|
|
|
EMA Research Summary:
Security as a Service: Transforming the
Landscape of Security Management
Introduction
The challenges of IT security management have expanded substantially for organizations worldwide.
Vulnerabilities and threats alike have exploded. Sophisticated exploits are becoming more difficult to con-
trol. Complex and often overlapping compliance requirements make security risks impossible to ignore.
Budget pressures both internal and external make it difficult for security teams to find the resources they
need to address these challenges—but in light of all these factors, they can ill afford to cut corners.
57% of those who use hosted
security technology delivered as
Software-as-a-Service (SaaS)
expect their use of Security
SaaS to grow in the coming
year. Small- to medium-sized
businesses in particular expect
a significant increase in their
use of Security SaaS by five-
to-one over large enterprises.
These issues raise a difficult question. How can today’s technology-centric
business afford not only to maintain the investment in security technology
and expertise needed to answer these challenges, but to expand capability
to deal with increasingly serious threats—particularly when resources are
already stretched to the limit?
For many, the answer to this question is increasingly found in security ser-
vices. Four times more organizations plan to expand their use of Managed
Security Services in the next 12 months than those who expect their use to
decrease. Fifty-seven percent of those who use hosted security technology
delivered as Software-as-a-Service (SaaS) expect their use of Security SaaS
to grow in the coming year. Small- to medium-sized businesses (SMBs) in
particular expect a significant increase in their use of Security SaaS by five-
to-one over large enterprises.
Theseandotherfindingsweretheresultof ENTERPRISEMANAGEMENT
ASSOCIATES® (EMA™) research into the trends and drivers behind the
adoption of Managed Security Services and Security SaaS conducted in the first half of 2010. In the full
report, entitled Security as a Service, EMA examines the findings of its survey of more than 200 organizations
worldwide. In this study, large enterprises and SMBs alike provided valuable insights into drivers behind the
adoption of security services.
Key Research Findings
• 65% of all respondents spend more than 10% of their IT budget on security. Thirty-two percent of
respondents spend more than 20%, while 8% spend more than 30%. Organizations increasing their
spending on IT security over the previous year exceeded those reporting decreases by nearly 5-to-1.
• Regardless of increased security spending, resource constraints on security management remain
significant. Attacks against Web servers and data privacy concerns stand out as top security concerns—
yet 27% of enterprises and 44% of SMBs say they do not have the resources they need to manage Web
application security. In one of the world’s largest technology companies, a team of only 13 is responsible
for prioritizing vulnerability management across a global network of as many as 56,000 subnets.
• Finding and retaining qualified personnel are the top security staffing challenges. This exacerbates one
of the most difficult issues faced by enterprises—security management at scale. Large organizations
need highly scalable automation to compensate for extreme disparities between the sheer size of their
security challenges, and the personnel available to meet them.
ADVISORY NOTE | 1
©2010 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
|
|
|