Next year will be the high mark in corporate IT security spending, after which spending will drop to around 5% of IT budgets, says Gartner analyst Rich Mogull.
"The reason for this will be because corporations would have to build more secure networks to protect the enterprise," Mogull said during his presentation at the Gartner Symposium/ITxpo Africa being held in Cape Town this week.
According to Gartner`s predictions, by 2006, information security spending will drop to 4% or 5% of IT budgets on average as enterprises improve security management and efficiency.
The lowest-spending 20% of organisations, the most efficient ones, will safely reduce the share of security in the IT budget to between 3% or 4% in two years.
However, Mogull said security managers should include estimates of measurable security improvement with every request for spending. Business units should include security spending in all IT project requests.
"The myth that software has to have flaws is only true if you use flawed software," he said.
Mogull`s list of security technologies that companies will need includes quarantine/containment, security audit capabilities and automated password management.
Security technologies that would probably not be needed include personal digital signatures, quantum key exchange, and 500-page security policies.
Martin Field, Symantec`s EMEA technical director, who spoke after Mogull, said security information has to be distilled to make it accessible to a company`s board members so they can get a handle on the threats faced.
"Most security software generate huge amounts of data that are almost impossible to interpret, and since security policies have to be signed off by the board, they need to realise the full implications of that information," he said.
Share
