Security budgets are rising, but is it enough?

A majority of companies (54 percent) are worried that they will soon outgrow their security solutions, according to Threat Stack. While budgets are expected to increase by 19 percent over the next two years, organizations are struggling with a disconnect between security and DevOps and are facing difficulties in determining where to allocate this budget in the face of rapidly evolving infrastructure.

OPIS

With less than half of their infrastructure remaining on-premise (41 percent), businesses are increasingly making significant migrations to infrastructure-as-a-service (IaaS) (25 percent), platform-as-a-service (PaaS) (17 percent), and containers (10 percent). This is one of the primary reasons why respondents indicated that their top two budget investments in 2019 will be directed at cloud workload security and intrusion detection systems (IDS).

Friction between security and DevOps teams

Previous Threat Stack research indicated that while DevSecOps is a stated goal at most organizations, it is far from a reality. In fact, the two areas appear to be at significant odds internally. A common complaint within organizations is that development is working contrary to security team goals: 91 percent of respondents believe that development teams introduce risk to the organization. The top three reasons for this increased risk center on required access to:

  • Sensitive corporate information (45 percent)
  • Personally identifiable information (40 percent)
  • Root-level permissions (34 percent)

A significant portion (29 percent) of respondents believe that their organization prioritizes releasing code that “works” over code that is secure.

Security teams are carrying their own organizational baggage as well. Almost three-quarters of respondents (74 percent) agreed that the security team is under pressure to keep pace with development and operations, and 63 percent believe their security team slows down the speed of their business.

Security budget growth having limited impact

Security budgets are expected to grow by an average of 19 percent within the next two years to an average of roughly $773,000. But more than 90 percent of respondents also report that they face significant challenges related to budget allocation, with:

  • 53 percent saying it is difficult to choose a security solution that is both scalable and within their budget.
  • 39 percent reporting struggles evaluating security vendors and defining how each security element impacts business risk.
  • 31 percent reporting that different departments and areas of the business control their own security budget, which makes it difficult to execute on an overall business strategy.

As a result, despite organizations devoting additional resources to security, 32 percent believe their cloud security processes need significant improvements.

Security budget growth having limited impact

Security budgets are expected to grow by an average of 19 percent within the next two years to an average of roughly $773,000. But more than 90 percent of respondents also report that they face significant challenges related to budget allocation, with:

  • 53 percent saying it is difficult to choose a security solution that is both scalable and within their budget.
  • 39 percent reporting struggles evaluating security vendors and defining how each security element impacts business risk.
  • 31 percent reporting that different departments and areas of the business control their own security budget, which makes it difficult to execute on an overall business strategy.

As a result, despite organizations devoting additional resources to security, 32 percent believe their cloud security processes need significant improvements.

OPIS

Short-Term IT and security approaches impede long-term scalability

The end result of this misalignment is an IT and security strategy that senior-level decision-makers feel is not scalable. Many enterprises are already feeling the pinch as 54 percent of respondents believe their organization is at risk of outgrowing their security solutions. And businesses aren’t being strategic with their IT strategy — 52 percent of respondents indicated that their organization’s current security technology is not well enough coordinated to sustain future growth.

Don't miss