According to Gartner, the increasing adoption of mobile, cloud, social and information (often interacting together) will drive use of new security technology and services through 2016.
“This Nexus of Forces is impacting security in terms of new vulnerabilities,” said Gartner research director Lawrence Pingree. “It is also creating new opportunities to improve effectiveness, particularly as a result of better understanding security threats by using contextual information and other security intelligence.”
Mr. Pingree said that the bigger trend that emerged in 2013 was the democratization of security threats, driven by the easy availability of malicious software (malware) and infrastructure (via the underground economy) that can be used to launch advanced targeted attacks.
“This has led to increased awareness among organizations that would have traditionally treated security as an IT function and a cost center,” said Mr. Pingree.
Other trends in the information security market that form assumptions behind Gartner’s latest forecast include:
By 2015, roughly 10% of overall IT security enterprise product capabilities will be delivered in the cloud.
A significant number of security markets are being impacted by newly emerged delivery models. This is resulting in the growth of cloud-based security services, which are transforming, to different degrees, the way security is supplied and consumed by customers. While cloud-based services' competitive pricing puts pressure on the market, the cloud is also providing new growth opportunities, as some organizations switch from deploying on-premises products to cloud-based services or cloud-managed products. More than 30% of security controls deployed to the small or midsize business (SMB) segment will be cloud-based by 2015.
Regulatory pressure will increase in Western Europe and Asia/Pacific from 2014.
Regulatory compliance has been a major factor driving spending on security in the last three years, particularly in the U.S. Gartner expects this influence to accelerate from 2014. Broader data privacy legislation such as the Australian Privacy Act is expected to sustain spending on security this year. Other examples of intensifying regulatory pressure driving spending on compliance include the issue of guidelines regarding personal information protection in China in February 2013 (although they are not legally binding) and planned implementation of an addition to the EU Data Protection Directive. Other examples include personal data protection laws (introduced in 2013) in Singapore and Malaysia.
By year-end 2015, about 30% of infrastructure protection products will be purchased as part of a suite offering.
The presence of highly mature and commoditizing technologies, such as EPP and email security, will be contrasted by growth opportunities offered by segments such as SIEM, DLP and emerging technologies within the "other security" segment. Security providers in the more mature and consolidated segments are predicted to support sales through the addition of new security controls as part of broader suite offerings. This will be the case within the EPP segment, with the increasing availability of DLP, mobile device management, vulnerability assessment, hosted archiving and encryption for secure email gateway. This expansion of suite offerings to include new security controls is expected to help maintain momentum and slow down commoditization of these mature markets.
By 2018, more than half of organizations will use security services firms that specialize in data protection, security risk management and security infrastructure management to enhance their security postures.
Many organizations continue to lack the appropriate skills necessary to define, implement and operate appropriate levels of data protection and privacy-specific security controls. This lack of skills leads organizations to contract security consulting firms that specialize in data protection and security risk management to address regulatory compliance demands and enhance their security postures. A significant portion of organizations are shifting existing resources away from the operational aspects of security technologies, such as security device administration and monitoring, toward mitigation and incident response. This new dynamic has given rise to significant growth throughout the globe for managed security services.
Mobile security will be a higher priority for consumers from 2017 onward.
There is a lack of penetration of security tools among users of new mobile platforms, and Gartner does not expect to see new demand for this type of capability to emerge before 2016. Most consumers do not recognize that antivirus is important on mobile devices and therefore have not yet established a consistent practice of buying mobile device endpoint protection software. This purchasing trend and market shift away from PCs will have significant repercussions on the consumer security market. However, as mobile devices gain in mass popularity and as security is likely to be a higher priority from 2017 onward, then new market opportunities are likely to emerge.