« Small Companies See Bigger Risks | Main | When Will We Measure Consumer Security Confidence? »

A recent blog on Securosis pretty much codifies what has become common knowledge when thinking about where security is going, and that's to where the attacks are, or at least the high-profile, company-slaying type of attacks, which means most of the future growth in security will come from data and application security (although Identity and Access Management will remain an important issue).

Taking a good guy versus bad guy approach, we have seen a major shift in the types of attacks on companies and the people doing the attacking -- with hacking moving from essentially a hobby to a full-time career choice, and with cybercriminals using the Internet to organize and exchange information and set up secondary markets to buy and sell malware and data -- and on the flip side, you have companies who have mostly remained static in their defenses, employing stop-gap measures like firewalls and IDS and antivirus.

Looking at it like that, I think we can expect to see some high-profile breaches in the future, which will in turn influence stricter and stronger compliance, which will continue to feed into data and application security growth.

As Rich Mogull concludes in Securosis, “data security issues (and the related application security) will account for over 60% of new enterprise security spending -- this includes spending on new technologies, and excludes maintenance of existing technologies such as firewalls and antivirus, which account for most current security costs. “

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/2972