BOSTON, Mass. — October 18, 2018 — Threat Stack, the leader in cloud infrastructure security, today announced the findings of The 2018 State of Security Budgeting report. This new survey indicates that a majority of companies (54 percent) are worried that they will soon outgrow their security solutions. While budgets are expected to increase by 19 percent over the next two years, organizations are struggling with a disconnect between Security and DevOps and are facing difficulties in determining where to allocate this budget in the face of rapidly evolving infrastructure.
With less than half of their infrastructure remaining on-premise (41 percent), businesses are increasingly making significant migrations to infrastructure-as-a-service (IaaS) (25 percent), platform-as-a-service (PaaS) (17 percent), and containers (10 percent). This is one of the primary reasons why respondents indicated that their top two budget investments in 2019 will be directed at cloud workload security and intrusion detection systems (IDS).
Friction Between Security and DevOps Teams
Previous Threat Stack research indicated that while DevSecOps is a stated goal at most organizations, it is far from a reality. In fact, the two areas appear to be at significant odds internally. A common complaint within organizations is that development is working contrary to security team goals: 91 percent of respondents believe that development teams introduce risk to the organization. The top three reasons for this increased risk center on required access to:
- Sensitive corporate information (45 percent)
- Personally identifiable information (40 percent)
- Root-level permissions (34 percent)
A significant portion (29 percent) of respondents believe that their organization prioritizes releasing code that “works” over code that is secure.
Security teams are carrying their own organizational baggage as well. Almost three-quarters of respondents (74 percent) agreed that the security team is under pressure to keep pace with development and operations, and 63 percent believe their security team slows down the speed of their business.
Short-Term IT and Security Approaches Impede Long-Term Scalability
The end result of this misalignment is an IT and security strategy that senior-level decision-makers feel is not scalable. Many enterprises are already feeling the pinch as 54 percent of respondents believe their organization is at risk of outgrowing their security solutions. And businesses aren’t being strategic with their IT strategy — 52 percent of respondents indicated that their organization’s current security technology is not well enough coordinated to sustain future growth.
Security Budget Growth Having Limited Impact
Security budgets are expected to grow by an average of 19 percent within the next two years to an average of roughly $773,000. But more than 90 percent of respondents also report that they face significant challenges related to budget allocation, with:
- 53 percent saying it is difficult to choose a security solution that is both scalable and within their budget.
- 39 percent reporting struggles evaluating security vendors and defining how each security element impacts business risk.
- 31 percent reporting that different departments and areas of the business control their own security budget, which makes it difficult to execute on an overall business strategy.
As a result, despite organizations devoting additional resources to security, 32 percent believe their cloud security processes need significant improvements.
“Budget constraints are a constant challenge for security teams,” said Jonaki Egenolf, Chief Marketing Officer, Threat Stack. “Through the Threat Stack Cloud SecOps Program, we work directly with customers to alleviate some of that pressure by augmenting short-staffed security teams and helping to maximize the value of cloud security investments. There is no one-size fits all answer to cloud security, which is why we provide specific, customized, and actionable recommendations designed to decrease risk without slowing down the speed of their business.”
The research was conducted by Vanson Bourne. The findings encompass feedback from more than 300 security, IT, and compliance decision makers at a variety of organizations, from enterprise to startup, across several different industries including healthcare, retail, financial services, and more.
- Full Report: The 2018 State of Security Budgeting
- Executive Summary: The State of Security Budgeting in 2018
- Blog Post: How to Cope With the Security Talent Shortage in SecOps
- Infographic: The 2018 State of Security Budgeting: Key Findings
- Webinar: How to Spend your Security Budget in a DevOps World
About Threat Stack
Threat Stack enables DevOps and SecOps teams to innovate and scale securely, meeting complex cloud security needs by identifying and verifying insider threats, external attacks, and compliance gaps in real time. Purpose-built for today’s infrastructure, the Threat Stack Cloud Security Platform® and Cloud SecOps Program℠ combine continuous security monitoring and risk assessment to empower security and operations teams to better manage risk and compliance across their entire infrastructure, including cloud, hybrid-cloud, multi-cloud, and containerized environments.
For more information or to schedule a free demo, visit threatstack.com.
fama PR for Threat Stack