The security sector is increasingly confronted with budget cuts. Technical solutions have to cope with this. Standardisation and automation can help to make the best use of stretched budgets. Support from artificial intelligence and zero-trust approaches also promise more efficiency in IT security.
IT-security trends and perspectives in the shadow of the crises
The crises of the last few years have led to savings and changes in most companies. Security experts have to react to this. They are looking for technologies and strategies that can be used cost-effectively.
Skills shortages, inflation, the Covid-19 crisis and delivery difficulties - the last few years have presented many companies with major challenges. In view of the predicted recession, many budgets are coming under scrutiny. IT security spending will not be spared. But cyber criminals will not be retreating in the face of economic problems; on the contrary, they are more likely to increase the intensity, experts fear. This results in an asymmetrical threat situation.
The CISO is faced with the task of maintaining the same level of protection with a smaller budget or even increasing it, as surveys show. This balancing act requires new ideas. Many see the solution in greater automation in the security sector, for example in the evaluation of warnings and alarms or for threat intelligence. Some experts see another field for automation in patch management. Security patches are often handled far too carelessly and sometimes simply overlooked, they warn. But with unpatched vulnerabilities comes a high risk of attack. Standardisation and automation in the control and management of patches offers a high potential to reduce the attack surface without significant additional effort.
Automation and AI as a solution
The outsourcing of internal IT systems, for example to the cloud, aims in the same direction. Moving to the cloud allows companies to consolidate more and, in many cases, improve IT security if they do so consciously and with reduced staffing.
Today's companies have an extensive data pool at their disposal. The use of this mass of data has proven to be a valuable basis for decision-making in recent years. In difficult times, companies will increasingly use the resulting opportunities to use resources sparingly and to counter financial bottlenecks. The specialists estimate that the use of reliable data will be a decisive competitive advantage when it comes to mastering difficult economic conditions.
The more intelligent use of resources will increasingly include the use of AI for IT-security. Be it for the analysis of vulnerabilities or in the area of threat intelligence. When it comes to identifying threats, such analyses could not only be helpful, but also have a cost-cutting effect. According to experts, AI will also play a key role when it comes to identifying sensitive company data and regulating access to it.
Zero Trust can save costs
The introduction of zero-trust technologies can also have a positive effect on the budget. Often, security improvements can already be achieved with organisational changes and their technical mapping on the system landscape. Experts expect that attention will increasingly focus on such measures, especially in the context of digitalisation. One other component of this can also be increased cooperation between security teams and development teams.
Resilience is one of the current top trends according to Gartner. Digital immune systems that provide resilience and mitigate security and operational risks will become increasingly important, especially in the CRITIS sector.
Security laws and regulatory projects, such as those emanating from EU measures, are an additional factor. This is also particularly true in the CRITIS area, but increasingly also in the area of key industries and sensitive economic sectors, such as the financial sector. At the top of the list is security-by-design, which is increasingly demanded by legal requirements. For technology companies seeking government contracts, it will become increasingly important to work with the public sector and consider these government regulations as the basis for developing secure software.
