Security chief expects cloud security spending to increase

Continuous deployment based on SaaS services and the transfer of data center resources to public and private cloud environments can force organizations to shift IT spending to data protection, monitoring, and managed security services.

According to an IBM survey of 150 security chiefs, the perimeter of the network is becoming increasingly difficult to be controlled by security professionals. The security chiefs say the security budget is expected to increase over the next 3-5 years.

Kris Lovejoy, general manager of IBM's security services and senior IT architecture and systems engineer, says the increase in security budgets is a boon to managed security service providers, as well as to emerging vendors for sales security analytics, automated incident response, and advanced threat detection capabilities. The new technology paradigm will need to include partner ecosystems with powerful security practices system integrators, consultants, and regional hosting providers.

"No one can do anything," Lovejoy says, "MSSP usually has technical skills in an application environment or a particular concept." ”

David Sockol, chief executive officer and CEO of security consultancy Emagined, said the solution providers said they were beginning to see more channel opportunities, in part because of high exposure data leaks and higher data security awareness. In some cases, customers do not have a budget, but they begin to assess what they need to do to prepare for security improvements.

"Through these data leaks, corporate customers are aware that their data is vulnerable, especially in the cloud, that they have no control over data and programs," Sockol said. "They began to deploy protection against their cloud assets." ”

According to a variety of new research, cloud security is still the primary concern of enterprises. The U.S. National Security Agency's surveillance program, which was exposed last year, started to focus on the data privacy of cloud service storage, but it did not slow down the deployment of cloud services. Survey respondents said about 85% of companies are now moving to cloud computing. According to the IBM survey, it is risky for intellectual property to protect against organised cyber criminals, hackers and government agencies that conduct cyber espionage.

But Ferrara, chief analyst at Forrester Research, said there are now a number of single points in the market that can solve some of the problems found in the IBM survey, but these products may confuse companies willing to spend money on new technologies. Ferrara says there will be no takeover frenzy, but hosting security service providers and suppliers may be able to extend their products and services over time.

"There are too many point solutions now, or there are no suitable people to deploy these solutions," Ferrara said, "and vendors are combining a wide range of product portfolios and hosting services and professional services." ”

This trend may be good news for regional solution providers with good security practices. Recent events include the FireEye acquisition of Mandiant's service practices, BAE BAE acquisition MSSP SilverSky.

The solution provider and security consulting firm Patriot Technologies Sales Executive vice President Trish Southwell said that SMEs want to get additional functionality in the cloud and often require higher security, but they often want to opt out of outsourcing or hosting. Southwell said that Patriot technologies from providing infrastructure to building its own security practices, they found that finding the right people was critical to providing safe products and services.

"Customers need to learn more about the entire security portfolio, not just the single point," Southwell says. "Each supplier has a lot of security products, but the value is to focus on the customer and find what they really need." ”

IBM's Lovejoy says the company has already extended managed security and professional security services as an integral part of its overall strategy, and does not exclude the acquisition of powerful regional hosting services providers. The company is working with At&t to quickly expand functionality to cover SaaS-based security products, professional security services, and more security services.

Chicago Chief information officer Paul Bivian says companies should focus on quick fixes. At last week's Intel Security focus meeting, he said patch fixes and vulnerabilities and configuration management were the most important areas. In Chicago, about 5% to 7% of the IT budget is dedicated to information security.

"We are trying to develop a risk-based decision model for Chicago," Bivian said. "To raise the security budget, we have a strategic plan to get federal money." ”