%
35%
38%
Security Analytics
Endpoint Security
Virtualization and Security
Application Security
BYOD security
Data Loss Prevention
Vulnerability Management
Network Security
Cloud Security
Mobile Security
We will investsignificantly in this area
in 2015
18 © 2015 Gartner, Inc. and/or its affiliates. All rights reserved.
Planned Identity and Access Management (IAM) Investments in 2015
6%
8%
9%
10%
11%
12%
12%
14%
14%
18%
18%
21%
26%
Identity of Things
IAM as a Service (IDaaS)
IAM and Privacy
Directory Services
IAM System Integration and Consulting…
IAM Program Management and Governance
Identity Analytics and Intelligence
IAM for External Users
Identity Governance and Administration
Privileged Account Management
Identity Proofing and User Authentication
Access Management
Single Sign-On (Including Federation)
We will invest significantly inthis area in 2015
19 © 2015 Gartner, Inc. and/or its affiliates. All rights reserved.
1. What are the primary security buyers and what are their strategic technology interests for 2015?
2. What are the current budget allocations and investment priorities?
3. What are the current security technology adoption levels and where is security technology headed?
Key Issues
20 © 2015 Gartner, Inc. and/or its affiliates. All rights reserved.
IT Security TechnologiesCurrently Deployed
68%
68%
69%
70%
72%
72%
73%
73%
74%
74%
75%
77%
79%
Encryption for E-mail/Secure E-mail Gateways
Encryption for Servers, Storage or Databases
Intrusion Detection and Prevention
User Provisioning
Web Access Management
Web Site Filtering or Blocking
Remote-Access or Site-to-Site VPN
Data Loss Prevention
Web Application Firewalls
Secure Web Gateway
Endpoint Protection (Anti-Malware)
Network Access Control
User Authentication
N = 360, Base: Who Falls in 'Information Security' Domain. Excluding DK.
Source: Gartner (January 2015)
21 © 2015 Gartner, Inc. and/or its affiliates. All rights reserved.
IT Security Technologies Currently Deployed (Continued)
49%
50%
50%
57%
61%
61%
62%
62%
62%
63%
64%
65%
IT GRCM tools (Governance, Risk andCompliance Management tools)
Next-Generation Firewalls
Cloud Encryption Gateway or Cloud EncryptionSoftware
Endpoint Compromise Assessment (SystemIntegrity Monitoring)
Unified Threat Management (MultifunctionFirewalls)
Vulnerability Assessment
Application Security Testing
Mobile Device Management
Privileged Account Management
Advanced Threat Defense Appliances(Malware Control)
Patch Management
Security Information and Event Management
N = 360, Base: Who Falls in 'Information Security' Domain. Excluding DK.
Source: Gartner (January 2015)
22 © 2015 Gartner, Inc. and/or its affiliates. All rights reserved.
Security Market Trends for 2015
• Intelligence Aware Security Controls (IASC):
• Enabling Cross-Product Telemetry
• Emerging Intelligence Sharing Products and Services
• Cloud Security:
• Emerging Technology Threat and Compliance Risks
• SDN Solutions Are Maturing
• Multi-Domain Security Analytics:
• Analytics Domain Convergence: Network, System, Application and User
• User Behavior Modeling for Advanced and Insider Threat Detection
• Security for the Internet of Things (IoT):
• Risks Created for Newly Deployed IOT Solutions
• Opportunities Emerging for Security Solution Providers
23 © 2015 Gartner, Inc. and/or its affiliates. All rights reserved.
The Security Future — Countdown to Security Automation
Situ
atio
na
l Aw
are
ne
ss
+
-
Machine Learning
and Adaptive
Response
Analytics andModeling
Context and Intel Sharing
(approximately 1987-2015)
Defined Enforcement(approximately 1960-1986)
Intelligence Awareness Era
Behavioral Modeling Era
Learning and Response Era
Manual Response Era
- Behavior Aware Controls
- Situationally Aware Controls
- Context Aware Controls
- Isolated Controls
EpochTransitions
24 © 2015 Gartner, Inc. and/or its affiliates. All rights reserved.
Technology Provider Recommendations:
Focus on Improving Efficacy (No. 1 Buying Criteria).
Focus on delivering suite or bundled solutions.
Continue to leverage cross-product integration efforts to utilize context information and automated response capabilities.
Providers in segments with decreased demand should increase marketing efforts or consider new product development/M&A.
End-User Recommendations:
Seek solutions with cross-product integration that enables improvements towards context-based decision making.
Use price negotiation in lower demand segments to save money.
Maximize the use of product suites and avoid shelfware situations.
Examine advanced threat protection as market consolidates this function.
Recommendations
25 © 2015 Gartner, Inc. and/or its affiliates. All rights reserved.
IT Key Metrics Data 2015: Key IT Security Measures: MultiyearLinda Hall and Others (G00266087)
IT Key Metrics Data 2015: Key IT Security Measures: by IndustryLinda Hall and Others (G00266084)
2014 Security and Risk Management Survey Provides Action Items for Providers in 2015Elizabeth Kim and Sid Deshpande (G00270375)
Forecast: Information Security, Worldwide, 2013-2019, 1Q15 UpdateRuggero Contu Christian Canales Sid Deshpande Lawrence Pingree (G00277265)
Recommended Gartner Research
For more information, stop by Gartner Research Zone.
Gartner Symposium/ITxpo: The world's most important
gathering of CIOs and senior IT executives
26
• Hundreds of analyst-led sessions, workshops, how-to clinics and more
• Role-based tracks designed to address your key priorities and challenges
• Immediately actionable take-aways—a clear action plan for the next three, six and 12 months
• Mastermind Interview Keynotes with industry leaders
• ITxpo exhibit floor with hundreds of top solution providers and exciting startups
October 19 - 22 Sao Paulo, Brazil
October 26 - 29 Gold Coast, Australia
November 2 - 5 Goa, India
November 8 - 12 Barcelona, Spain
September 28 -30 Cape Town, South Africa
October 4 - 8 Orlando, FL
October 14 - 16 Tokyo, Japan
Visit gartner.com/symposium
© 2015 Gartner, Inc. and/or its affiliates. All rights reserved. 27
Simple steps for increasing the value of today's webinar experience
Today's presentation
is available to download
on the Attachment tab
of our webinar portal
and on our webinar page.
Download our Upcoming
Webinars (pdf) on the
Attachment tab or visit
gartner.com/webinars
Don’t forget to check out the on-
demand webinars and share
these resources with your
colleagues.
Contact your Gartner account executive with any additional questions, comments or for a complimentary copy of today's presentation.