Information Security Trends

Cloud is Driving Shift in Security Spending

By Tracy Corbo

Security budgets continue to rise thanks in no small part to highly publicized security breaches such as Spectre and Meltdown. These unexpected threats have helped fuel security spending increases making security the second most common budget increase behind hosted cloud.

Fewer respondents are limiting cloud to lower risk applications, fewer are depending exclusively on cloud provider security controls, and fewer think a cloud provider will be the first to alert them of a data breach. These multiple indicators point to security as being less of an inhibitor to hosted cloud than in the past.

A February survey of 581 members of the 451 Alliance looks at the trends and factors affecting security budgets and how security teams are dealing with hosted cloud.

Report Highlights

  •  Security Budgets Up. Companies of all sizes are increasing their spending, on average 17% for information security in 2018. Only 6% of organizations surveyed anticipate a decrease in spending.
  • Shifts in Security Spending. The changing dynamics of IT infrastructure largely thanks to cloud are driving a shift in how security dollars are being allocated. A gradual shift can be seen away from the more traditional hardware and network security tools toward application-centric approaches.
  • Impact of Cloud. Where security was once a major sticking point for implementing hosted cloud and while plenty of issues and concern remain especially for larger organizations – change is afoot. Customers are taking a more proactive approach to testing and performing due diligence on their hosted cloud environments and relying less on cloud vendors to notify them of data breaches.

Security Budgets

Security budgets are up – 80% of information security respondents anticipate a budget increase. The average budget increase is 17% across organizations of all sizes. Organizations with more than 10,000 employees expect to see an increase of slightly more than 20%.


“We’ve been spending the past couple of years really shoring, building up the baseline, getting us to a good solid base, and so that’s going to continue over the next year or so. As those mature, a lot of the spending is going to be on advanced analytics and looking at AI and machine learning technologies.”


Consumer Retail Products & Services –IT/Engineering Managers and Staff
>5K employees

Budget Distribution Across Tools. The gradual and underlying changes in the way technology services are consumed and delivered is affecting where security spending is applied. Network security tools continue to capture the highest percentage of security budgets (36%), but that percentage has decreased over the last three years.


Budget Allocation Across Resources. There is an information security skills shortage making hiring and retention a difficult proposition especially for very large organizations. Consequently, it is no surprise that 40% of current budgets are allocated toward personnel costs and human resources will remain the top security spending priority over the next two years.


“For security we don't have enough resources to be able to go at the rate that we want to … We have a lot of stuff that we could turn on and enhance, but we don't literally have the people that can watch and respond to the output or whatever.”


Financial Services – Senior Management >2k+ employees

Security and Cloud

On average, smaller organizations allocate a higher percentage of their information security spending on vendor-based security tools used to secure hosted cloud environments than larger organizations. This is in large part due to larger organizations having a greater amount of legacy of on-premises infrastructure that they must provide security for.


Potential Issues. Companies want to know when they entrust their data to a hosted cloud provider that it remains secure and private from ‘third party audit requests.’ Over a third of the respondents cite data confidentiality as the top potential issue with hosted cloud solutions. Compliance issues including how third-party requests are handled and data residency are also key issues.


Hosted Cloud Usage. While larger organizations are still slightly more averse to using hosted cloud for mission-critical applications than are smaller organizations, well over a third see hosted cloud as a viable option for any application, including high-risk ones. This indicates a shift away from security as a major roadblock to hosted cloud implementations.