Are company leaders finally realizing that securing the network and the devices that connect to it must be a top business priority?
If a new study by Gartner is any indication, the answer is “Yes,” at long last, security is getting the attention it requires.
The study found that, thanks largely to the growth of mobile devices, cloud computing and social media, companies are increasing their security spending. It’s expected that security-related spending this year will increase nearly 8 percent over what it was in 2013. That’s not a whole lot, but it is definitely a step in the right direction.
Research director Lawrence Pingree pointed to what he called the ‘democratization’ of security threats, with malicious software tools that can be used to launch advanced attacks now more broadly available online via an underground economy. While this has made life even more difficult for CISOs, it has also resulted in increased awareness. Security is no longer seen as just an IT function or a cost center, he said.
Increasing security spending is a start, of course, but you can’t just throw money at the problem and expect everything to be better. Instead, companies need to evaluate what their security risks are and tailor a security plan to best lessen those risks.
Plus, security isn’t just about the hardware and the software involved. You need to have a good team that is trained in security to provide a human touch. Your firewall and encryption services can protect the data, but it’s your security team that puts the plan into action, provides education to everyone on the staff and develops a disaster response.
A lot of small to midsize businesses (SMBs) don’t have the in-house staff that is able to handle all of the aspects of security. Allocation of that increasing security budget, then, should be spread out not only for the tools needed to prevent or detect threats, but also for the people who know how to use those tools. Whether that is bringing someone on the staff or using outside security experts (FYI: Gartner predicts that in the next few years, at least half of all SMBs will contract with security vendors) is up to the individual company and its particular needs, of course, but having an expert voice on network security matters is just as important as having good security software.
This is especially important because, as the study also found, security spending is moving from device monitoring and administration to incident response.
So the good news is that business leaders recognize the need to increase security budgets. The next step is applying that extra money to the areas that will do the most good.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba