Despite grim predictions for IT spending overall, spending on security will continue to grow through 2009 across most industry sectors, according to the Institute for Applied Network Security (IANS).
However, security needs and expenditures will differ between geographic regions in the United States.
These findings resulted from two information security forums held by IANS in Boston and Texas recently, for high-level security professionals and security solution providers.
Many differences in security needs and expenditures “result from organization maturation and market sector demands,” IANS co-founder Jack Phillips said. “For example a rail company in the Southwest — often conservative in nature and typically not an early adopter — has very different security concerns than leading financial institutions, academia, or medical research organizations in the Northeast.”
IANS information security forums are about tactics and theory, and real life experience, and are designed to let attendees learn more about the security issues facing their peers.
Overall, data protection remains the top priority, and most organizations deploy encryption, which is the easiest approach to data protection. Data loss prevention (DLP) is one area where geographical differences emerge. “In the middle of the country, most organizations are just now considering DLP technology, but, on the East Coast, most organizations are now asking if they still need it after making an initial purchase,” Phillips said.
Intrusion detection and protection systems have been widely adopted, and vendors have added so much functionality that IT security executives, particularly in the Northeast, “wonder if they can get away without spending money on DLP,” Phillips said.
Security information and event management (SIEM)
On the other hand, IANS forums held in Boston and New York “are essentially SIEM user groups since adoption rates there are so high,” Phillips said.
Vulnerability management is hottest on the East coast. “Financial services, biotech, medical and insurance companies, and universities up and down the East Coast tend to lead adoption of automating vulnerability scanning and pursuing the new breed of unified threat managers (UTM) on the market today,” Phillips said.