Mid-tier companies are battling a black hole of time, security expertise, and budget to procure, implement, and manage a variety of security products, according to a study conducted by 451 Research.
82 percent of respondents indicated they spend 20 to 60 hours of in-house staff resources a week to do that. Despite the well-documented challenges associated with finding and retaining security professionals, the study revealed that nearly three-quarters of the respondents dedicate between 3-5 full-time employees to manage their security.
The financial burden
The financial hit to mid-tier businesses is an average of $178,000 annually just for network security, which represents 39 percent of an organization’s total IT security budget.
The financial burden will continue to increase, and signs point to network security as a significant business priority. Network security spending will grow nearly twice as fast as overall IT security spending over the next five years, projecting a compound annual growth rate (CAGR) of 8.9 percent, from $2.4 billion in 2016 to $3.5 billion in 2021. Forty percent of respondents project their spending on network security will increase between 10 to 20 percent in the next 12 months.
“The security challenge for mid-tier businesses is multi-dimensional. For these businesses, everything seems to be increasing—attack frequency, compliance requirements, complexity, costs, and the number of security products that need to be managed,” said Daniel Cummins, analyst at 451 Research. “Cloud-based security-as-a-service offers potentially significant advantages in terms of simplicity and access to security that may prove to be less complex and expensive than traditional approaches.”
Security-as-a-Service model winning over mid-market companies
The study heralded a potentially seismic shift in the channel ecosystem and how security is delivered to mid-tier businesses.
Nearly 40 percent of respondents indicated part-time employees, contractors, and Managed Security Service Providers (MSSPs) manage their security workload. However, 72 percent of respondents indicated a preference for security-as-a-service compared to MSSP (9 percent) or on-premise (19 percent) solutions for managing security.
Other key findings
- The most desired cloud-based security capabilities were data loss prevention, network access control, and encryption, followed by threat management, application control, SSL decryption, and URL filtering.
- The top cloud-based security use cases cited were threat management and branch office enablement and optimization, followed by multiprotocol label switching (MPLS) displacement, MSSP displacement, on-demand security, and securing SaaS applications.
- More than 60 percent cited legacy IT as the greatest barrier to improving visibility and control within their networks, followed by lack of budget at 27 percent.