By 2016, 25% of large enterprises will make security-related spending decisions based on analytical determinations of risk.
In addition, the IDC FutureScape: Worldwide Security 2015 Predictions identifies the following trends:
* Biometric identification – Mobile devices have biometric capabilities and in 2015 we expect that 15% of those devices will be accessed biometrically, and that number will grow to 50% by 2020.
* Threat intelligence – By 2017, 75% of large enterprises will receive custom threat intelligence information tailored to their industry, company, brand, and environment.
* Data encryption – By the end of 2015, 20% of proprietary data in the cloud will be encrypted. By 2018, that will quickly rise to 80%.
* Security SaaS – Enterprises will be utilizing security software as a service (SaaS) in a greater share of their security spending. By the end of 2015, 15% of all security will be delivered via SaaS or be hosted and by 2018 over 33% will be.
* User management – By 2016, multi-factor authentication will be the primary method of access control used by 20% of enterprises for highly privileged or otherwise sensitive accounts.
* Hardening endpoints – By 2017, 90% of an enterprise’s endpoints will utilize some form of hardware protection to ensure that endpoint integrity is maintained.
* Security as a feature – Security features are rapidly being embedded into business applications. By 2018, 25% of security applications that were previously purchased independently will be incorporated directly into business applications.
* Software security – By the end of 2015, 10% of all enterprise commercial Web sites and mobile applications will have been scanned for vulnerabilities and, by 2018, 40% will be scanned regularly.
* Executive visibility – By 2018, fully 75% of chief security officers (CSO) and chief information security officers (CISOs) will report directly to the CEO, not the CIO.
“IT is an indispensable component of the business process, especially with the adoption of the 3rd Platform,” says Charles Kolodgy, research vice-president: Security Products at IDC. “The IT infrastructure is under constant attack from a variety of players from mischief-makers to nation states and everyone in between. The cybercrime environment is most interested in committing financial fraud, data theft, corporate espionage, and disruption or destruction of infrastructure and processes. Enterprises and organisations are engaged in a constant arms race with the attacking elements and generally the perception is that the offense is winning.
“IDC believes that IT security decisions should be made with a better understanding of the existing trends and opportunities. IDC’s security research team has identified ten strategic security decision imperatives enterprises must address over the next several years. The decision imperatives are all designed to move enterprise security from being relative towards being proactive.”
