Gartner sees better days ahead for security budgets

The dismal economy has put the brakes on a lot of security projects, but the need to maintain the basics and automate some security functions has fueled interest in managed security services and some specific security areas, according to analysts at Gartner Inc.

Despite the dour economy, core security software functions are on pace to continue to grow, said Adam Hils, a principal research analyst with Gartner Research. Antivirus, antimalware and email security will continue to gain interest. New projects will be driven by regulatory compliance initiatives and areas affected by cost cutting measures.

"Companies are still doing the blocking and tackling," Hils said. "We are still seeing security budgets about flat, while the rest of IT is in a state of decline."

The spending data is a mixture of a fourth quarter 2008 survey conducted by Gartner and research conducted by Gartner analysts in the first half of 2009. It will be presented by Hils along with some predictions at the Gartner Information Security Summit next week at the Gaylord National Harbor Resort & Convention Center in Washington, DC.

Companies eager to find value in automating some security processes are turning to managed security services. Telecom providers, AT&T and Verizon have been traditionally strong players in the space, offering security packages on top of telecom services. But Gartner says investments continue around improving network security with the deployments of multifunction firewalls and intrusion prevention systems.

"We still see support for firewalls and intrusion protection system, especially where encryption and data leakage prevention being done," Hils said.

The economy is also shifting buying habits, according to Gartner. More and more companies are also tuning to a single vendor for most security needs, buying from suite vendors that have an established portfolio of products rather than best of breed vendors selling a niche technology. By 2010, companies will favor a single vendor for security applications.

Symantec ranked the highest in a list of security software and appliance vendors currently used by companies. It was followed by Microsoft, McAfee, Cisco and Trend Micro. Meanwhile, Symantec led the pack of managed security services providers, followed by IBM ISS, VeriSign and AT&T.

Hils said many vendors are reporting success targeting small and midsized businesses, where spending on security continues. Larger vendors have the ability to put large projects on hold and wait out a dismal economy, he said.

"Despite fact that many are getting pummeled in this economy, the rate of security spending is higher among small and midsized businesses," Hils said. "The small guys don't really have a full foundation and can't afford to wait. They have compliance regimes to meet."

Hils and other analysts say there is some signs making people more optimistic. In the financial services industry, which has been hit particularly hard, nearly half of the 175 security pros surveyed by SearchFinancialSecurity.com said their ability to obtain funding for security projects, products and services will improve in the second half of 2009. That survey ranked authentication, encryption and network access control (NAC) technologies as high budget priorities over the next year.

"Security projects around enterprise apps are being shelved and big projects that aren't demand driven are being shelved," Hils said. "While those projects are being put off, the basic stuff is still being done."