Cloud Security Spending to Buoy the Security Market in 2020

Enterprises are putting the brakes temporarily on security spending amid the chaos of the global pandemic, but analysts believe that 2020 will still see growth in the market. A new worldwide security and risk management spending forecast released by Gartner this week updated numbers downward, with the firm projecting infosec spending to grow 2.4% this year compared to the more rosy 8.7% it predicted in December 2019. If the stats hold, the security market will hit $123.8 billion by year end.

“Like other segments of IT, we expect security will be negatively impacted by the COVID-19 crisis,” said Lawrence Pingree, managing vice president at Gartner. “Overall we expect a pause and a reduction of growth in both security software and services during 2020.”  

According to Gartner, in the immediate investment horizon the working conditions the coronavirus pandemic has presented is pushing organizations to shift security spending to support accelerated cloud adoption, remote worker technologies, and cost-saving measures.

The numbers show an expected growth rate of 33.3% for cloud security, far outstripping the second priority of application security which will see 6.2% growth.

"Here are a few factors in favor of some security market segments, such as cloud-based offerings and subscriptions, being propped up by demand or delivery model," Pingree explained. "Some security spending will not be discretionary and the positive trends cannot be ignored."

The disruption of market forces by the exigencies of the pandemic have clearly distilled and focused a lot of ongoing modernization efforts both on the enterprise and vendor sides of the house. For example, as Gartner explains, the security vendor market was already well underway to transform itself with cloud-based  vendors were shift was already fully in process for the enterprise to move broader swaths of its technology capabilities to a cloud-based delivery models, which will serve to make the security market more resilient across the board during a downturn.

Meantime, even at the beginning of the year before COVID-19 started its global spread SANS Institute's spending survey showed that cloud security spending would be the top priority for enterprises. According to the study, the increased use of public cloud IaaS and hybrid cloud was named by 50% of respondents as the number one driver to changes in the security roadmap for 2020 and beyond.

The drastic shift to work from home (WFH) policies has only served to crystalize the phenomenon, as many organizations sped up cloud adoption plans to support remote workers and more quickly provide customers with a new mix of digital projects to satisfy market needs from the sudden lockdowns.

Meantime, the hits keep coming for cloud assets. A recent study by IDC found that 79% of companies have experienced at least one breach in the past 18 months. And among those impacted, 43% have experienced 10 or more of these cloud security incidents during that same timeframe. In that study of CISOs, it was found that 64% named a lack of visibility into live cloud environments as the top threat to organizations. This tracks with SANS findings, which show that security visibility is still a struggle in the cloud.

According to SANS analyst Barbara Filkins:

"The movement of production workloads to IaaS has had two major and distinct impacts on traditional security operations:

• Traditional methods of security visibility and control across servers in customer- premised data centers must be extended into the virtual IaaS environment, or new methods of security visibility and control must be developed.
• The elasticity of IaaS services has allowed IT to move to rapid Continuous Integration/ Continuous Delivery (CI/CD) DevOps methodologies. Security processes and controls have to be re-architected to keep up with the pace of change."

According to SANS, the number one priority for enabling safe cloud adoption is to bolster cloud security monitoring, followed by CASB tools, improving cloud security skills among defenders, bolstering authentication, and strengthening cloud-visible detection and response tools.