BOSTON--(BUSINESS WIRE)--Threat Stack, the leader in cloud infrastructure security, today announced the findings of The 2018 State of Security Budgeting report. This new survey indicates that a majority of companies (54 percent) are worried that they will soon outgrow their security solutions. While budgets are expected to increase by 19 percent over the next two years, organizations are struggling with a disconnect between Security and DevOps and are facing difficulties in determining where to allocate this budget in the face of rapidly evolving infrastructure.
With less than half of their infrastructure remaining on-premise (41 percent), businesses are increasingly making significant migrations to infrastructure-as-a-service (IaaS) (25 percent), platform-as-a-service (PaaS) (17 percent), and containers (10 percent). This is one of the primary reasons why respondents indicated that their top two budget investments in 2019 will be directed at cloud workload security and intrusion detection systems (IDS).
Friction Between Security and DevOps Teams
Previous Threat
Stack research indicated that while DevSecOps is a stated goal at
most organizations, it is far from a reality. In fact, the two areas
appear to be at significant odds internally. A common complaint within
organizations is that development is working contrary to security team
goals: 91 percent of respondents believe that development teams
introduce risk to the organization. The top three reasons for this
increased risk center on required access to:
- Sensitive corporate information (45 percent)
- Personally identifiable information (40 percent)
- Root-level permissions (34 percent)
A significant portion (29 percent) of respondents believe that their organization prioritizes releasing code that “works” over code that is secure.
Security teams are carrying their own organizational baggage as well. Almost three-quarters of respondents (74 percent) agreed that the security team is under pressure to keep pace with development and operations, and 63 percent believe their security team slows down the speed of their business.
Short-Term IT and Security Approaches Impede Long-Term Scalability
The
end result of this misalignment is an IT and security strategy that
senior-level decision-makers feel is not scalable. Many enterprises are
already feeling the pinch as 54 percent of respondents believe their
organization is at risk of outgrowing their security solutions. And
businesses aren’t being strategic with their IT strategy — 52 percent of
respondents indicated that their organization’s current security
technology is not well enough coordinated to sustain future growth.
Security Budget Growth Having Limited Impact
Security
budgets are expected to grow by an average of 19 percent within the next
two years to an average of roughly $773,000. But more than 90 percent of
respondents also report that they face significant challenges related to
budget allocation, with:
- 53 percent saying it is difficult to choose a security solution that is both scalable and within their budget.
- 39 percent reporting struggles evaluating security vendors and defining how each security element impacts business risk.
- 31 percent reporting that different departments and areas of the business control their own security budget, which makes it difficult to execute on an overall business strategy.
As a result, despite organizations devoting additional resources to security, 32 percent believe their cloud security processes need significant improvements.
“Budget constraints are a constant challenge for security teams,” said Jonaki Egenolf, Chief Marketing Officer, Threat Stack. “Through the Threat Stack Cloud SecOps Program, we work directly with customers to alleviate some of that pressure by augmenting short-staffed security teams and helping to maximize the value of cloud security investments. There is no one-size fits all answer to cloud security, which is why we provide specific, customized, and actionable recommendations designed to decrease risk without slowing down the speed of their business.”
The research was conducted by Vanson Bourne. The findings encompass feedback from more than 300 security, IT, and compliance decision makers at a variety of organizations, from enterprise to startup, across several different industries including healthcare, retail, financial services, and more.
Additional Resources:
- Full Report: The 2018 State of Security Budgeting
- Executive Summary: The State of Security Budgeting in 2018
- Blog Post: How to Cope With the Security Talent Shortage in SecOps
- Infographic: The 2018 State of Security Budgeting: Key Findings
- Webinar: How to Spend your Security Budget in a DevOps World
About Threat Stack
Threat Stack enables DevOps and SecOps
teams to innovate and scale securely, meeting complex cloud security
needs by identifying and verifying insider threats, external attacks,
and compliance gaps in real time. Purpose-built for today’s
infrastructure, the Threat Stack Cloud Security Platform® and
Cloud SecOps Program℠ combine continuous security monitoring and risk
assessment to empower security and operations teams to better manage
risk and compliance across their entire infrastructure, including cloud,
hybrid-cloud, multi-cloud, and containerized environments.
For more information or to schedule a free demo, visit threatstack.com.