Battle Tendency

In our last article, we talked about cybersecurity risks that may be present in the most popular IT technology currently in use. Although we mentioned some of these in the second part of our previous blog this time our topic will be slightly different. We will focus on the main IT investments for 2019 and the expected changes and trends for upcoming years. We will discuss about the budget allocation regarding IT, as well as the factors that lead companies to invest, or increase the investments in technology.

In recent years IT’s increasing relevance has been reflected in the increase in IT budgets. According to Spiceworks, in its State of IT report [1], by 2020 44% of companies surveyed will have increased, and plan to keep increasing, their technology budgets in upcoming years. Reasons to increase IT budgets are diverse, however, the most common factor concerning most companies is their need to replace outdated technology in order to remain competitive within their market. Relevant factors are:

Company size must always be taken into account when discussing technology and money. The larger the company, the higher the budget dedicated to IT, as we see in the following comparative table [2]:

However, a large investment in IT does not necessarily translate into improved security. A smart investment is frequently better and more profitable. Focusing on proprietary tools that do not solve the root causes of issues can mask real security risks and may promise solutions to nonexistent problems. A better course of action is to focus on real solutions.

As was previously mentioned, the most common reason companies invest in new technology is to replace old technology and thus remain competitive, but security also plays an important role in this field, since it is the second most relevant reason companies invest in IT.

Source:[1]

Companies seem to learn the hard way. It often takes a security breach for a company to increase or even define appropriate security policies regarding IT. Again, a higher investment does not guarantee a company’s resources will be protected. Investments must be balanced with good security practices and procedures to address worst-case scenarios, guaranteeing the safest and best use of every resource. With this in mind, we created Criteria, a summary of security practices and recommendations based on international security standards primarily in software, but also taking into consideration hardware and physical security measures. Check it out, it is free, and I am sure you will agree that enhancing the security policies of your company should be a top priority.

Now that we’ve clarified that companies are interested in improving their technology and that there is budgetary support for these changes, we should identify where allocated budgets are going. Of course, it depends on a company’s long-term vision, as well as its size, but we can search for some patterns if we take a look at the budget allocation trends projected for IT in 2020:

Spiceworks' [1] research surveyed 1,005 European and North American companies. They found that in 2020, companies' main investment interests are projected to be in hardware, software, and cloud-based services. So let’s take a look at the results and form our own conclusions.

What grabs our attention is the IT technology that companies are most interested in acquiring. This technology is likely to become the industry trend in the upcoming years. Spiceworks can help us again to form a more complete picture of what hot topics will be trending in the technology field:

We can also take a glance at the KPMG report [2] which offers us a similar panorama for IT investments in 740 technology companies from 12 countries:

Now we see some patterns emerging. Internet of Things (IoT), IT automation, Artificial intelligence, Virtual reality, and Blockchain technology are the most adopted technology for several companies. Some other trends, such as serverless computing, container technology, and hyperconverged infrastructure, are all technologies that we often use at Fluid Attacks. We are dabbling in artificial intelligence in a cybersecurity approach for vulnerabilities classification, and we already asserts the vulnerabilities closures on our customers' pipelines (CI/CD) with our continuous hacking service. We are aware of the potential of some of these techniques, not only for cybersecurity and overall hardening but also for development and operations. In the near future, we hope to implement some of these in our products.