Spending on information security still favors preventive measures

Worldwide spending on information security products and services is increasing. That’s the good news. The bad news is that organizations continue to favor preventative measures over detection and response – which is key to fighting advanced persistent threats (APTs).

According to Gartner, worldwide spending on information security products and services will reach $81.6 billion this year, an increase of 7.9% over 2015. Preventive security will continue to show strong growth, as many security practitioners continue to prefer preventative measures.

On the one hand, it’s no surprise that security practitioners continue to invest in preventive measures rather than divert some of those funds to detection and response. Security teams are resource strapped. They don’t have the people and skills to deploy, manage and use an effective combination of tools to detect threats, stop them, and then recover the environment to a known good state. So instead, they’re pouring almost everything they’ve got into prevention.

On the other hand, it is well known (I thought?) that preventive measures do not stop APTs. Today’s threats can evade preventive controls and sit on the network any length of time before they are finally detected – if they are detected.

Gartner reports that consulting and IT outsourcing are currently the largest categories of spending on information security. This could be IT organizations’ saving grace. Gartner reports that managed detection and response (MDR) is emerging, with demand coming from organizations that don’t have the resources to do it themselves. With more MDR providers emerging targeting the midmarket, Gartner foresees these services being an additional driver for security spending for both large and smaller organizations.

In addition, solutions such as security information and event management (SIEM) and secure web gateways (SWGs) are evolving to support detection-and-response approaches. Gartner expects the SWG market will maintain its growth of 5 to 10% through 2020 as organizations focus on detection and response.

Takeaways for technology marketers

If your company provides a detection-and-response solution:

  • Continue to drive home the message that preventive solutions do not stop APTs and that a modern security strategy requires detection and response.
  • Create content to help security practitioners make a business case for your solution.
  • Highlight in white papers, blogs, etc., how your solution makes it possible for even resource-strapped organizations to have an effective detection-and-response strategy.

Other notable statistics

Gartner also reports:

  • The average selling price for firewalls is expected to increase by at least 2 or 3% year over year until the end of 2018.
  • By 2018, 90% of organizations will implement at least one form of integrated data loss prevention (DLP), up from 50% today.
  • Public cloud adoption will impact firewall spending by less than 10% until the end of 2019 but will have an impact after that.
  • Half of midsize and large organizations will add bigger, more advanced inspection-oriented features to their network firewalls by 2019.

Top cloud infrastructure service providers

When IT organizations evaluate cloud infrastructure providers, the same two consistently rise to the top: Amazon and Microsoft. That’s not likely to change any time soon.

According to Synergy Research Group, Amazon and Microsoft lead the cloud infrastructure service market (Note: This includes IaaS, PaaS and hosted private cloud). Amazon is three times the size of Microsoft and has a clear lead in all major regions and most segments of the market. However, Microsoft is growing much faster, with a 100% year over year growth rate compared to Amazon’s 53%. This isn’t surprising when you consider that enterprise IT organizations are already familiar with Microsoft tools. Transitioning to Azure presents a much lower learning curve than AWS.

IBM and Google round out the top four cloud infrastructure providers, which together account for well over half of the worldwide market. These providers are growing more rapidly than their smaller competitors, with combined revenues growing 68% in Q2. The next 20 largest cloud providers – which includes CenturyLink, Hewlett Packard Enterprise, Rackspace and Oracle – grew by 41%.

Other notable stats:

  • Synergy estimates that quarterly cloud infrastructure service revenues (including IaaS, PaaS and hosted private cloud) have reached $8 billion.
  • Twelve-month revenues are close to $28 billion.
  • North America accounts for over half of the worldwide market.

More stats: Amazon Leads; Microsoft, IBM & Google Chase; Others Trail