IT Security Spending Trends Align with Business Needs

Security as an "Enabler"; Security Tracked as Part of Another Cost Center; Spending Tied to Proactive Operational Areas

Jan 26, 2016, 10:00 ET from SANS Institute

BETHESDA, Md., Jan. 26, 2016 /PRNewswire-USNewswire/ -- IT and security budgets are on the rise, and they are aligning with the business needs of their organizations, according to results of a new survey to be released by SANS Institute on February 3.

"We have seen many surveys that delineate the costs involved in budgeting and spending for security," says Barbara Filkins, SANS Analyst and author of the survey results paper. "This survey fills a gap in that it shows how organizations are going about their investment—answering the what, why, where and how questions about their securing spending and budget processes."

Results show that respondents are positioning security as a business enabler. According to the survey, 80% use regulatory requirements to justify their budgets and expenditures, while 78% align spending with business objectives. It reflects the primary business driver for security spending—protection of sensitive data—as well as the operational area that accounts for most current security spending—protection and prevention.

Most organizations track security spending as part of another cost center, whether under IT (48%), general operations (19%) or compliance (4%). Only 23% track security spending as its own cost center.

Results also introduced some contradictions. Survey respondents aligned their security spending on proactive operational areas and are seeking skills in preventative technologies, such as application and data security. However, their technology spending doesn't reflect this. Rather than DLP, encryption and compliance technologies, respondents say their organizations are purchasing technologies to support secure access, malware prevention and endpoint security. Data protection was their fourth choice.

Throughout the survey, respondents shared their experiences with security spending and provide advice for budgeting for security. Some of their quotes will be published anonymously in the survey paper.

Full results will be shared during a February 3, 2016, webcast at 1 PM EDT, sponsored by Arbor Networks and Gigamon, and hosted by SANS. Register to attend the webcast at www.sans.org/u/d84

Those who register for the webcast will hear SANS Analysts Barbara Filkins and G. Mark Hardy share their views of the results, along with presentations by sponsor speakers who relate budgeting to their businesses. Registrants will also receive access to the published results paper developed by Filkins.

FEB 3 - What #INFOSEC Budget Pros told us about the #ITBudget. Register:
www.sans.org/u/d2Z Free

How are your #Infosec colleagues managing their #ITBudgets? Find out on 2/3:
www.sans.org/u/d2Z

Don't miss SANS 2016 #ITSecurity Spending Strategies Survey Results Feb 3. Register:
www.sans.org/u/d2Z #infosec

About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 50 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates employee qualifications via 30 hands-on, technical certifications in information security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (www.SANS.org)

 

SOURCE SANS Institute



RELATED LINKS

http://www.sans.org