Re-evaluating information security architecture to accommodate the emerging hybrid workforce, while resuming security initiatives disrupted in the rush to support off-site workers during the pandemic, continues to drive an increase in security spending. The 451 Alliance’s Information Security, Budgets & Outlook 2022 study reviews information security budget priorities, strategic objectives and evolving perceptions of cloud security.
The vast majority (94%) of security leaders responding to our survey report that their budgets are increasing this year. Meanwhile, 16% of respondents cite securing remote work as a key strategic objective. The footprint of IT architecture to be secured remains complex, often involving both on-premises infrastructure and multiple clouds. The percentage of security spending allocated to the cloud continues to increase, now averaging 37% of security budgets.
Summary of findings
Information security budgets continue an upswing from the pandemic, with 94% of respondents reporting an increase in spending this year. The net change is an average increase of 26%. Only 1% plan to reduce their security spending, with 4% projecting no change. About 20% say the largest increase in spending will be on people costs, a continuing indicator of the difficulty of recruiting and retaining information security personnel.
In a similar vein, 19.6% say managed security services will be their largest area of increased spending. MSS offerings can create an economy of scale around common security monitoring tasks across different customers, offloading some portion of security operations analyst work. Every major product category has planned spending increases. SIEM and analytics platforms lead the way with 36% of respondents noting a significant increase in spending.
Information security managers note that 37% of their security spending is being allocated to securing cloud infrastructure. While the majority of respondents (65%) say that leveraging tools and services provided by default with their cloud subscription is the most common approach to security, the same proportion (65%) note that their approach in 2022 will extend to premium security services from the cloud providers.
Two in five (40%) indicate planned spending on third-party security tools and services that they will apply to their cloud infrastructure. Cloud security remains a top pain point, the second-most cited behind user behavior. The top cited cloud security issues include managing cloud configurations (30%) and managing identities and permissions for accessing cloud resources (27%). On a related note, identity management (37%) is the top-cited technology that respondents have implemented from a cloud marketplace.
Trends in Application Security Testing
A little more than half (51%) of respondents note that third-party cloud infrastructure can be used to host any application workload, independent of risk requirements or mission criticality. Only one-third (33%) limit their use of cloud based on application risk. More than half of respondents (55%) say the first indicator of a potential breach in the cloud would most likely come from the security monitoring capabilities they have set up for their cloud infrastructure.
About three-quarters (74%) of respondents have implemented additional third-party security controls for cloud-based productivity suites such as email. Of the group that hasn’t, 25% plan to implement such controls in the coming year. The top drivers for these implementations include better recognition of malicious content (51%) and better recognition of suspicious senders (39%).
Want insights on information security delivered to your inbox? Join the 451 Alliance.