h1

Gartner’s Security Expenditure Predictions: Off-Beam?

August 26, 2010

By Steve Gold, freelance business and IT journalist for over 25 years

It’s interesting to read that Gartner is saying that the IT security software market is “poised” for 11 per cent growth during 2010 (http://bit.ly/cmttGD) – up from 7 per cent in 2009.

Ruggero Contu, a principal research analyst with Gartner, says most segments of the security software market will continue to grow over the next few years, although a significant degree of variation is expected between the more-established and less-mature technologies.

Overall, he says in his report, security will remain one of the fastest-growing areas within the enterprise software market.

The topic will be debated at the research firm’s upcoming conference – Gartner Security & Risk Management Summit 2010 – which takes place in London on the 22nd and 23rd of September. I will be very interested to hear the experts’ view on the subject.

But I have to disagree with Ruggero’s prediction that the IT security market will rise by 11 per cent this year. That may be the case on a global basis, but my discussions with IT managers in major UK corporates suggest that expenditures – in the UK at least – will be relatively flat.

The reason for this is two-fold. On the one hand, there is a move towards open source software by a growing number of corporates who, perhaps fed up with the changing licence fee structures of Microsoft and a number of other vendors (these licence fee structures have been “enhanced” in the last few years), are moving to the benefits of Linux and open source applications.

On the other hand, there is a budgetary issue; but more on this in a moment. First let’s look at why IT departments are moving to open source software.

Can you blame them? Instead of a continual set of opex costs for their software every year, there is a one-off opex cost of developing the in-house expertise to support the open source platforms they intend to use, and the vast reserves of free support in the open source software community.

While it’s impossible to produce any precise figures, my feeling is that the payback from switching to open source software – and not just in the IT security space – is measured in months, rather than years.

Your mileage (as they say) may vary, of course, but the bottom line is that expenditures on IT security may fall – unless, of course, Gartner does not include open source software in its predictions.

Delving into Gartner’s figures reveals that it is the consumer security software market that is buoying its 2010 predictions up, as the research firm says that 2010 revenues in this segment are set to reach $4.2 billion in 2010 – up from $3.9 billion in 2009.

But I’m sorry, I have to disagree this prediction as well, as my discussions with the IT security vendors suggest that most of them are moving firmly into the freeware space, with names like Astaro, Cloudmark and Trend Micro joining the ranks of AVG and Zone Labs in offering an entry-level freeware IT security offering.

Why are they doing this?

Simple – clouds pool intelligence. By pooling information from large numbers of freeware users on what is happening in the hacker and malware space on a real-time basis, they can offer an enhanced level of `intelligence’ to their corporate clients.

There’s another influence on corporate IT security departments, however, and one that was identified recently by Clive Longbottom, the founder of another research firm, Quocirca.

In his blog (http://bit.ly/bdosck) on the website for the popular storage industry event 360 IT  – the successor to Storage Expo – Clive says that IT departments are all too often being asked do more with less in order to clear the budget decks for what many CEOs view as a more important business investment.

But, says Clive, it is important to realise that IT expenditure is an important business, for the simple reason it is a core expenditure.

And, he adds, some IT departments have managed to effectively divorce themselves from their businesses and, as a result, are essentially viewed as external providers.

“And, as we all know, when times are bad it’s external providers that get squeezed,” he said, adding that many IT departments are suffering as a result of this.

The problem, says Clive, is that messages about technology are less than compelling to the business – particularly if the main benefit is that life will be easier for the IT function because of better management systems, modelling or whatever.

“These areas can still have a positive impact on the wider business – but benefits need to be teased out and communicated in the best possible manner,” he said in his blog.

To get IT departments back on track within corporates, Clive recommends that businesses should look at the Total Value Proposition (TVP – http://bit.ly/domVdy), which centres on the issue that any change in an organisation will be aimed at lowering cost, lowering risk and/or increasing value to the business.

Cost and risk are the easy ones to understand, he says, but value is more ephemeral.

“If a proposed change in the business can be shown to move these value/risk/cost variables in the right direction, it becomes far easier to get the go-ahead for any investment,” he said.

Good point, but if you carry the TVP issue to its logical conclusion, then open source applications really start to become very attractive.

Which kind of drives a London bus through Gartner’s predictions (sorry guys!) doesn’t it?…

What do you think about Gartner’s predictions? Share your thoughts with the Countdown team at countdown@launchpadeurope.com or on Twitter: @321infosecurity

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: