- Event Registration
- Events Calendar
- Gartner Blog Network
- Videos
- Podcasts
- Photographs
- Gartner Books
- Analyst Coverage Areas
- Press Release RSS Feed
- Attribution Guide
- Products & Services
- Company Profile
- Investor Information
- Executive Profiles
- Board of Directors
- Acquisition History
- Gartner Policies
- Office of the Ombudsman
- North America
- Europe
- Australia / New Zealand
- S.E. Asia / North Asia
- India and Korea
- Japan
- Latin America / Mexico
- CURRENT
- VIEW ALL
Gartner Says IT Security Spending Can be Reduced in Mature Organisations
** Gartner IT Security Summit 2006 to take place in London on 18-19 September **
Egham, UK, July 18, 2006 — Organisations that have reached a high level of IT security practice maturity can safely reduce the share of security spending in the IT budget to an average of between three and four percent, according to research and advisory firm Gartner, Inc. By contrast, organisations that are inefficient, have historically underinvested in security or are in highly regulated environments may spend at least eight percent of their IT budget on security.Gartner estimates that around 10 percent of organisations can be classified as having achieved a high level of IT security maturity today, increasing to 20 percent by 2008. This compares to around five percent in 2005. As a result, many organisations will continue to invest aggressively in IT security for the next few years.
Ant Allan, research vice president and conference chair of the Gartner IT Security Summit to be held in London in September, said that technology solutions now exist to solve most information security problems. “It’s a matter of implementing the technology efficiently and effectively so resources can be focused on new threats. Organisations that are still impacted by everyday routine threats must ramp up to become more mature in their approach.”
Mr Allan also stressed that the message to be conveyed to the business is not ‘we need more security’ but rather ‘we need more security process’. Security now has executive attention, and it needs to be treated like a business issue, not just a technology problem.
Gartner has identified four key processes that form the core of a mature information security management system:
1. Vulnerability management
2. Intrusion protection
3. Network access control and
4. Identity and access management.
Mr Allan said, “By mapping architecture and security controls against four key processes organisations can ensure compliance with regulations and increase security effectiveness and efficiency. Organisations must also improve how they work with vendors to select and implement those technologies that will give them most security benefit for the least cost.”
Contact:
Laurence Goasduff
Gartner
+ 44 1784 267 195
laurence.goasduff@gartner.com
About Gartner:
Gartner, Inc. (NYSE: IT) is the world's leading information technology research and advisory company. Gartner delivers the technology-related insight necessary for its clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, Gartner is the indispensable partner to 60,000 clients in 10,000 distinct organizations. Through the resources of Gartner Research, Gartner Consulting and Gartner Events, Gartner works with every client to research, analyze and interpret the business of IT within the context of their individual role. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, U.S.A., and has 4,000 associates, including 1,200 research analysts and consultants in 80 countries. For more information, visit www.gartner.com.
