IT security is top-of-mind in most enterprise organizations. It's no surprise, given recent events. Worldwide spending on information security will reach $75.4 billion in 2015 -- that's an increase of 4.7 percent over 2014, according to the latest market study by Gartner, Inc.
The increase in spending is being driven by government initiatives, demand for new regulations or legislation and ongoing high-profile data breaches. As a result, affordable security testing or auditing, IT security support outsourcing, and identity or access management present the greatest growth opportunities for technology vendors and cloud service providers.
According to Gartner, spending in areas such as network endpoint protection platforms and consumer security software is starting to see commoditization, leading to a downgrade in the forecast for these established segments during 2015.
While the visibility and growing awareness of the impact of cyber threats keeps attention on security, the bulk of the security software market is composed of mature technology areas where the penetration rate is already high.
"Interest in security technologies is increasingly driven by elements of digital business, particularly cloud computing, mobile computing and now also the Internet of Things (IoT), as well as by the sophisticated and high-impact nature of advanced targeted attacks," said Elizabeth Kim, research analyst at Gartner.
This shifted focus is driving investment in emerging offerings, such as endpoint detection and remediation tools, threat intelligence and cloud security tools, such as encryption. However, strength in these emerging segments cannot compensate for the downgrade of the larger mature segments that are being commoditized.
Other information security market trends include:
Price increases of as much as 20 percent will drive some organizations to forgo security purchasing in 2015, especially in Europe. This trend will create market opportunities for vendors with alternative business models and lower costs, such as more open-source based solutions.
For the past three years, lean-forward organizations have been wary of an advanced-threat environment in which bad actors innovate faster than traditional blocking mechanisms, such as firewalls, intrusion prevention systems (IPSs) and secure Web gateways, can react.
In response, the most widely adopted advanced-threat detection technique deployed is network malware sandboxing, which has appealed to well-staffed incident response teams.
Recently, several high-profile breaches have broadened the perceived need for zero-day malware detection in a sandbox, but it can increase costs for the midsize or under-staffed security client.
Incumbent security platform vendors introduced less costly, often cloud-based, malware detonation sandboxes as platform extensions. That being said, there is growing demand for more automated lower-cost solutions in the global marketplace.