Source: Sanket Mishra via Pexels.
A study conducted by 451 Research, a part of S&P Global Market Intelligence examines security technologies under our coverage in terms of current usage, planned growth, representative vendors leveraged by survey respondents, and spending intentions for those enterprises currently leveraging each security technology.
The Take
When generative AI rose from practically nowhere to become the third-most-cited pain point for 14% of respondents to the budgets and outlook for 2024 study, also conducted by 451 Research, a part of S&P Global Market Intelligence, it became clear that the explosion of GenAI possibilities that dominated many organizations’ 2023 technology plans resulted in a downstream problem for the chief information security officer: how to secure the usage of large language model (LLM)-based applications, APIs and data at large. Security vendors have entered the space with solutions that range from firewall-like products and security middleware layers to the tailoring of application security testing solutions for LLM application use cases that have varied goals around protecting models from attacks, stopping data leakages and ensuring the use of nonvulnerable components. It is perhaps of little surprise then to see “security for GenAI” as a top growth space identified by survey respondents, with 23% conducting current technology pilots and an additional 12% having project plans that call for implementation within the next 12 months.
Summary of findings
Alongside security for GenAI, several other technologies appear in near-term plans. One such technology is bot detection and mitigation (in pilot for 24% of respondents), which is a form of website protection designed to address a number of use cases, including account takeover attacks, as the tool ecosystems and specializations that bad actors use to commit fraud grow ever more sophisticated. Identity management technologies appear three times on the list of technologies that are most identified as in enterprises’ immediate plans: zero-trust network access (22% in pilot), identity validation/proofing verification (17%), and identity governance and administration (17%). The recent coverage of the XZ backdoor is yet another reminder of the susceptibility of the open-source ecosystem that modern application development depends on, which drives the growth of both software composition analysis (21% in pilot) and software supply chain security (16%).
Staple security technologies continue to dominate among respondents, with firewalls (78%), email security (73%) and endpoint security (71%) topping the list. That does not suggest a lack of innovation in these spaces — for example, email security threats continue to be a major entry point for attacks, and phishing attacks grow ever more sophisticated, now enabled by some of the GenAI capabilities discussed earlier. Multifactor authentication, or a lack thereof, continues to be cited as a proximate cause of data breaches, most recently identified in the downstream breaches of Ticketmaster and Santander Bank via their usage of Snowflake Inc.’s data cloud services. The use of MFA grew from 54% in 2023 to 61% in 2024.
In terms of respondent discussion around spending plans for implemented technologies, although it is still in early stages, security for GenAI will capture “significant spending” from 36% of respondents who have already implemented it. A pair of data security technologies immediately follow: sensitive data discovery/classification, which is in line for significant spending increases among 28% of those who have implemented the technology, and data loss prevention, for which 27% say the same. API security is also capturing significant spending increases among 27% of its users, as the dependence on APIs grows exponentially each year.
Data protection and security — two sides of the same coin?
Want insights on Infosec trends delivered to your inbox? Join the 451 Alliance.
